joker | 38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0

Analysis

max time kernel
117s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 01:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe
Size

668KB
MD5

5df6381a3558d1566a86d05e9e576fb0
SHA1

494138abc7678d541943af13a1ce1316fb3c344a
SHA256

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0
SHA512

d647aac6668e1ac0988ccd5924f6fba325decb9bc753c6508ed8d428c3a47e73f374d4aa04dfa8ce1947673ac584bdb4bf1cc0ae98ad2a53597a745bec116894
SSDEEP

12288:t3L5SdSM6sXkviIaNINeBzYasamEIOno+rK+4w7vv:t18L+iIaON+Ya3zsu3

Score

10^/10

joker infostealer trojan

Malware Config

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\IESettingSync	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
804	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
804	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe
804	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

C:\Users\Admin\AppData\Local\Temp\38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe
"C:\Users\Admin\AppData\Local\Temp\38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:804

Network

DNS

wz1949.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

wz1949.com

IN A

Response

wz1949.com

IN A

185.219.21.134
GET

http://wz1949.com/show_ad6.html

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

185.219.21.134:80

Request

GET /show_ad6.html HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: wz1949.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 03 Oct 2022 06:59:46 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.wz1949.com/show_ad6.html
GET

http://www.wz1949.com/show_ad6.html

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

185.219.21.134:80

Request

GET /show_ad6.html HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: www.wz1949.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:47 GMT
Content-Type: text/html
Content-Length: 803
Connection: keep-alive
GET

http://www.wz1949.com/common.js

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

185.219.21.134:80

Request

GET /common.js HTTP/1.1
Accept: */*
Referer: http://www.wz1949.com/show_ad6.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.wz1949.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:47 GMT
Content-Type: application/x-javascript
Content-Length: 887
Connection: keep-alive
GET

http://www.wz1949.com/tj.js

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

185.219.21.134:80

Request

GET /tj.js HTTP/1.1
Accept: */*
Referer: http://www.wz1949.com/show_ad6.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.wz1949.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:48 GMT
Content-Type: application/x-javascript
Content-Length: 0
Connection: keep-alive
DNS

push.zhanzhang.baidu.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

push.zhanzhang.baidu.com

IN A

Response

push.zhanzhang.baidu.com

IN CNAME

share.jomodns.com

share.jomodns.com

IN CNAME

share.n.shifen.com

share.n.shifen.com

IN A

39.156.68.163

share.n.shifen.com

IN A

112.34.113.148

share.n.shifen.com

IN A

180.101.212.103

share.n.shifen.com

IN A

182.61.201.93

share.n.shifen.com

IN A

182.61.201.94

share.n.shifen.com

IN A

182.61.240.101
DNS

qsghk33.xyz

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

qsghk33.xyz

IN A

Response

qsghk33.xyz

IN A

166.88.72.8
GET

http://qsghk33.xyz/179-2.html?

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

166.88.72.8:80

Request

GET /179-2.html? HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://www.wz1949.com/show_ad6.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: qsghk33.xyz
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:53 GMT
Content-Type: text/html
Content-Length: 932
Last-Modified: Thu, 25 Aug 2022 22:31:22 GMT
Connection: keep-alive
ETag: "6307f83a-3a4"
Accept-Ranges: bytes
DNS

hm.baidu.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

hm.baidu.com

IN A

Response

hm.baidu.com

IN CNAME

hm.e.shifen.com

hm.e.shifen.com

IN A

103.235.46.191
GET

http://push.zhanzhang.baidu.com/push.js

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

39.156.68.163:80

Request

GET /push.js HTTP/1.1
Accept: */*
Referer: http://www.wz1949.com/show_ad6.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: push.zhanzhang.baidu.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Mon, 03 Oct 2022 06:59:53 GMT
Etag: "4078521116"
Expires: Tue, 03 Oct 2023 06:59:53 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=27CCA49D2779C587A68C599928537ACE:FG=1; max-age=31536000; expires=Tue, 03-Oct-23 06:59:53 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
GET

https://hm.baidu.com/hm.js?46c1f4a6462097598d7586b89f9ee561

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

103.235.46.191:443

Request

GET /hm.js?46c1f4a6462097598d7586b89f9ee561 HTTP/1.1
Accept: */*
Referer: http://qsghk33.xyz/179-2.html?
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: hm.baidu.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11341
Content-Type: application/javascript
Date: Mon, 03 Oct 2022 06:59:54 GMT
Etag: 22f5edff40eb3da75eb467a30d389fc8
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=98E22F62DDEDF835; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
DNS

api.share.baidu.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

api.share.baidu.com

IN A

Response

api.share.baidu.com

IN CNAME

api.share.n.shifen.com

api.share.n.shifen.com

IN A

39.156.68.163

api.share.n.shifen.com

IN A

112.34.113.148

api.share.n.shifen.com

IN A

180.101.212.103

api.share.n.shifen.com

IN A

182.61.201.93

api.share.n.shifen.com

IN A

182.61.201.94

api.share.n.shifen.com

IN A

182.61.240.101
GET

http://api.share.baidu.com/s.gif?l=http://www.wz1949.com/show_ad6.html

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

39.156.68.163:80

Request

GET /s.gif?l=http://www.wz1949.com/show_ad6.html HTTP/1.1
Accept: */*
Referer: http://www.wz1949.com/show_ad6.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: api.share.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=27CCA49D2779C587A68C599928537ACE:FG=1

Response

HTTP/1.1 200 OK

Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Mon, 03 Oct 2022 06:59:55 GMT
GET

http://166.88.72.36:19606/

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

166.88.72.36:19606

Request

GET / HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://qsghk33.xyz/179-2.html?
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 166.88.72.36:19606
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:55 GMT
Content-Type: text/html
Content-Length: 275
Last-Modified: Thu, 29 Sep 2022 12:48:43 GMT
Connection: keep-alive
ETag: "6335942b-113"
Accept-Ranges: bytes
DNS

mu84gua.xyz

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

mu84gua.xyz

IN A

Response

mu84gua.xyz

IN A

166.88.72.31
GET

https://mu84gua.xyz:18769/

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

166.88.72.31:18769

Request

GET / HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: mu84gua.xyz:18769
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:56 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
GET

https://mu84gua.xyz:18769/template/avH5/css/index.css

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

166.88.72.31:18769

Request

GET /template/avH5/css/index.css HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: mu84gua.xyz:18769
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:56 GMT
Content-Type: text/css
Last-Modified: Sun, 26 Apr 2020 06:39:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5ea52ca6-41bc"
Expires: Mon, 03 Oct 2022 18:59:56 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
GET

https://mu84gua.xyz:18769/static/js/jquery.js

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

166.88.72.31:18769

Request

GET /static/js/jquery.js HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: mu84gua.xyz:18769
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: application/javascript
Last-Modified: Mon, 28 Mar 2022 14:41:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6241c8fc-169d5"
Expires: Mon, 03 Oct 2022 18:59:57 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
GET

https://mu84gua.xyz:18769/template/avH5/css/1.css

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

166.88.72.31:18769

Request

GET /template/avH5/css/1.css HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: mu84gua.xyz:18769
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: text/css
Content-Length: 295
Last-Modified: Thu, 10 May 2018 16:40:50 GMT
Connection: keep-alive
ETag: "5af47612-127"
Expires: Mon, 03 Oct 2022 18:59:57 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
GET

