Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

aab3477d4c...8b.exe

windows7-x64

8

aab3477d4c...8b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    184s
  • max time network
    190s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 10:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aab3477d4c76ae28869ebf49da7f0d45a6101b2e4b56d75a3dbdaa242abf888b.exe

  • Size

    1.1MB

  • MD5

    effbea685e7b77b9fa92604418c4f8f4

  • SHA1

    27059309b55f180b4135ace1016b4f407f26be70

  • SHA256

    aab3477d4c76ae28869ebf49da7f0d45a6101b2e4b56d75a3dbdaa242abf888b

  • SHA512

    7b0e9d7c21d1960ff76df9f8f333014793e694b85bea3eccf3db6963d496a881efd782d7ec102b4b69a8efd29929a00a070d035f914c431f97b73121076b5da1

  • SSDEEP

    24576:2NGQvfd4wzQP6ASSvTd7z/fl3F6e8P25XZkKcs9hzTQVF4CFU:UGQHuaQiWvZ7ThW2tZZcs99Q0

Score
8/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 14 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aab3477d4c76ae28869ebf49da7f0d45a6101b2e4b56d75a3dbdaa242abf888b.exe
    "C:\Users\Admin\AppData\Local\Temp\aab3477d4c76ae28869ebf49da7f0d45a6101b2e4b56d75a3dbdaa242abf888b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:892
    • C:\Users\Admin\AppData\Roaming\downhill\downhill.exe
      "C:\Users\Admin\AppData\Roaming\downhill\downhill.exe" /ShowDeskTop
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      PID:616
    • C:\Users\Admin\AppData\Roaming\downhill\downhill.exe
      "C:\Users\Admin\AppData\Roaming\downhill\downhill.exe" /autorun /setuprun
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Writes to the Master Boot Record (MBR)
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:984
    • C:\Users\Admin\AppData\Roaming\downhill\downhill.exe
      "C:\Users\Admin\AppData\Roaming\downhill\downhill.exe" /setupsucc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Writes to the Master Boot Record (MBR)
      • Suspicious behavior: EnumeratesProcesses
      PID:1372
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x474
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1576

Network

  • flag-unknown
    DNS
    a.clickdata.37wan.com
    downhill.exe
    Remote address:
    8.8.8.8:53
    Request
    a.clickdata.37wan.com
    IN A
    Response
    a.clickdata.37wan.com
    IN A
    159.75.141.43
    a.clickdata.37wan.com
    IN A
    106.55.79.146
  • flag-unknown
    GET
    http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=285&ext_1=2&ext_2=feitian_wd&ext_3=906403&ext_4=2622F8A551874AA0B536F55F830A22E0&ext_5=b48af71777ac4515f0bd98c65695e336&ext_6=2&browser_type=3000
    downhill.exe
    Remote address:
    159.75.141.43:80
    Request
    GET /controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=285&ext_1=2&ext_2=feitian_wd&ext_3=906403&ext_4=2622F8A551874AA0B536F55F830A22E0&ext_5=b48af71777ac4515f0bd98c65695e336&ext_6=2&browser_type=3000 HTTP/1.1
    User-Agent: HTTPDownloader
    Host: a.clickdata.37wan.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:07:48 GMT
    Content-Type: text/plain;charset=utf-8;
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: openresty
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
    Access-Control-Allow-Methods: GET, POST, OPTIONS
  • flag-unknown
    DNS
    gameapp.37.com
    downhill.exe
    Remote address:
    8.8.8.8:53
    Request
    gameapp.37.com
    IN A
    Response
    gameapp.37.com
    IN CNAME
    newgameapp.37.com
    newgameapp.37.com
    IN A
    81.71.82.218
    newgameapp.37.com
    IN A
    106.53.131.76
  • flag-unknown
    GET
    http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1
    downhill.exe
    Remote address:
    81.71.82.218:80
    Request
    GET /controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1 HTTP/1.1
    Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: gameapp.37.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:10 GMT
    Content-Type: text/html;charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: openresty
    Set-Cookie: PHPSESSID=8hia917kmjk0v5qfl08jpovbg0; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Set-Cookie: sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; path=/; domain=37.com
    Set-Cookie: client_type=3; path=/; domain=37.com
    37web: txy_game_10_31_2_12_g3
    Content-Encoding: gzip
  • flag-unknown
    GET
    http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    downhill.exe
    Remote address:
    81.71.82.218:80
    Request
    GET /controller/client.php?action=register&game_id=285&tpl_type=game1 HTTP/1.1
    Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
    Referer: http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: gameapp.37.com
    Connection: Keep-Alive
    Cookie: PHPSESSID=8hia917kmjk0v5qfl08jpovbg0; sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; client_type=3
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:31 GMT
    Content-Type: text/html;charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: openresty
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    37web: txy_game_10_31_2_48_g3
    Content-Encoding: gzip
  • flag-unknown
    DNS
    img1.37wanimg.com
    downhill.exe
    Remote address:
    8.8.8.8:53
    Request
    img1.37wanimg.com
    IN A
    Response
    img1.37wanimg.com
    IN CNAME
    img1.37wanimg.com.wscdns.com
    img1.37wanimg.com.wscdns.com
    IN A
    163.171.143.15
    img1.37wanimg.com.wscdns.com
    IN A
    163.171.147.15
  • flag-unknown
    DNS
    img2.37wanimg.com
    downhill.exe
    Remote address:
    8.8.8.8:53
    Request
    img2.37wanimg.com
    IN A
    Response
    img2.37wanimg.com
    IN CNAME
    img2.37wanimg.com.wscdns.com
    img2.37wanimg.com.wscdns.com
    IN A
    163.171.147.15
    img2.37wanimg.com.wscdns.com
    IN A
    163.171.143.15
  • flag-unknown
    DNS
    ptres.37.com
    downhill.exe
    Remote address:
    8.8.8.8:53
    Request
    ptres.37.com
    IN A
    Response
    ptres.37.com
    IN CNAME
    ptres.37.com.wscdns.com
    ptres.37.com.wscdns.com
    IN A
    163.171.143.15
    ptres.37.com.wscdns.com
    IN A
    163.171.147.15
  • flag-unknown
    GET
    http://ptres.37.com/js/sq/lib/sq.core.js?t=20140304
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /js/sq/lib/sq.core.js?t=20140304 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: ptres.37.com
    Connection: Keep-Alive
    Cookie: sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; client_type=3
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:10 GMT
    Content-Type: application/x-javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expires: Mon, 02 Jan 2023 01:35:54 GMT
    Server: nginx
    Last-Modified: Wed, 17 Oct 2018 02:10:26 GMT
    Cache-Control: max-age=2592000
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: GET
    Content-Encoding: gzip
    Age: 1
    X-Via: 1.1 PS-FOC-01tmR97:9 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1wy44:1 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc30a_PSblsblseBRU1wy44_19632-56273
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://ptres.37.com/js/sq/widget/sq.statis.js
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /js/sq/widget/sq.statis.js HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: ptres.37.com
    Connection: Keep-Alive
    Cookie: sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; client_type=3
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:10 GMT
    Content-Type: application/x-javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expires: Fri, 30 Dec 2022 15:18:49 GMT
    Server: nginx
    Last-Modified: Mon, 13 Apr 2020 02:12:29 GMT
    Cache-Control: max-age=2592000
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: GET
    Content-Encoding: gzip
    Age: 1
    X-Via: 1.1 zhoudxin93:0 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1bh43:7 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc30a_PSblsblseBRU1wy44_19632-56275
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://ptres.37.com/js/sq/widget/sq.login.js?t=20211123172316
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /js/sq/widget/sq.login.js?t=20211123172316 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: ptres.37.com
    Connection: Keep-Alive
    Cookie: sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; client_type=3
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:10 GMT
    Content-Type: application/x-javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expires: Mon, 02 Jan 2023 01:35:53 GMT
    Server: nginx
    Last-Modified: Tue, 23 Nov 2021 10:12:13 GMT
    Cache-Control: max-age=2592000
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: GET
    Content-Encoding: gzip
    Age: 1
    X-Via: 1.1 PS-FOC-01KG494:14 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1bh43:14 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc30a_PSblsblseBRU1wy44_17144-16296
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://ptres.37.com/js/sq/widget/sq.tab.js
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /js/sq/widget/sq.tab.js HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: ptres.37.com
    Connection: Keep-Alive
    Cookie: sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; client_type=3
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:10 GMT