https://mu84gua.xyz:18769/static/js/jquery.autocomplete.js

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

166.88.72.31:18769

Request

GET /static/js/jquery.autocomplete.js HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: mu84gua.xyz:18769
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: application/javascript
Last-Modified: Mon, 28 Mar 2022 14:41:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6241c8fc-6215"
Expires: Mon, 03 Oct 2022 18:59:57 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
GET

https://mu84gua.xyz:18769/template/avH5/images/logo.jpg

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

166.88.72.31:18769

Request

GET /template/avH5/images/logo.jpg HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: mu84gua.xyz:18769
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: image/jpeg
Content-Length: 5609
Last-Modified: Mon, 29 Oct 2018 08:10:54 GMT
Connection: keep-alive
ETag: "5bd6c08e-15e9"
Expires: Wed, 02 Nov 2022 06:59:57 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
GET

https://mu84gua.xyz:18769/template/avH5/css/home.css

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

166.88.72.31:18769

Request

GET /template/avH5/css/home.css HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: mu84gua.xyz:18769
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: text/css
Last-Modified: Sun, 18 Jun 2017 10:28:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"594655e4-2ad9"
Expires: Mon, 03 Oct 2022 18:59:57 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
GET

https://mu84gua.xyz:18769/static/js/jquery.lazyload.js

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

166.88.72.31:18769

Request

GET /static/js/jquery.lazyload.js HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: mu84gua.xyz:18769
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: application/javascript
Last-Modified: Mon, 28 Mar 2022 14:41:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6241c8fc-8b8"
Expires: Mon, 03 Oct 2022 18:59:57 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
GET

https://mu84gua.xyz:18769/static/js/home.js

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

166.88.72.31:18769

Request

GET /static/js/home.js HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: mu84gua.xyz:18769
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: application/javascript
Last-Modified: Tue, 24 Aug 2021 06:28:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"61249190-95a5"
Expires: Mon, 03 Oct 2022 18:59:57 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
GET

http://23.226.62.196/%E5%9B%BE%E7%89%871.png

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

23.226.62.196:80

Request

GET /%E5%9B%BE%E7%89%871.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 23.226.62.196
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: image/png
Content-Length: 27691
Last-Modified: Tue, 27 Sep 2022 09:30:36 GMT
Connection: keep-alive
ETag: "6332c2bc-6c2b"
Expires: Wed, 02 Nov 2022 06:59:57 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
DNS

vbutjg.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

vbutjg.com

IN A

Response

vbutjg.com

IN CNAME

yd11_02-aq-01.cdn-ng.net

yd11_02-aq-01.cdn-ng.net

IN A

45.61.212.162

yd11_02-aq-01.cdn-ng.net

IN A

103.170.15.52

yd11_02-aq-01.cdn-ng.net

IN A

103.170.15.67

yd11_02-aq-01.cdn-ng.net

IN A

103.189.108.98

yd11_02-aq-01.cdn-ng.net

IN A

45.61.212.131
DNS

23539355.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

23539355.com

IN A

Response

23539355.com

IN CNAME

npyb5v4t-u.funnull01.vip

npyb5v4t-u.funnull01.vip

IN CNAME

35rnbma7.n.funnull31.com

35rnbma7.n.funnull31.com

IN A

20.239.186.41

35rnbma7.n.funnull31.com

IN A

20.239.186.133

35rnbma7.n.funnull31.com

IN A

23.101.2.94

35rnbma7.n.funnull31.com

IN A

23.101.2.170

35rnbma7.n.funnull31.com

IN A

20.239.174.73

35rnbma7.n.funnull31.com

IN A

20.239.174.74

35rnbma7.n.funnull31.com

IN A

20.239.174.75

35rnbma7.n.funnull31.com

IN A

20.239.174.148

35rnbma7.n.funnull31.com

IN A

20.239.174.248

35rnbma7.n.funnull31.com

IN A

20.239.174.249

35rnbma7.n.funnull31.com

IN A

20.239.174.250

35rnbma7.n.funnull31.com

IN A

20.239.174.251

35rnbma7.n.funnull31.com

IN A

20.239.175.72

35rnbma7.n.funnull31.com

IN A

20.239.175.73

35rnbma7.n.funnull31.com

IN A

20.239.175.74

35rnbma7.n.funnull31.com

IN A

20.239.175.75

35rnbma7.n.funnull31.com

IN A

20.239.175.140

35rnbma7.n.funnull31.com

IN A

20.239.175.141

35rnbma7.n.funnull31.com

IN A

20.239.175.142

35rnbma7.n.funnull31.com

IN A

20.239.175.143
GET

https://vbutjg.com/e536c5a47f8b48edba0132f508c602da.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

45.61.212.162:443

Request

GET /e536c5a47f8b48edba0132f508c602da.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: vbutjg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cache-Control: max-age=86400
ETag: "63243d4d-3f4d0"
Server: nginx
Date: Sun, 02 Oct 2022 07:37:17 GMT
Content-Type: image/gif
Last-Modified: Fri, 16 Sep 2022 09:09:33 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us5-cdnb-02
Content-Length: 259280
DNS

vkhhjp.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

vkhhjp.com

IN A

Response

vkhhjp.com

IN CNAME

yd11_02-aq-01.cdn-ng.net

yd11_02-aq-01.cdn-ng.net

IN A

45.61.212.162

yd11_02-aq-01.cdn-ng.net

IN A

103.170.15.54

yd11_02-aq-01.cdn-ng.net

IN A

103.170.15.68

yd11_02-aq-01.cdn-ng.net

IN A

103.189.108.96

yd11_02-aq-01.cdn-ng.net

IN A

45.61.212.131
DNS

u0081.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

u0081.com

IN A

Response

u0081.com

IN CNAME

npyb5v4t-u.funnull01.vip

npyb5v4t-u.funnull01.vip

IN CNAME

35rnbma7.n.funnull31.com

35rnbma7.n.funnull31.com

IN A

20.239.186.133

35rnbma7.n.funnull31.com

IN A

23.101.2.94

35rnbma7.n.funnull31.com

IN A

23.101.2.170

35rnbma7.n.funnull31.com

IN A

20.239.174.73

35rnbma7.n.funnull31.com

IN A

20.239.174.74

35rnbma7.n.funnull31.com

IN A

20.239.174.75

35rnbma7.n.funnull31.com

IN A

20.239.174.148

35rnbma7.n.funnull31.com

IN A

20.239.174.248

35rnbma7.n.funnull31.com

IN A

20.239.174.249

35rnbma7.n.funnull31.com

IN A

20.239.174.250

35rnbma7.n.funnull31.com

IN A

20.239.174.251

35rnbma7.n.funnull31.com

IN A

20.239.175.72

35rnbma7.n.funnull31.com

IN A

20.239.175.73

35rnbma7.n.funnull31.com

IN A

20.239.175.74

35rnbma7.n.funnull31.com

IN A

20.239.175.75

35rnbma7.n.funnull31.com

IN A

20.239.175.140

35rnbma7.n.funnull31.com

IN A

20.239.175.141

35rnbma7.n.funnull31.com

IN A

20.239.175.142

35rnbma7.n.funnull31.com

IN A

20.239.175.143

35rnbma7.n.funnull31.com

IN A

20.239.186.41
GET

https://vkhhjp.com/58a254741ab84448b9cce30b7c2dd94c.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