    Content-Type: application/x-javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expires: Fri, 30 Dec 2022 15:18:49 GMT
    Server: nginx
    Last-Modified: Sat, 20 Jun 2015 13:34:59 GMT
    Cache-Control: max-age=2592000
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: GET
    Content-Encoding: gzip
    Age: 1
    X-Via: 1.1 zhoudxin93:4 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1wy44:7 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc30a_PSblsblseBRU1wy44_17144-16297
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://ptres.37.com/js/sq/widget/sq.clientclass2.js?t=1670234890
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /js/sq/widget/sq.clientclass2.js?t=1670234890 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: ptres.37.com
    Connection: Keep-Alive
    Cookie: sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; client_type=3
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:14 GMT
    Content-Type: application/x-javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Sun, 29 Sep 2019 03:09:32 GMT
    Expires: Wed, 04 Jan 2023 10:08:14 GMT
    Cache-Control: max-age=2592000
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: GET
    Content-Encoding: gzip
    X-Via: 1.1 PSblsblseBRU1bh43:1 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc30a_PSblsblseBRU1wy44_17144-16298
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://ptres.37.com/js/sq/widget/sq.clientclass2.js?t=1670234911
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /js/sq/widget/sq.clientclass2.js?t=1670234911 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: ptres.37.com
    Connection: Keep-Alive
    Cookie: sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; client_type=3
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:39 GMT
    Content-Type: application/x-javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Sun, 29 Sep 2019 03:09:32 GMT
    Expires: Wed, 04 Jan 2023 10:08:38 GMT
    Cache-Control: max-age=2592000
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: GET
    Content-Encoding: gzip
    X-Via: 1.1 PS-FOC-01TKc95:7 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1bh43:1 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc326_PSblsblseBRU1wy44_17144-16613
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://ptres.37.com/js/sq/widget/sq.dialog2015.js?t=1670238528719&_=1670238528720
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /js/sq/widget/sq.dialog2015.js?t=1670238528719&_=1670238528720 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: ptres.37.com
    Connection: Keep-Alive
    Cookie: sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; client_type=3
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:52 GMT
    Content-Type: application/x-javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Wed, 06 Jan 2016 09:20:16 GMT
    Expires: Wed, 04 Jan 2023 10:08:52 GMT
    Cache-Control: max-age=2592000
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: GET
    Content-Encoding: gzip
    X-Via: 1.1 zhoudxin93:4 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1bh43:20 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc333_PSblsblseBRU1wy44_17144-16748
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://ptres.37.com/js/sq/lib/sq.core.js
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /js/sq/lib/sq.core.js HTTP/1.1
    Accept: */*
    Referer: http://regapi.37.com/proxy_yk.html
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: ptres.37.com
    Connection: Keep-Alive
    Cookie: sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; client_type=3; tg_uv=NMONY1qa1yQBAAAAc6V-
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:09:05 GMT
    Content-Type: application/x-javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expires: Fri, 30 Dec 2022 14:57:28 GMT
    Server: nginx
    Last-Modified: Wed, 17 Oct 2018 02:10:26 GMT
    ETag: "5bc69a12-190b8"
    Cache-Control: max-age=2592000
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: GET
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Age: 1
    X-Via: 1.1 PS-FOC-01tmR97:9 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1wy44:1 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc341_PSblsblseBRU1wy44_17144-16885
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://img1.37wanimg.com/lyb/css/client/game1.css?t=1670234890
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /lyb/css/client/game1.css?t=1670234890 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: img1.37wanimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:11 GMT
    Content-Type: text/css
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Mon, 29 Aug 2016 06:22:36 GMT
    Expires: Wed, 04 Jan 2023 10:08:11 GMT
    Cache-Control: max-age=2592000
    Content-Encoding: gzip
    X-Via: 1.1 PSjszjsx2aa166:4 (Cdn Cache Server V2.0), 1.1 zhoudxin93:14 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1wy44:5 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc30a_PSblsblseBRU1wy44_14195-25005
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://img1.37wanimg.com/lyb/css/client/game1/logo.png
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /lyb/css/client/game1/logo.png HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: img1.37wanimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:27 GMT
    Content-Type: image/png
    Content-Length: 3031
    Connection: keep-alive
    Expires: Wed, 04 Jan 2023 10:08:27 GMT
    Server: nginx
    Last-Modified: Sun, 29 Sep 2019 07:58:57 GMT
    ETag: "5d906441-bd7"
    Cache-Control: max-age=2592000
    Accept-Ranges: bytes
    X-Via: 1.1 PSjszjsx2aa166:5 (Cdn Cache Server V2.0), 1.1 PS-FOC-01TKc95:6 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1bh43:1 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc31a_PSblsblseBRU1wy44_14195-25180
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://img1.37wanimg.com/lyb/css/client/game1.css?t=1670234911
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /lyb/css/client/game1.css?t=1670234911 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: img1.37wanimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:33 GMT
    Content-Type: text/css
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Mon, 29 Aug 2016 06:22:36 GMT
    Expires: Wed, 04 Jan 2023 10:08:33 GMT
    Cache-Control: max-age=2592000
    Content-Encoding: gzip
    X-Via: 1.1 PSjszjsx2aa166:4 (Cdn Cache Server V2.0), 1.1 zhoudxin93:14 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1wy44:5 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc321_PSblsblseBRU1wy44_14195-25241
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://img1.37wanimg.com/lyb/js/client/game1.js?t=1670234911
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /lyb/js/client/game1.js?t=1670234911 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: img1.37wanimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:38 GMT
    Content-Type: application/x-javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Tue, 15 Mar 2016 03:37:55 GMT
    Expires: Wed, 04 Jan 2023 10:08:38 GMT
    Cache-Control: max-age=2592000
    Content-Encoding: gzip