45.61.212.162:443

Request

GET /58a254741ab84448b9cce30b7c2dd94c.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: vkhhjp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cache-Control: max-age=86400
ETag: "630a0914-3d745"
Server: nginx
Date: Sun, 02 Oct 2022 11:16:17 GMT
Content-Type: image/gif
Last-Modified: Sat, 27 Aug 2022 12:07:48 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us5-cdnb-02
Content-Length: 251717
DNS

img30.360buyimg.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

img30.360buyimg.com

IN A

Response

img30.360buyimg.com

IN CNAME

img30.360buyimg.com.gslb.qianxun.com

img30.360buyimg.com.gslb.qianxun.com

IN CNAME

jd-abroad.cdn20.com

jd-abroad.cdn20.com

IN A

163.171.147.15

jd-abroad.cdn20.com

IN A

163.171.129.134

jd-abroad.cdn20.com

IN A

163.171.143.15

jd-abroad.cdn20.com

IN A

163.171.130.131

jd-abroad.cdn20.com

IN A

163.171.130.132
DNS

cdn-xinghuatupian-cdn.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

cdn-xinghuatupian-cdn.com

IN A

Response

cdn-xinghuatupian-cdn.com

IN A

154.197.15.166

cdn-xinghuatupian-cdn.com

IN A

154.197.15.163

cdn-xinghuatupian-cdn.com

IN A

45.207.36.121

cdn-xinghuatupian-cdn.com

IN A

45.207.36.125

cdn-xinghuatupian-cdn.com

IN A

45.207.36.130
DNS

yaoji666.oss-cn-hongkong.aliyuncs.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

yaoji666.oss-cn-hongkong.aliyuncs.com

IN A

Response

yaoji666.oss-cn-hongkong.aliyuncs.com

IN A

47.75.19.62
DNS

89958716765.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

89958716765.com

IN A

Response

89958716765.com

IN CNAME

yd11_13-site-02.cdn-ng.net

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.90

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.95

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.100

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.60

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.118

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.123

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.130

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.220

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.225

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.230

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.75

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.79

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.84
GET

https://cdn-xinghuatupian-cdn.com/xh/640-120.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

154.197.15.166:443

Request

GET /xh/640-120.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: cdn-xinghuatupian-cdn.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: image/gif
Content-Length: 219165
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 07:13:01 GMT
ETag: "632d5c7d-3581d"
Expires: Tue, 01 Nov 2022 10:32:46 GMT
Cache-Control: max-age=2592000
Server: cdn-ddos-cc
X-Cache-Status: HIT
Accept-Ranges: bytes
GET

https://u0081.com/b3d72dbdd8904557bbc89c54b30b5d97.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

20.239.186.133:443

Request

GET /b3d72dbdd8904557bbc89c54b30b5d97.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: u0081.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 30 Sep 2022 08:14:15 GMT
ETag: W/"6336a557-39cbe"
Server: WAF/2.4-12.1
X-Cache-Status: HIT
Content-Encoding: gzip
DNS

65688qp.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

65688qp.com

IN A

Response

65688qp.com

IN CNAME

wtp3.77889978.com

wtp3.77889978.com

IN A

154.83.27.196
DNS

kvezz.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

kvezz.com

IN A

Response

kvezz.com

IN A

45.154.215.92
DNS

kzecc.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

kzecc.com

IN A

Response

kzecc.com

IN A

104.143.94.110
DNS

kzeaa.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

kzeaa.com

IN A

Response

kzeaa.com

IN A

66.150.130.123
DNS

86827156167.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

86827156167.com

IN A

Response

86827156167.com

IN CNAME

yd11_13-site-02.cdn-ng.net

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.110

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.115

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.47

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.52

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.60

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.118

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.75

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.79

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.84

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.90

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.95

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.100

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.105
DNS

9191919191.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

9191919191.com

IN A

Response

9191919191.com

IN A

137.175.12.178
DNS

img.x937.xyz

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

img.x937.xyz

IN A

Response

img.x937.xyz

IN CNAME

dns.imgapp.top

dns.imgapp.top

IN A

23.225.222.18

dns.imgapp.top

IN A

23.225.228.34

dns.imgapp.top

IN A

38.47.102.246

dns.imgapp.top

IN A

23.225.228.58

dns.imgapp.top

IN A

23.225.222.2

dns.imgapp.top

IN A

38.47.102.248
DNS

75625358935.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

75625358935.com

IN A

Response

75625358935.com

IN CNAME

yd11_13-site-02.cdn-ng.net

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.75

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.79

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.84

yd11_13-site-02.cdn-ng.net

IN A

103.170.15.115

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.47

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.52

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.60

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.118

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.123

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.130

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.220

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.225

yd11_13-site-02.cdn-ng.net

IN A

45.61.212.230
DNS

img.x973.xyz

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

img.x973.xyz

IN A

Response

img.x973.xyz

IN CNAME

dns.imgapp.top

dns.imgapp.top

IN A

23.225.222.18

dns.imgapp.top

IN A

23.225.222.2

dns.imgapp.top

IN A

23.225.228.34

dns.imgapp.top

IN A

38.47.102.248

dns.imgapp.top

IN A

23.225.228.58

dns.imgapp.top

IN A

38.47.102.246
DNS

38qptu4.oss-cn-hangzhou.aliyuncs.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

38qptu4.oss-cn-hangzhou.aliyuncs.com

IN A

Response

38qptu4.oss-cn-hangzhou.aliyuncs.com

IN A

47.110.177.110
DNS

p.qlogo.cn

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

p.qlogo.cn

IN A

Response

p.qlogo.cn

IN CNAME

p.qpic.cn

p.qpic.cn

IN A

43.154.254.32

p.qpic.cn

IN A

43.129.255.47
GET

https://75625358935.com/43f0889bc4f745ee874abf0a180520e7.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

103.170.15.75:443

Request

GET /43f0889bc4f745ee874abf0a180520e7.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 75625358935.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cache-Control: max-age=604800
ETag: "62fce772-8d5ca"
Date: Thu, 29 Sep 2022 01:48:02 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Wed, 17 Aug 2022 13:04:50 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-05
Content-Length: 579018
DNS

ads-6686.top

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

ads-6686.top

IN A

Response

ads-6686.top

IN A

118.107.10.31
DNS

images.kdhflr.cn

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

images.kdhflr.cn

IN A

Response

images.kdhflr.cn

IN CNAME

dy.zipposadfadsal.com

dy.zipposadfadsal.com

IN CNAME

gtm-cn-7mz2tksm10k.gtm-a2b4.com

gtm-cn-7mz2tksm10k.gtm-a2b4.com

IN A

23.224.92.206
GET

http://ads-6686.top/960-60.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

118.107.10.31:80

Request

GET /960-60.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: ads-6686.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Last-Modified: Tue, 20 Sep 2022 12:28:46 GMT
Accept-Ranges: bytes
ETag: "fed63387ecccd81:0"
Server: Microsoft-IIS/10.0
Date: Mon, 03 Oct 2022 06:59:56 GMT
Content-Length: 179135
GET

https://img.x937.xyz/images/6318b4f81ff087ee5017a443.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