    X-Via: 1.1 PSjszjsx2aa166:4 (Cdn Cache Server V2.0), 1.1 PS-FOC-01TKc95:2 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1bh43:10 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc326_PSblsblseBRU1wy44_14195-25302
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://img1.37wanimg.com/lyb/css/client/game1/log_blk.jpg
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /lyb/css/client/game1/log_blk.jpg HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: img1.37wanimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:45 GMT
    Content-Type: image/jpeg
    Content-Length: 18694
    Connection: keep-alive
    Expires: Wed, 04 Jan 2023 10:08:45 GMT
    Server: nginx
    Last-Modified: Sat, 20 Jun 2015 13:34:59 GMT
    ETag: "55856c03-4906"
    Cache-Control: max-age=2592000
    Accept-Ranges: bytes
    X-Via: 1.1 PSjszjsx2se169:4 (Cdn Cache Server V2.0), 1.1 PS-FOC-01KG494:2 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1wy44:10 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc32d_PSblsblseBRU1wy44_14195-25354
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://img1.37wanimg.com/www/css/images/common/dialog2/bg-dialog-avatar.png?v=1
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /www/css/images/common/dialog2/bg-dialog-avatar.png?v=1 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: img1.37wanimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:51 GMT
    Content-Type: image/png
    Content-Length: 1426
    Connection: keep-alive
    Expires: Mon, 02 Jan 2023 01:36:36 GMT
    Server: nginx
    Last-Modified: Sat, 20 Jun 2015 13:34:59 GMT
    ETag: "55856c03-592"
    Cache-Control: max-age=2592000
    Accept-Ranges: bytes
    Age: 1
    X-Via: 1.1 PSjszjsx2se169:5 (Cdn Cache Server V2.0), 1.1 zhoudxin93:3 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1wy44:11 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc333_PSblsblseBRU1wy44_14195-25423
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://img1.37wanimg.com/www2015/images/reglog/200x42.png?v=1
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /www2015/images/reglog/200x42.png?v=1 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: img1.37wanimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:51 GMT
    Content-Type: image/png
    Content-Length: 539
    Connection: keep-alive
    Expires: Mon, 02 Jan 2023 01:36:36 GMT
    Server: nginx
    Last-Modified: Thu, 03 Nov 2016 02:55:20 GMT
    ETag: "581aa718-21b"
    Cache-Control: max-age=2592000
    Accept-Ranges: bytes
    Age: 1
    X-Via: 1.1 sanxian212:10 (Cdn Cache Server V2.0), 1.1 PS-FOC-01tmR97:3 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1wy44:7 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc333_PSblsblseBRU1wy44_14195-25424
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://img1.37wanimg.com/lyb/js/client/game1.js?t=1670234890
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /lyb/js/client/game1.js?t=1670234890 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: img1.37wanimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:10 GMT
    Content-Type: application/x-javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Tue, 15 Mar 2016 03:37:55 GMT
    Expires: Wed, 04 Jan 2023 10:08:10 GMT
    Cache-Control: max-age=2592000
    Content-Encoding: gzip
    X-Via: 1.1 PSjszjsx2aa166:4 (Cdn Cache Server V2.0), 1.1 PS-FOC-01TKc95:2 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1bh43:10 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc30a_PSblsblseBRU1wy44_22505-56620
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://img1.37wanimg.com/lyb/css/client/game1/sprite.png
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /lyb/css/client/game1/sprite.png HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: img1.37wanimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:26 GMT
    Content-Type: image/png
    Content-Length: 91655
    Connection: keep-alive
    Expires: Wed, 04 Jan 2023 10:08:26 GMT
    Server: nginx
    Last-Modified: Sat, 20 Jun 2015 13:34:59 GMT
    ETag: "55856c03-16607"
    Cache-Control: max-age=2592000
    Accept-Ranges: bytes
    X-Via: 1.1 PSjszjsx2se169:4 (Cdn Cache Server V2.0), 1.1 PS-FOC-01tmR97:10 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1rg42:8 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc31a_PSblsblseBRU1wy44_22505-56879
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://img1.37wanimg.com/lyb/css/client/game1/bg.jpg
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /lyb/css/client/game1/bg.jpg HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: img1.37wanimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:45 GMT
    Content-Type: image/jpeg
    Content-Length: 90235
    Connection: keep-alive
    Expires: Wed, 04 Jan 2023 10:08:45 GMT
    Server: nginx
    Last-Modified: Sat, 20 Jun 2015 13:34:59 GMT
    ETag: "55856c03-1607b"
    Cache-Control: max-age=2592000
    Accept-Ranges: bytes
    X-Via: 1.1 PSjszjsx2aa166:3 (Cdn Cache Server V2.0), 1.1 PS-FOC-01tmR97:11 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1bh43:22 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc32d_PSblsblseBRU1wy44_22505-57147
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://img1.37wanimg.com/www/css/images/common/ico.png
    downhill.exe
    Remote address:
    163.171.143.15:80
    Request
    GET /www/css/images/common/ico.png HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: img1.37wanimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:51 GMT
    Content-Type: image/png
    Content-Length: 5411
    Connection: keep-alive
    Expires: Mon, 02 Jan 2023 01:36:35 GMT
    Server: nginx
    Last-Modified: Sat, 20 Jun 2015 13:34:59 GMT
    ETag: "55856c03-1523"
    Cache-Control: max-age=2592000
    Accept-Ranges: bytes
    Age: 1
    X-Via: 1.1 PSjszjsx2aa166:9 (Cdn Cache Server V2.0), 1.1 ianxin96:14 (Cdn Cache Server V2.0), 1.1 PSblsblseBRU1rg42:1 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc333_PSblsblseBRU1wy44_22505-57215
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    GET
    http://img2.37wanimg.com/2015/06/16193928h6OrS.jpg
    downhill.exe
    Remote address:
    163.171.147.15:80
    Request
    GET /2015/06/16193928h6OrS.jpg HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: img2.37wanimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:11 GMT
    Content-Type: image/jpeg
    Content-Length: 20184
    Connection: keep-alive
    Expires: Wed, 04 Jan 2023 10:08:11 GMT
    Server: nginx
    Last-Modified: Tue, 16 Jun 2015 11:39:28 GMT
    ETag: "55800af0-4ed8"
    Cache-Control: max-age=2592000
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Headers: X-Requested-With
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Accept-Ranges: bytes
    X-Via: 1.1 PSjszjsx2aa166:3 (Cdn Cache Server V2.0), 1.1 PS-FOC-01KG494:6 (Cdn Cache Server V2.0), 1.1 PS-VIE-01Lw182:10 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc30a_PS-VIE-01Lw182_5787-25942
    Ws-S2h-Acc-Level: 1
  • flag-unknown
    DNS
    d.wanyouxi7.com
    downhill.exe
    Remote address:
    8.8.8.8:53
    Request
    d.wanyouxi7.com
    IN A
    Response
    d.wanyouxi7.com
    IN CNAME
    d.wanyouxi7.com.wscdns.com
    d.wanyouxi7.com.wscdns.com
    IN A
    163.171.147.15
    d.wanyouxi7.com.wscdns.com
    IN A
    163.171.143.15
  • flag-unknown
    GET
    http://d.wanyouxi7.com/yx/lyb/sqft/906403/app.ini
    downhill.exe
    Remote address:
    163.171.147.15:80
    Request
    GET /yx/lyb/sqft/906403/app.ini HTTP/1.1
    User-Agent: HTTPDownloader
    Host: d.wanyouxi7.com
    Response
    HTTP/1.1 404 Not Found
    Date: Mon, 05 Dec 2022 10:08:23 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx/1.4.7
    Age: 1
    X-Via: 1.1 zhoudxin93:8 (Cdn Cache Server V2.0), 1.1 PS-VIE-01aIr81:2 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 638dc317_PS-VIE-01Lw182_1384-26058
  • flag-unknown
    GET
    http://a.clickdata.37wan.com/controller/istat.controller.php?platform=37wan&item=u3tfl5ftfl&game_id=285&sid=&position=1&ext_1=4&ext_2=feitian_wd&ext_3=906403&ext_4=&ext_5=gy&ext_6=&login_account=&browser_type=&user_ip=&refer=feitian_wd&uid=906403&page=4&t=1670238528008
    downhill.exe
    Remote address:
    159.75.141.43:80
    Request
    GET /controller/istat.controller.php?platform=37wan&item=u3tfl5ftfl&game_id=285&sid=&position=1&ext_1=4&ext_2=feitian_wd&ext_3=906403&ext_4=&ext_5=gy&ext_6=&login_account=&browser_type=&user_ip=&refer=feitian_wd&uid=906403&page=4&t=1670238528008 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: a.clickdata.37wan.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:51 GMT
    Content-Type: text/plain;charset=utf-8;
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: openresty
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
    Access-Control-Allow-Methods: GET, POST, OPTIONS
  • flag-unknown
    GET
    http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=285&ext_1=4&ext_2=feitian_wd&ext_3=906403&ext_4=2622F8A551874AA0B536F55F830A22E0&ext_5=b48af71777ac4515f0bd98c65695e336&ext_6=2&browser_type=3000
    downhill.exe
    Remote address:
    159.75.141.43:80
    Request
    GET /controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=285&ext_1=4&ext_2=feitian_wd&ext_3=906403&ext_4=2622F8A551874AA0B536F55F830A22E0&ext_5=b48af71777ac4515f0bd98c65695e336&ext_6=2&browser_type=3000 HTTP/1.1
    User-Agent: HTTPDownloader
    Host: a.clickdata.37wan.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:09:07 GMT
    Content-Type: text/plain;charset=utf-8;
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: openresty
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
    Access-Control-Allow-Methods: GET, POST, OPTIONS
  • flag-unknown
    DNS
    regapi.37.com
    downhill.exe
    Remote address:
    8.8.8.8:53
    Request
    regapi.37.com
    IN A
    Response
    regapi.37.com
    IN CNAME
    allreg.37.com
    allreg.37.com
    IN A
    106.55.175.231
    allreg.37.com
    IN A
    81.71.21.194
  • flag-unknown
    GET
    http://regapi.37.com/proxy_yk.html
    downhill.exe
    Remote address:
    106.55.175.231:80
    Request
    GET /proxy_yk.html HTTP/1.1
    Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: regapi.37.com
    Connection: Keep-Alive
    Cookie: sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; client_type=3
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:08:59 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: openresty
    37web: txy_regapi_10_31_2_8_g3
  • flag-unknown
    DNS
    my.37.com
    downhill.exe
    Remote address:
    8.8.8.8:53
    Request
    my.37.com
    IN A
    Response
    my.37.com
    IN CNAME
    allmy.37.com
    allmy.37.com
    IN A
    81.71.10.131
    allmy.37.com
    IN A
    42.194.153.154
  • flag-unknown
    DNS
    cm.he2d.com
    downhill.exe
    Remote address:
    8.8.8.8:53
    Request
    cm.he2d.com
    IN A
    Response
    cm.he2d.com
    IN CNAME
    p2019.q1qfc323.com
    p2019.q1qfc323.com
    IN A
    139.9.125.189
    p2019.q1qfc323.com
    IN A
    193.112.116.230
  • flag-unknown
    GET
    https://my.37.com/httpsEnable.gif?t=1670238528762
    downhill.exe
    Remote address:
    81.71.10.131:443
    Request
    GET /httpsEnable.gif?t=1670238528762 HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: my.37.com
    Connection: Keep-Alive
    Cookie: sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; client_type=3
    Response
    HTTP/1.1 200 OK
    Date: Mon, 05 Dec 2022 10:09:18 GMT
    Content-Type: image/gif
    Content-Length: 43
    Connection: keep-alive
    Server: openresty
    Last-Modified: Thu, 25 Aug 2016 08:46:19 GMT
    ETag: "57beb05b-2b"
    Expires: Wed, 04 Jan 2023 10:09:18 GMT
    Cache-Control: max-age=2592000
    37web: txy_my_10_31_130_8_g4
    Accept-Ranges: bytes
  • flag-unknown
    GET
    http://cm.he2d.com/1/
    downhill.exe
    Remote address:
    139.9.125.189:80
    Request
    GET /1/ HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: cm.he2d.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Moved Temporarily
    Server: nginx
    Date: Mon, 05 Dec 2022 10:08:52 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Set-Cookie: u=NMONY1qa1yQBAAAAc6V-; Expires=Thu, 02-Dec-32 10:08:52 GMT; Domain=he2d.com; Path=/
    Location: http://cookiem.37.com/sys/?u=NMONY1qa1yQBAAAAc6V-&fdata=
    Expires: Mon, 05 Dec 2022 10:08:51 GMT
    Cache-Control: no-cache
  • flag-unknown
    DNS
    cookiem.37.com
    downhill.exe
    Remote address:
    8.8.8.8:53
    Request
    cookiem.37.com
    IN A
    Response
    cookiem.37.com
    IN CNAME
    p.huluwa8.com
    p.huluwa8.com
    IN CNAME
    p2019.q1qfc323.com
    p2019.q1qfc323.com
    IN A
    139.9.125.189
    p2019.q1qfc323.com
    IN A
    193.112.116.230
  • flag-unknown
    GET
    http://cookiem.37.com/sys/?u=NMONY1qa1yQBAAAAc6V-&fdata=
    downhill.exe
    Remote address:
    139.9.125.189:80
    Request
    GET /sys/?u=NMONY1qa1yQBAAAAc6V-&fdata= HTTP/1.1
    Accept: */*
    Referer: http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Cookie: sq_client_data=a%253A8%253A%257Bs%253A7%253A%2522game_id%2522%253Bs%253A3%253A%2522285%2522%253Bs%253A7%253A%2522version%2522%253Bs%253A4%253A%25223000%2522%253Bs%253A5%253A%2522refer%2522%253Bs%253A10%253A%2522feitian_wd%2522%253Bs%253A3%253A%2522uid%2522%253Bs%253A6%253A%2522906403%2522%253Bs%253A13%253A%2522showlogintype%2522%253Bs%253A1%253A%25223%2522%253Bs%253A8%253A%2522tpl_type%2522%253Bs%253A5%253A%2522game1%2522%253Bs%253A11%253A%2522installtime%2522%253Bs%253A8%253A%252220221205%2522%253Bs%253A10%253A%2522thirdlogin%2522%253Bs%253A1%253A%25220%2522%253B%257D; client_type=3
    Connection: Keep-Alive
    Host: cookiem.37.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Mon, 05 Dec 2022 10:08:53 GMT
    Content-Type: image/gif
    Content-Length: 0
    Connection: keep-alive
    Set-Cookie: tg_uv=NMONY1qa1yQBAAAAc6V-; Expires=Thu, 02-Dec-32 10:08:53 GMT; Domain=37.com; Path=/
    Expires: Mon, 05 Dec 2022 10:08:52 GMT
    Cache-Control: no-cache
    P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
  • 159.75.141.43:80
    http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=285&ext_1=2&ext_2=feitian_wd&ext_3=906403&ext_4=2622F8A551874AA0B536F55F830A22E0&ext_5=b48af71777ac4515f0bd98c65695e336&ext_6=2&browser_type=3000
    http
    downhill.exe
    613 B
     589 B
     7
    5