23.225.222.18:443

Request

GET /images/6318b4f81ff087ee5017a443.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: img.x937.xyz
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Transfer-Encoding: chunked
Connection: keep-alive
Referrer-Policy: no-referrer
Location: https://p3.douyinpic.com/obj/tos-cn-i-dy/328c2a5c1865460fb45a561361715735
Cache-Control: max-age=3600
GET

https://23539355.com/4c09012d57f0416ebd711c9190489ae9.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

20.239.186.41:443

Request

GET /4c09012d57f0416ebd711c9190489ae9.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 23539355.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 01 Aug 2022 09:41:29 GMT
ETag: W/"62e79fc9-6cad4"
Server: WAF/2.4-12.1
X-Cache-Status: HIT
Content-Encoding: gzip
GET

https://38qptu4.oss-cn-hangzhou.aliyuncs.com/kyr87633.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

47.110.177.110:443

Request

GET /kyr87633.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 38qptu4.oss-cn-hangzhou.aliyuncs.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: AliyunOSS
Date: Mon, 03 Oct 2022 06:59:58 GMT
Content-Type: image/gif
Content-Length: 299398
Connection: keep-alive
x-oss-request-id: 633A886E2E5F22333478BE3C
Accept-Ranges: bytes
ETag: "F4B7967855549E81F65598B93A43D9DB"
Last-Modified: Sun, 05 Jun 2022 13:03:04 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8810428828543929982
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: 9LeWeFVUnoH2VZi5OkPZ2w==
x-oss-server-time: 1
GET

https://img.x973.xyz/images/631db985e058e84d7c442b2d.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

23.225.222.18:443

Request

GET /images/631db985e058e84d7c442b2d.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: img.x973.xyz
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Transfer-Encoding: chunked
Connection: keep-alive
Referrer-Policy: no-referrer
Location: https://p3.douyinpic.com/obj/tos-cn-i-dy/6d1763c30f3046fd96accfad4022b8e5
Cache-Control: max-age=3600
GET

https://yaoji666.oss-cn-hongkong.aliyuncs.com/gg/960X120.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

47.75.19.62:443

Request

GET /gg/960X120.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: yaoji666.oss-cn-hongkong.aliyuncs.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: AliyunOSS
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: image/gif
Content-Length: 212323
Connection: keep-alive
x-oss-request-id: 633A886D1F8563363477D1F5
Accept-Ranges: bytes
ETag: "1E7356E466A72B7C5D137501DA414A9E"
Last-Modified: Sat, 17 Sep 2022 09:20:48 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 14666006998441618956
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
Content-MD5: HnNW5GanK3xdE3UB2kFKng==
x-oss-server-time: 1
GET

https://65688qp.com/tp/93960.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

154.83.27.196:443

Request

GET /tp/93960.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 65688qp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: image/gif
Content-Length: 323533
Connection: keep-alive
Last-Modified: Mon, 04 Apr 2022 07:12:13 GMT
ETag: "624a9a4d-4efcd"
Expires: Thu, 20 Oct 2022 07:31:27 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Via: 154.83.27.194
CDN-Cache: HIT
Accept-Ranges: bytes
GET

https://p.qlogo.cn/hy_personal/3e28f14aa05168424fa80afa512d47670c98e6ee97c11a60ad0f9c35a38b4b7f/0.png

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

43.154.254.32:443

Request

GET /hy_personal/3e28f14aa05168424fa80afa512d47670c98e6ee97c11a60ad0f9c35a38b4b7f/0.png HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: p.qlogo.cn
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: NWSs
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: image/gif
Content-Length: 988610
Connection: keep-alive
Vary: Accept,Origin
Last-Modified: Mon, 18 Jul 2022 15:22:35 GMT
Cache-Control: max-age=2592000
X-Delay: 84038 us
X-Info: real data
X-BCheck: 0_1
X-Cpt: filename=0
User-ReturnCode: 0
X-DataSrc: 2
X-ReqGue: 0
Size: 988610
chid: 0
fid: 0
X-NWS-LOG-UUID: 7101ca9a-6e18-4551-9d53-bb3fcb6fee3b
GET

https://img30.360buyimg.com/popXue/jfs/t1/167683/19/29526/254728/6311ad14E2506851c/6e267de7f5bce47e.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

163.171.147.15:443

Request

GET /popXue/jfs/t1/167683/19/29526/254728/6311ad14E2506851c/6e267de7f5bce47e.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: img30.360buyimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: image/gif
Content-Length: 254728
Connection: keep-alive
Expires: Mon, 30 Aug 2032 11:06:42 GMT
Server: nginx
Cache-Control: max-age=315360000
Last-Modified: Fri, 02 Sep 2022 07:13:24 GMT
Via: http/1.1 ORI-CLOUD-ZJ-MIX-190 (jcs [cMsSfW]), http/1.1 ZHJ-CT-6-MIX-29 (jcs [cMsSfW])
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Trace: 200-1662103441208-0-0-1-9-9;200;200-1662103441192-0-0-0-116-116;200-1662103441182-0-0-1-214-214
Age: 1
X-Via: 1.1 dianxun143:7 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1hb199:5 (Cdn Cache Server V2.0), 1.1 PS-VIE-01aIr81:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 633a886d_PS-VIE-01Lw182_10263-40081
GET

http://9191919191.com//960x60-2.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

137.175.12.178:80

Request

GET //960x60-2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 9191919191.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 03 Oct 2022 07:01:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://9191919191.com/960x60-2.gif
Strict-Transport-Security: max-age=31536000
GET

https://kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

45.154.215.92:443

Request

GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: kvezz.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://acoossu.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
Strict-Transport-Security: max-age=31536000
GET

https://kzecc.com/8fdce7479dd03f1ee73805e8d2e9bab8.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

104.143.94.110:443

Request

GET /8fdce7479dd03f1ee73805e8d2e9bab8.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: kzecc.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 03 Oct 2022 06:59:57 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://kvhbbb.top/8fdce7479dd03f1ee73805e8d2e9bab8.gif
Strict-Transport-Security: max-age=31536000
GET

https://kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

66.150.130.123:443

Request

GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: kzeaa.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 03 Oct 2022 06:59:58 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gif
Strict-Transport-Security: max-age=31536000
GET

https://images.kdhflr.cn/uploads/2022/09/12/631f3053e33ba.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

23.224.92.206:443

Request

GET /uploads/2022/09/12/631f3053e33ba.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: images.kdhflr.cn
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 03 Oct 2022 06:59:58 GMT
Content-Type: image/gif
Content-Length: 133522
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 13:12:51 GMT
ETag: "631f3053-20992"
Expires: Wed, 02 Nov 2022 06:39:00 GMT
Cache-Control: max-age=2592000
Server: cdn-ddos-cc
X-Cache-Status: HIT
Accept-Ranges: bytes
GET

https://9191919191.com/960x60-2.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

137.175.12.178:443

Request

GET /960x60-2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: 9191919191.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 03 Oct 2022 07:01:33 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Wed, 02 Nov 2022 07:01:33 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
GET

https://89958716765.com/9e224d02837045299d7206d31ca24c8b.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

103.170.15.90:443

Request

GET /9e224d02837045299d7206d31ca24c8b.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 89958716765.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cache-Control: max-age=604800
ETag: "62ee2787-86f72"
Date: Wed, 28 Sep 2022 10:01:18 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Sat, 06 Aug 2022 08:34:15 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-20
Content-Length: 552818
GET

https://86827156167.com/ca86f9b2c851476283a501c3a59834e7.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