    HTTP Request

    GET http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=285&ext_1=2&ext_2=feitian_wd&ext_3=906403&ext_4=2622F8A551874AA0B536F55F830A22E0&ext_5=b48af71777ac4515f0bd98c65695e336&ext_6=2&browser_type=3000

    HTTP Response

    200
  • 81.71.82.218:80
    http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1
    http
    downhill.exe
    6.2kB
     9.6kB
     23
    18

    HTTP Request

    GET http://gameapp.37.com/controller/client.php?game_id=285&tpl_type=game1&refer=feitian_wd&uid=906403&version=3000&installtime=20221205&runcount=1&curtime=20221205110738&showlogintype=3&regtimes=1&pagetype=1

    HTTP Response

    200

    HTTP Request

    GET http://gameapp.37.com/controller/client.php?action=register&game_id=285&tpl_type=game1

    HTTP Response

    200
  • 163.171.143.15:80
    http://ptres.37.com/js/sq/widget/sq.statis.js
    http
    downhill.exe
    3.4kB
     43.4kB
     23
    37

    HTTP Request

    GET http://ptres.37.com/js/sq/lib/sq.core.js?t=20140304

    HTTP Response

    200

    HTTP Request

    GET http://ptres.37.com/js/sq/widget/sq.statis.js

    HTTP Response

    200
  • 163.171.143.15:80
    http://ptres.37.com/js/sq/lib/sq.core.js
    http
    downhill.exe
    9.0kB
     87.5kB
     49
    79

    HTTP Request

    GET http://ptres.37.com/js/sq/widget/sq.login.js?t=20211123172316

    HTTP Response

    200

    HTTP Request

    GET http://ptres.37.com/js/sq/widget/sq.tab.js

    HTTP Response

    200

    HTTP Request

    GET http://ptres.37.com/js/sq/widget/sq.clientclass2.js?t=1670234890

    HTTP Response

    200

    HTTP Request

    GET http://ptres.37.com/js/sq/widget/sq.clientclass2.js?t=1670234911

    HTTP Response

    200

    HTTP Request

    GET http://ptres.37.com/js/sq/widget/sq.dialog2015.js?t=1670238528719&_=1670238528720