103.170.15.110:443

Request

GET /ca86f9b2c851476283a501c3a59834e7.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 86827156167.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cache-Control: max-age=604800
ETag: "63203441-2316d"
Date: Wed, 28 Sep 2022 18:11:27 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Tue, 13 Sep 2022 07:41:53 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-40
Content-Length: 143725
DNS

acoossu.top

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

acoossu.top

IN A

Response

acoossu.top

IN A

104.21.33.223

acoossu.top

IN A

172.67.151.21
DNS

p3.douyinpic.com

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

p3.douyinpic.com

IN A

Response

p3.douyinpic.com

IN CNAME

p3.douyinpic.com.w.cdngslb.com

p3.douyinpic.com.w.cdngslb.com

IN A

47.246.48.230

p3.douyinpic.com.w.cdngslb.com

IN A

47.246.48.224

p3.douyinpic.com.w.cdngslb.com

IN A

47.246.48.225

p3.douyinpic.com.w.cdngslb.com

IN A

47.246.48.231

p3.douyinpic.com.w.cdngslb.com

IN A

47.246.48.228

p3.douyinpic.com.w.cdngslb.com

IN A

47.246.48.227

p3.douyinpic.com.w.cdngslb.com

IN A

47.246.48.229

p3.douyinpic.com.w.cdngslb.com

IN A

47.246.48.226
GET

https://acoossu.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

104.21.33.223:443

Request

GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: acoossu.top

Response

HTTP/1.1 200 OK

Date: Mon, 03 Oct 2022 06:59:58 GMT
Content-Type: image/gif
Content-Length: 400264
Connection: keep-alive
Last-Modified: Mon, 02 May 2022 19:22:39 GMT
ETag: "62702f7f-61b88"
Expires: Fri, 28 Oct 2022 12:43:14 GMT
Cache-Control: max-age=31536000
CF-Cache-Status: HIT
Age: 411404
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F2iJxIQ11BsUeP3R1mxruW9OUNJLfvKufXCI5Uxq7ZSssSlZaX0%2FaoQxdqv4yY8tEDpLJrgpolIiIBDVQlN8kYIeH0YDfS3ha%2FgjCtlKwKhdxcVzz1ElEKtmeBcTMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7543cc4f8ea2b8c0-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://p3.douyinpic.com/obj/tos-cn-i-dy/328c2a5c1865460fb45a561361715735

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

47.246.48.230:443

Request

GET /obj/tos-cn-i-dy/328c2a5c1865460fb45a561361715735 HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: p3.douyinpic.com

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: image/gif
Content-Length: 824465
Connection: keep-alive
Date: Sat, 01 Oct 2022 13:35:34 GMT
Cache-Control: max-age=31536000
Imagex-Fmt: gif2gif
Last-Modified: Sat, 01 Oct 2022 12:45:42 GMT
Nw-Session-Id: 20221001204542010135160015015C2A6178c8g01dy
Nw-Session-Trace: 2022-10-01T20:45:42.225202094+08:00 25
X-Bdcdn-Cache-Status: TCP_HIT
X-Length: 824465
X-Powered-By: ImageX
X-Response-Date: Sat, 01 Oct 2022 20:45:42 GMT
X-Tt-Logid: 20221001204542010135160015015C2A61
via: n150-054-034, cache11.l2de2[0,0,206-0,H], cache20.l2de2[1,0], cache20.l2de2[2,0], cache7.nl2[0,14,200-0,H], cache7.nl2[16,0]
x-request-ip: fdbd:dc02:22:88::209
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 154.61.71.51
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=16
x-tt-trace-host: 01e0e594c786ce88104ab6f25fa67b6558201f55f14e58212d913a68a8fe6d5a2309dc15be969758e1f8dcc33bb77c31a1a32525d06d638bb27c8b77be59a903750cda2d48173f9fb50ba1751441bda8f93a45e00f5248aaa2589a0a62324fe94d
X-Response-LB: image
Ali-Swift-Global-Savetime: 1664631334
Age: 149064
X-Cache: HIT TCP_HIT dirn:2:129047324 mlen:0
X-Swift-SaveTime: Sun, 02 Oct 2022 21:03:24 GMT
X-Swift-CacheTime: 31422730
Timing-Allow-Origin: *, *
Access-Control-Allow-Origin: *
EagleId: 2ff6309b16647803980595625e
GET

https://p3.douyinpic.com/obj/tos-cn-i-dy/6d1763c30f3046fd96accfad4022b8e5

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

47.246.48.230:443

Request

GET /obj/tos-cn-i-dy/6d1763c30f3046fd96accfad4022b8e5 HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: p3.douyinpic.com

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: image/gif
Content-Length: 665540
Connection: keep-alive
Date: Sun, 02 Oct 2022 20:10:26 GMT
Cache-Control: max-age=31536000
Imagex-Fmt: gif2gif
Last-Modified: Sun, 02 Oct 2022 20:10:26 GMT
Nw-Session-Id: 202210030410260102100541410EE3E76C8xpng03dy
Nw-Session-Trace: 2022-10-03T04:10:26.346312878+08:00 39
X-Bdcdn-Cache-Status: TCP_MISS
X-Length: 665540
X-Powered-By: ImageX
X-Response-Date: Mon, 03 Oct 2022 04:10:26 GMT
X-Tt-Logid: 202210030410260102100541410EE3E76C
via: n204-100-084, cache12.l2de2[0,0,206-0,H], cache2.l2de2[1,0], cache2.l2de2[1,0], cache7.nl2[0,13,200-0,H], cache5.nl2[14,0]
x-request-ip: fdbd:dc01:27:155::141
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 154.61.71.51
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=14
x-tt-trace-host: 01a8ec0d97e3f08aefc9b6ecda84458ae21f22d72d0db6d409a56ade987ee04921806b34c213cabb9f9aeb2f41f90fd19739f29eb9d6a7a8b8c29dcb4e5a9546c26e915f641b2fa1d395e443946fb9c3bf1746be3d0123a8b20364426dd489f90f
X-Response-LB: image
Ali-Swift-Global-Savetime: 1664741426
Age: 38972
X-Cache: HIT TCP_HIT dirn:11:401775710 mlen:0
X-Swift-SaveTime: Mon, 03 Oct 2022 05:55:20 GMT
X-Swift-CacheTime: 31500906
Timing-Allow-Origin: *, *
Access-Control-Allow-Origin: *
EagleId: 2ff6309916647803980604997e
DNS

kvhbbb.top

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

kvhbbb.top

IN A

Response

kvhbbb.top

IN A

104.21.234.66

kvhbbb.top

IN A

104.21.234.67
GET

https://kvhbbb.top/8fdce7479dd03f1ee73805e8d2e9bab8.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

104.21.234.66:443

Request

GET /8fdce7479dd03f1ee73805e8d2e9bab8.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: kvhbbb.top