    HTTP Response

    200

    HTTP Request

    GET http://ptres.37.com/js/sq/lib/sq.core.js

    HTTP Response

    200
  • 163.171.143.15:80
    http://img1.37wanimg.com/www2015/images/reglog/200x42.png?v=1
    http
    downhill.exe
    4.8kB
     36.6kB
     27
    43

    HTTP Request

    GET http://img1.37wanimg.com/lyb/css/client/game1.css?t=1670234890

    HTTP Response

    200

    HTTP Request

    GET http://img1.37wanimg.com/lyb/css/client/game1/logo.png

    HTTP Response

    200

    HTTP Request

    GET http://img1.37wanimg.com/lyb/css/client/game1.css?t=1670234911

    HTTP Response

    200

    HTTP Request

    GET http://img1.37wanimg.com/lyb/js/client/game1.js?t=1670234911

    HTTP Response

    200

    HTTP Request

    GET http://img1.37wanimg.com/lyb/css/client/game1/log_blk.jpg

    HTTP Response

    200

    HTTP Request

    GET http://img1.37wanimg.com/www/css/images/common/dialog2/bg-dialog-avatar.png?v=1

    HTTP Response

    200

    HTTP Request

    GET http://img1.37wanimg.com/www2015/images/reglog/200x42.png?v=1

    HTTP Response

    200
  • 163.171.143.15:80
    http://img1.37wanimg.com/www/css/images/common/ico.png
    http
    downhill.exe
    6.2kB
     196.9kB
     89
    155

    HTTP Request

    GET http://img1.37wanimg.com/lyb/js/client/game1.js?t=1670234890

    HTTP Response

    200

    HTTP Request

    GET http://img1.37wanimg.com/lyb/css/client/game1/sprite.png

    HTTP Response

    200

    HTTP Request

    GET http://img1.37wanimg.com/lyb/css/client/game1/bg.jpg

    HTTP Response

    200

    HTTP Request

    GET http://img1.37wanimg.com/www/css/images/common/ico.png

    HTTP Response

    200
  • 163.171.147.15:80
    http://img2.37wanimg.com/2015/06/16193928h6OrS.jpg
    http
    downhill.exe
    1.2kB
     21.7kB
     14
    20

    HTTP Request

    GET http://img2.37wanimg.com/2015/06/16193928h6OrS.jpg

    HTTP Response

    200
  • 163.171.147.15:80
    http://d.wanyouxi7.com/yx/lyb/sqft/906403/app.ini
    http
    downhill.exe
    371 B
     643 B
     6
    3

    HTTP Request

    GET http://d.wanyouxi7.com/yx/lyb/sqft/906403/app.ini

    HTTP Response

    404
  • 159.75.141.43:80
    http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=285&ext_1=4&ext_2=feitian_wd&ext_3=906403&ext_4=2622F8A551874AA0B536F55F830A22E0&ext_5=b48af71777ac4515f0bd98c65695e336&ext_6=2&browser_type=3000
    http
    downhill.exe
    1.4kB
     1.0kB
     9
    7

    HTTP Request

    GET http://a.clickdata.37wan.com/controller/istat.controller.php?platform=37wan&item=u3tfl5ftfl&game_id=285&sid=&position=1&ext_1=4&ext_2=feitian_wd&ext_3=906403&ext_4=&ext_5=gy&ext_6=&login_account=&browser_type=&user_ip=&refer=feitian_wd&uid=906403&page=4&t=1670238528008

    HTTP Response

    200

    HTTP Request

    GET http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=285&ext_1=4&ext_2=feitian_wd&ext_3=906403&ext_4=2622F8A551874AA0B536F55F830A22E0&ext_5=b48af71777ac4515f0bd98c65695e336&ext_6=2&browser_type=3000

    HTTP Response

    200
  • 106.55.175.231:80
    http://regapi.37.com/proxy_yk.html
    http
    downhill.exe
    2.7kB
     681 B
     6
    4

    HTTP Request

    GET http://regapi.37.com/proxy_yk.html

    HTTP Response

    200
  • 81.71.10.131:443
    https://my.37.com/httpsEnable.gif?t=1670238528762
    tls, http
    downhill.exe
    4.4kB
     4.3kB
     13
    7

    HTTP Request

    GET https://my.37.com/httpsEnable.gif?t=1670238528762

    HTTP Response

    200
  • 139.9.125.189:80
    http://cm.he2d.com/1/
    http
    downhill.exe
    715 B
     1.5kB
     6
    5

    HTTP Request

    GET http://cm.he2d.com/1/

    HTTP Response

    302
  • 139.9.125.189:80
    http://cookiem.37.com/sys/?u=NMONY1qa1yQBAAAAc6V-&fdata=
    http
    downhill.exe
    1.3kB
     568 B
     5
    4

    HTTP Request

    GET http://cookiem.37.com/sys/?u=NMONY1qa1yQBAAAAc6V-&fdata=

    HTTP Response

    200
  • 8.8.8.8:53
    a.clickdata.37wan.com
    dns
    downhill.exe
    67 B
     99 B
     1
    1

    DNS Request

    a.clickdata.37wan.com

    DNS Response

    159.75.141.43
    106.55.79.146

  • 8.8.8.8:53
    gameapp.37.com
    dns
    downhill.exe
    60 B
     117 B
     1
    1