Response

HTTP/1.1 200 OK

Date: Mon, 03 Oct 2022 06:59:58 GMT
Content-Type: image/gif
Content-Length: 864004
Connection: keep-alive
Last-Modified: Sun, 04 Sep 2022 09:11:53 GMT
ETag: "63146bd9-d2f04"
Expires: Wed, 02 Nov 2022 06:28:43 GMT
Cache-Control: max-age=31536000
CF-Cache-Status: HIT
Age: 1875
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dEDGSw6whbg8GweH8nEiqrEvYAsXdHxBRz9rHOEka5Gb0VZE%2FwpICJQxO%2BjR3jusg4AcVA2iFZA9NLwv9tmUvgwygURIOs9y%2Brii8CLxQx7QQJeDyEtbpJc8%2BfS0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7543cc51bd79415a-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
DNS

acoossi.top

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

acoossi.top

IN A

Response

acoossi.top

IN A

104.21.234.201

acoossi.top

IN A

104.21.234.200
GET

https://acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gif

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

104.21.234.201:443

Request

GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/1.1
Accept: */*
Referer: https://mu84gua.xyz:18769/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: acoossi.top

Response

HTTP/1.1 200 OK

Date: Mon, 03 Oct 2022 06:59:59 GMT
Content-Type: image/gif
Content-Length: 1024160
Connection: keep-alive
Last-Modified: Wed, 25 May 2022 13:49:10 GMT
ETag: "628e33d6-fa0a0"
Expires: Mon, 31 Oct 2022 10:25:58 GMT
Cache-Control: max-age=31536000
CF-Cache-Status: HIT
Age: 160441
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FYOhtdWheSa38iSr4OeFSEMd1OL9oPlKNNcPFZ5LeH9l5ijtGrDxl72NB6AIUGnol7dXCSZPyQUveR%2FixkfKbgHm09QkGkmanOf4PwQ7hABTO9b%2BbPSbYPFTHXgoBA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7543cc568f02b950-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
DNS

x2.c.lencr.org

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

x2.c.lencr.org

IN A

Response

x2.c.lencr.org

IN CNAME

crl.root-x1.letsencrypt.org.edgekey.net

crl.root-x1.letsencrypt.org.edgekey.net

IN CNAME

e8652.dscx.akamaiedge.net

e8652.dscx.akamaiedge.net

IN A

23.2.164.159
GET

http://x2.c.lencr.org/

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

23.2.164.159:80

Request

GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: x2.c.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/pkix-crl
Last-Modified: Mon, 13 Jun 2022 17:00:00 GMT
ETag: "62a76d10-12c"
Cache-Control: max-age=3600
Expires: Mon, 03 Oct 2022 07:59:59 GMT
Date: Mon, 03 Oct 2022 06:59:59 GMT
Content-Length: 300
Connection: keep-alive
DNS

e1.o.lencr.org

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

8.8.8.8:53

Request

e1.o.lencr.org

IN A

Response

e1.o.lencr.org

IN CNAME

o.lencr.edgesuite.net

o.lencr.edgesuite.net

IN CNAME

a1887.dscq.akamai.net

a1887.dscq.akamai.net

IN A

96.16.53.142

a1887.dscq.akamai.net

IN A

96.16.53.165
GET

http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgNG5mnJuLCHwPqOL6VmOjnlNg%3D%3D

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Remote address:

96.16.53.142:80

Request

GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgNG5mnJuLCHwPqOL6VmOjnlNg%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: e1.o.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "FE2425AE5E29917F5E4960B4E73BEC2C922B21EECC17AB478D1B374E616811C9"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10678
Expires: Mon, 03 Oct 2022 09:57:57 GMT
Date: Mon, 03 Oct 2022 06:59:59 GMT
Connection: keep-alive

2.18.109.224:443

322 B
7
20.50.80.209:443

322 B
7
209.197.3.8:80

322 B
7
209.197.3.8:80

322 B
7
209.197.3.8:80

322 B
7
185.219.21.134:80

http://wz1949.com/show_ad6.html

http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

490 B
293 B
4
2

HTTP Request

GET http://wz1949.com/show_ad6.html

HTTP Response

301
185.219.21.134:80

http://www.wz1949.com/common.js

http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

932 B
2.1kB
6
3

HTTP Request

GET http://www.wz1949.com/show_ad6.html

HTTP Response

200

HTTP Request

GET http://www.wz1949.com/common.js

HTTP Response

200
185.219.21.134:80

http://www.wz1949.com/tj.js

http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

532 B
246 B
4
2

HTTP Request

GET http://www.wz1949.com/tj.js

HTTP Response

200
166.88.72.8:80

http://qsghk33.xyz/179-2.html?

http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

692 B
1.3kB
5
4

HTTP Request

GET http://qsghk33.xyz/179-2.html?

HTTP Response

200
39.156.68.163:80

http://push.zhanzhang.baidu.com/push.js

http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

734 B
1.8kB
8
8

HTTP Request

GET http://push.zhanzhang.baidu.com/push.js

HTTP Response

200
103.235.46.191:443

https://hm.baidu.com/hm.js?46c1f4a6462097598d7586b89f9ee561

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

1.8kB
23.2kB
24
22

HTTP Request

GET https://hm.baidu.com/hm.js?46c1f4a6462097598d7586b89f9ee561

HTTP Response

200
39.156.68.163:80

http://api.share.baidu.com/s.gif?l=http://www.wz1949.com/show_ad6.html

http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

872 B
564 B
9
8

HTTP Request

GET http://api.share.baidu.com/s.gif?l=http://www.wz1949.com/show_ad6.html

HTTP Response

200
166.88.72.36:19606

http://166.88.72.36:19606/

http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

683 B
678 B
5
4

HTTP Request

GET http://166.88.72.36:19606/

HTTP Response

200
166.88.72.31:18769

https://mu84gua.xyz:18769/template/avH5/images/logo.jpg

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

5.9kB
76.8kB
72
66

HTTP Request

GET https://mu84gua.xyz:18769/

HTTP Response

200

HTTP Request

GET https://mu84gua.xyz:18769/template/avH5/css/index.css

HTTP Response

200

HTTP Request

GET https://mu84gua.xyz:18769/static/js/jquery.js

HTTP Response

200

HTTP Request

GET https://mu84gua.xyz:18769/template/avH5/css/1.css

HTTP Response

200

HTTP Request

GET https://mu84gua.xyz:18769/static/js/jquery.autocomplete.js

HTTP Response

200

HTTP Request

GET https://mu84gua.xyz:18769/template/avH5/images/logo.jpg

HTTP Response

200
166.88.72.31:18769

https://mu84gua.xyz:18769/static/js/home.js

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

2.6kB
16.7kB
23
19

HTTP Request

GET https://mu84gua.xyz:18769/template/avH5/css/home.css

HTTP Response

200

HTTP Request

GET https://mu84gua.xyz:18769/static/js/jquery.lazyload.js

HTTP Response

200

HTTP Request

GET https://mu84gua.xyz:18769/static/js/home.js

HTTP Response

200
23.226.62.196:80

http://23.226.62.196/%E5%9B%BE%E7%89%871.png

http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

1.5kB
29.0kB
25
24

HTTP Request

GET http://23.226.62.196/%E5%9B%BE%E7%89%871.png

HTTP Response

200
45.61.212.162:443

https://vbutjg.com/e536c5a47f8b48edba0132f508c602da.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

10.1kB
274.8kB
205
204

HTTP Request

GET https://vbutjg.com/e536c5a47f8b48edba0132f508c602da.gif

HTTP Response

200
45.61.212.162:443

https://vkhhjp.com/58a254741ab84448b9cce30b7c2dd94c.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

9.8kB
267.0kB
199
198

HTTP Request

GET https://vkhhjp.com/58a254741ab84448b9cce30b7c2dd94c.gif

HTTP Response

200
154.197.15.166:443

https://cdn-xinghuatupian-cdn.com/xh/640-120.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

8.7kB
231.5kB
174
171

HTTP Request

GET https://cdn-xinghuatupian-cdn.com/xh/640-120.gif

HTTP Response

200
20.239.186.133:443

https://u0081.com/b3d72dbdd8904557bbc89c54b30b5d97.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

4.8kB
111.9kB
89
86

HTTP Request

GET https://u0081.com/b3d72dbdd8904557bbc89c54b30b5d97.gif

HTTP Response

200
103.170.15.75:443

https://75625358935.com/43f0889bc4f745ee874abf0a180520e7.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

20.9kB
604.6kB
440
439

HTTP Request

GET https://75625358935.com/43f0889bc4f745ee874abf0a180520e7.gif

HTTP Response

200
118.107.10.31:80

http://ads-6686.top/960-60.gif

http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

6.5kB
184.7kB
135
133

HTTP Request

GET http://ads-6686.top/960-60.gif

HTTP Response

200
23.225.222.18:443

https://img.x937.xyz/images/6318b4f81ff087ee5017a443.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

1.4kB
5.6kB
14
11

HTTP Request

GET https://img.x937.xyz/images/6318b4f81ff087ee5017a443.gif

HTTP Response

302
20.239.186.41:443

https://23539355.com/4c09012d57f0416ebd711c9190489ae9.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

8.8kB
236.5kB
176
173

HTTP Request

GET https://23539355.com/4c09012d57f0416ebd711c9190489ae9.gif

HTTP Response

200
47.110.177.110:443

https://38qptu4.oss-cn-hangzhou.aliyuncs.com/kyr87633.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

11.8kB
321.1kB
240
237

HTTP Request

GET https://38qptu4.oss-cn-hangzhou.aliyuncs.com/kyr87633.gif

HTTP Response

200
23.225.222.18:443

https://img.x973.xyz/images/631db985e058e84d7c442b2d.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

1.4kB
5.6kB
14
11

HTTP Request

GET https://img.x973.xyz/images/631db985e058e84d7c442b2d.gif

HTTP Response

302
47.75.19.62:443

https://yaoji666.oss-cn-hongkong.aliyuncs.com/gg/960X120.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

8.6kB
228.1kB
173
170

HTTP Request

GET https://yaoji666.oss-cn-hongkong.aliyuncs.com/gg/960X120.gif

HTTP Response

200
154.83.27.196:443

https://65688qp.com/tp/93960.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

12.2kB
339.7kB
252
249

HTTP Request

GET https://65688qp.com/tp/93960.gif

HTTP Response

200
43.154.254.32:443

https://p.qlogo.cn/hy_personal/3e28f14aa05168424fa80afa512d47670c98e6ee97c11a60ad0f9c35a38b4b7f/0.png

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

34.9kB
1.0MB
742
741

HTTP Request

GET https://p.qlogo.cn/hy_personal/3e28f14aa05168424fa80afa512d47670c98e6ee97c11a60ad0f9c35a38b4b7f/0.png

HTTP Response

200
163.171.147.15:443

https://img30.360buyimg.com/popXue/jfs/t1/167683/19/29526/254728/6311ad14E2506851c/6e267de7f5bce47e.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

10.0kB
268.1kB
203
200

HTTP Request

GET https://img30.360buyimg.com/popXue/jfs/t1/167683/19/29526/254728/6311ad14E2506851c/6e267de7f5bce47e.gif

HTTP Response

200
137.175.12.178:80

http://9191919191.com//960x60-2.gif

http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

540 B
700 B
5
4

HTTP Request

GET http://9191919191.com//960x60-2.gif

HTTP Response

301
45.154.215.92:443

https://kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

1.3kB
5.6kB
14
11

HTTP Request

GET https://kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif

HTTP Response

301
104.143.94.110:443

https://kzecc.com/8fdce7479dd03f1ee73805e8d2e9bab8.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

1.2kB
5.5kB
12
9

HTTP Request

GET https://kzecc.com/8fdce7479dd03f1ee73805e8d2e9bab8.gif

HTTP Response

301
66.150.130.123:443

https://kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

1.3kB
5.6kB
15
11

HTTP Request

GET https://kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif

HTTP Response

301
23.224.92.206:443

https://images.kdhflr.cn/uploads/2022/09/12/631f3053e33ba.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

5.7kB
143.1kB
109
106

HTTP Request

GET https://images.kdhflr.cn/uploads/2022/09/12/631f3053e33ba.gif

HTTP Response

200
137.175.12.178:443

https://9191919191.com/960x60-2.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

8.7kB
219.9kB
175
172

HTTP Request

GET https://9191919191.com/960x60-2.gif

HTTP Response

200
103.170.15.90:443

https://89958716765.com/9e224d02837045299d7206d31ca24c8b.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

20.0kB
577.5kB
421
420

HTTP Request

GET https://89958716765.com/9e224d02837045299d7206d31ca24c8b.gif

HTTP Response

200
103.170.15.110:443

https://86827156167.com/ca86f9b2c851476283a501c3a59834e7.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

6.2kB
155.7kB
120
119

HTTP Request

GET https://86827156167.com/ca86f9b2c851476283a501c3a59834e7.gif

HTTP Response

200
104.21.33.223:443

https://acoossu.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

20.6kB
420.9kB
339
338

HTTP Request

GET https://acoossu.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif

HTTP Response

200
47.246.48.230:443

https://p3.douyinpic.com/obj/tos-cn-i-dy/328c2a5c1865460fb45a561361715735

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

29.4kB
856.2kB
624
618

HTTP Request

GET https://p3.douyinpic.com/obj/tos-cn-i-dy/328c2a5c1865460fb45a561361715735

HTTP Response

200
47.246.48.230:443

https://p3.douyinpic.com/obj/tos-cn-i-dy/6d1763c30f3046fd96accfad4022b8e5

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

24.1kB
692.3kB
510
502

HTTP Request

GET https://p3.douyinpic.com/obj/tos-cn-i-dy/6d1763c30f3046fd96accfad4022b8e5

HTTP Response

200
104.21.234.66:443

https://kvhbbb.top/8fdce7479dd03f1ee73805e8d2e9bab8.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

41.6kB
899.9kB
699
698

HTTP Request

GET https://kvhbbb.top/8fdce7479dd03f1ee73805e8d2e9bab8.gif

HTTP Response

200
104.21.234.201:443

https://acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gif

tls, http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

42.5kB
1.1MB
792
791

HTTP Request

GET https://acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gif

HTTP Response

200
23.2.164.159:80

http://x2.c.lencr.org/

http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

299 B
721 B
4
3

HTTP Request

GET http://x2.c.lencr.org/

HTTP Response

200
96.16.53.142:80

http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgNG5mnJuLCHwPqOL6VmOjnlNg%3D%3D

http

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

421 B
864 B
4
3

HTTP Request

GET http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgNG5mnJuLCHwPqOL6VmOjnlNg%3D%3D