    DNS Request

    gameapp.37.com

    DNS Response

    81.71.82.218
    106.53.131.76

  • 8.8.8.8:53
    img1.37wanimg.com
    dns
    downhill.exe
    63 B
     134 B
     1
    1

    DNS Request

    img1.37wanimg.com

    DNS Response

    163.171.143.15
    163.171.147.15

  • 8.8.8.8:53
    img2.37wanimg.com
    dns
    downhill.exe
    63 B
     134 B
     1
    1

    DNS Request

    img2.37wanimg.com

    DNS Response

    163.171.147.15
    163.171.143.15

  • 8.8.8.8:53
    ptres.37.com
    dns
    downhill.exe
    58 B
     124 B
     1
    1

    DNS Request

    ptres.37.com

    DNS Response

    163.171.143.15
    163.171.147.15

  • 8.8.8.8:53
    d.wanyouxi7.com
    dns
    downhill.exe
    61 B
     130 B
     1
    1

    DNS Request

    d.wanyouxi7.com

    DNS Response

    163.171.147.15
    163.171.143.15

  • 8.8.8.8:53
    regapi.37.com
    dns
    downhill.exe
    59 B
     112 B
     1
    1

    DNS Request

    regapi.37.com

    DNS Response

    106.55.175.231
    81.71.21.194

  • 8.8.8.8:53
    my.37.com
    dns
    downhill.exe
    55 B
     107 B
     1
    1

    DNS Request

    my.37.com

    DNS Response

    81.71.10.131
    42.194.153.154

  • 8.8.8.8:53
    cm.he2d.com
    dns
    downhill.exe
    57 B
     118 B
     1
    1

    DNS Request

    cm.he2d.com

    DNS Response

    139.9.125.189
    193.112.116.230

  • 8.8.8.8:53
    cookiem.37.com
    dns
    downhill.exe
    60 B
     145 B
     1
    1

    DNS Request

    cookiem.37.com

    DNS Response

    139.9.125.189
    193.112.116.230

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\downhill\Lander.ini
    Filesize

    385B

    MD5

    a8b026c95775d16f527120d350cc3631

    SHA1

    a2a8133b83bec4a9f0baaada4f303cec885d12ba

    SHA256

    f3affca4ff95be62d54dfc2d3ec38a40e7fd035321ee63fe95b9d941a5735527

    SHA512

    c138c9a37283b9dece201067a55371c0e43209a1c4249fb84194a3e81d05a9e5e90ebf914001a4c9d82203efa2966c8ad2b70c126bc240c9d31aa10d3590ffc0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\downhill\Lander.ini
    Filesize

    448B

    MD5

    e70cd03f8ea64e0fe70e9bf7e24c4d0f

    SHA1

    f8f3e79505ddf9abfd7db5079a34463926ff52e8

    SHA256

    7e08b3b37da8376f312d6149a070ef3f203a52919599cf177599e83560c78672

    SHA512

    0daeb04ab21acb12fce040ee5bd5d007675527fcc8109292a24d9c3e264ad1de0676c83669186ecc555700436c0a76d141d3b12e8fce42ef482cf00285393967

    Download Submit

  • C:\Users\Admin\AppData\Roaming\downhill\Lander.ini
    Filesize

    448B

    MD5

    e70cd03f8ea64e0fe70e9bf7e24c4d0f

    SHA1

    f8f3e79505ddf9abfd7db5079a34463926ff52e8

    SHA256

    7e08b3b37da8376f312d6149a070ef3f203a52919599cf177599e83560c78672

    SHA512

    0daeb04ab21acb12fce040ee5bd5d007675527fcc8109292a24d9c3e264ad1de0676c83669186ecc555700436c0a76d141d3b12e8fce42ef482cf00285393967

    Download Submit

  • C:\Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • C:\Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • C:\Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • C:\Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • C:\Users\Admin\AppData\Roaming\downhill\lander.ini
    Filesize

    404B

    MD5

    dc9c63a7f4e6edd809e6ecf53ff9fe20

    SHA1

    84f4ee14918b5a353eee1c6f99206e7845aa1269

    SHA256

    c0c85d0f3b78062b6e8dc30f147ee50e134421909f483764f3d427155e9be153

    SHA512

    aecb8eb2da8cdfe960b14d8922247a45e34a9919c65b12538afad91ba8e47be604f4fe0d7b0ef554ca3a9165bb708e125654593ffaad069c4fab0466ce1c25a8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstACE5.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstACE5.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • \Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • \Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • \Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • \Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • \Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • \Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • \Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • \Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • \Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • \Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • \Users\Admin\AppData\Roaming\downhill\downhill.exe
    Filesize

    1.3MB

    MD5

    ce25a1dd39160a76c2897033a6994b16

    SHA1

    d8fc1e6b7ede9c4aa9322607a2f9d10c423945de

    SHA256

    53822e59b4ae7c2df39d938e0a4b96f4cde12c1bdd639866e9737c996c0dc4c8

    SHA512

    a93653b7715b8ed010dcce07da0edd905203c5cf03182341de5e926f16d3f8cad3e70eda55ed8856a3f72e2570df83d82986ed2a328bd2f40b276a6d76458f65

    Download Submit

  • memory/892-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

    Filesize

    8KB

    Download

  • memory/892-58-0x00000000003C0000-0x00000000003C3000-memory.dmp

    Filesize

    12KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.