HTTP Response

200

8.8.8.8:53

wz1949.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

56 B
72 B
1
1

DNS Request

wz1949.com

DNS Response

185.219.21.134
8.8.8.8:53

push.zhanzhang.baidu.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

70 B
223 B
1
1

DNS Request

push.zhanzhang.baidu.com

DNS Response

39.156.68.163

112.34.113.148

180.101.212.103

182.61.201.93

182.61.201.94

182.61.240.101
8.8.8.8:53

qsghk33.xyz

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

57 B
73 B
1
1

DNS Request

qsghk33.xyz

DNS Response

166.88.72.8
8.8.8.8:53

hm.baidu.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

58 B
100 B
1
1

DNS Request

hm.baidu.com

DNS Response

103.235.46.191
8.8.8.8:53

api.share.baidu.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

65 B
194 B
1
1

DNS Request

api.share.baidu.com

DNS Response

39.156.68.163

112.34.113.148

180.101.212.103

182.61.201.93

182.61.201.94

182.61.240.101
8.8.8.8:53

mu84gua.xyz

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

57 B
73 B
1
1

DNS Request

mu84gua.xyz

DNS Response

166.88.72.31
8.8.8.8:53

vbutjg.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

56 B
174 B
1
1

DNS Request

vbutjg.com

DNS Response

45.61.212.162

103.170.15.52

103.170.15.67

103.189.108.98

45.61.212.131
8.8.8.8:53

23539355.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

58 B
451 B
1
1

DNS Request

23539355.com

DNS Response

20.239.186.41

20.239.186.133

23.101.2.94

23.101.2.170

20.239.174.73

20.239.174.74

20.239.174.75

20.239.174.148

20.239.174.248

20.239.174.249

20.239.174.250

20.239.174.251

20.239.175.72

20.239.175.73

20.239.175.74

20.239.175.75

20.239.175.140

20.239.175.141

20.239.175.142

20.239.175.143
8.8.8.8:53

vkhhjp.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

56 B
174 B
1
1

DNS Request

vkhhjp.com

DNS Response

45.61.212.162

103.170.15.54

103.170.15.68

103.189.108.96

45.61.212.131
8.8.8.8:53

u0081.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

55 B
448 B
1
1

DNS Request

u0081.com

DNS Response

20.239.186.133

23.101.2.94

23.101.2.170

20.239.174.73

20.239.174.74

20.239.174.75

20.239.174.148

20.239.174.248

20.239.174.249

20.239.174.250

20.239.174.251

20.239.175.72

20.239.175.73

20.239.175.74

20.239.175.75

20.239.175.140

20.239.175.141

20.239.175.142

20.239.175.143

20.239.186.41
8.8.8.8:53

img30.360buyimg.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

65 B
222 B
1
1

DNS Request

img30.360buyimg.com

DNS Response

163.171.147.15

163.171.129.134

163.171.143.15

163.171.130.131

163.171.130.132
8.8.8.8:53

cdn-xinghuatupian-cdn.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

71 B
151 B
1
1

DNS Request

cdn-xinghuatupian-cdn.com

DNS Response

154.197.15.166

154.197.15.163

45.207.36.121

45.207.36.125

45.207.36.130
8.8.8.8:53

yaoji666.oss-cn-hongkong.aliyuncs.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

83 B
99 B
1
1

DNS Request

yaoji666.oss-cn-hongkong.aliyuncs.com

DNS Response

47.75.19.62
8.8.8.8:53

89958716765.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

61 B
309 B
1
1

DNS Request

89958716765.com

DNS Response

103.170.15.90

103.170.15.95

103.170.15.100

45.61.212.60

45.61.212.118

45.61.212.123

45.61.212.130

45.61.212.220

45.61.212.225

45.61.212.230

103.170.15.75

103.170.15.79

103.170.15.84
8.8.8.8:53

65688qp.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

57 B
101 B
1
1

DNS Request

65688qp.com

DNS Response

154.83.27.196
8.8.8.8:53

kvezz.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

55 B
71 B
1
1

DNS Request

kvezz.com

DNS Response

45.154.215.92
8.8.8.8:53

kzecc.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

55 B
71 B
1
1

DNS Request

kzecc.com

DNS Response

104.143.94.110
8.8.8.8:53

kzeaa.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

55 B
71 B
1
1

DNS Request

kzeaa.com

DNS Response

66.150.130.123
8.8.8.8:53

86827156167.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

61 B
309 B
1
1

DNS Request

86827156167.com

DNS Response

103.170.15.110

103.170.15.115

45.61.212.47

45.61.212.52

45.61.212.60

45.61.212.118

103.170.15.75

103.170.15.79

103.170.15.84

103.170.15.90

103.170.15.95

103.170.15.100

103.170.15.105
8.8.8.8:53

9191919191.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

60 B
76 B
1
1

DNS Request

9191919191.com

DNS Response

137.175.12.178
8.8.8.8:53

img.x937.xyz

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

58 B
182 B
1
1

DNS Request

img.x937.xyz

DNS Response

23.225.222.18

23.225.228.34

38.47.102.246

23.225.228.58

23.225.222.2

38.47.102.248
8.8.8.8:53

75625358935.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

61 B
309 B
1
1

DNS Request

75625358935.com

DNS Response

103.170.15.75

103.170.15.79

103.170.15.84

103.170.15.115

45.61.212.47

45.61.212.52

45.61.212.60

45.61.212.118

45.61.212.123

45.61.212.130

45.61.212.220

45.61.212.225

45.61.212.230
8.8.8.8:53

img.x973.xyz

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

58 B
182 B
1
1

DNS Request

img.x973.xyz

DNS Response

23.225.222.18

23.225.222.2

23.225.228.34

38.47.102.248

23.225.228.58

38.47.102.246
8.8.8.8:53

38qptu4.oss-cn-hangzhou.aliyuncs.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

82 B
98 B
1
1

DNS Request

38qptu4.oss-cn-hangzhou.aliyuncs.com

DNS Response

47.110.177.110
8.8.8.8:53

p.qlogo.cn

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

56 B
109 B
1
1

DNS Request

p.qlogo.cn

DNS Response

43.154.254.32

43.129.255.47
8.8.8.8:53

ads-6686.top

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

58 B
74 B
1
1

DNS Request

ads-6686.top

DNS Response

118.107.10.31
8.8.8.8:53

images.kdhflr.cn

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

62 B
155 B
1
1

DNS Request

images.kdhflr.cn

DNS Response

23.224.92.206
8.8.8.8:53

acoossu.top

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

57 B
89 B
1
1

DNS Request

acoossu.top

DNS Response

104.21.33.223

172.67.151.21
8.8.8.8:53

p3.douyinpic.com

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

62 B
231 B
1
1

DNS Request

p3.douyinpic.com

DNS Response

47.246.48.230

47.246.48.224

47.246.48.225

47.246.48.231

47.246.48.228

47.246.48.227

47.246.48.229

47.246.48.226
8.8.8.8:53

kvhbbb.top

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

56 B
88 B
1
1

DNS Request

kvhbbb.top

DNS Response

104.21.234.66

104.21.234.67
8.8.8.8:53

acoossi.top

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

57 B
89 B
1
1

DNS Request

acoossi.top

DNS Response

104.21.234.201

104.21.234.200
8.8.8.8:53

x2.c.lencr.org

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

60 B
165 B
1
1

DNS Request

x2.c.lencr.org

DNS Response

23.2.164.159
8.8.8.8:53

e1.o.lencr.org

dns

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

60 B
159 B
1
1

DNS Request

e1.o.lencr.org

DNS Response

96.16.53.142

96.16.53.165

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request