ed461f397dab8a4a585c8f26a56e22b546d88fa9ccbf7b9b7c6c37fa358c2dc4

Analysis

max time kernel
141s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 18:36 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d08f40d2995e327f8128c8e452ab8d5_JaffaCakes118.html
Size

18KB
MD5

0d08f40d2995e327f8128c8e452ab8d5
SHA1

bcc0d0a71de84bdbf0f2e61e5f0594ced4ba3c72
SHA256

ed461f397dab8a4a585c8f26a56e22b546d88fa9ccbf7b9b7c6c37fa358c2dc4
SHA512

045d40a24b42fc912487a2332030a401312dc96109c76b74caab76bb9d64724885c10de981139638c8993d5d612e11bf2939dd6a754ac185ecbaf4684bf1110d
SSDEEP

384:SIPW9do2tCsuzBEtDttQjt/DE1Zinl3I3iK:S7do+En4X

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e000000000200000000001066000000010000200000008ca342d4a74bdbff21dd8f81cdbf1ae04a51a3bbbb9ea533e70187185f0e2dc0000000000e80000000020000200000005cfcb0cc1cc0aa034181c21243bd1d96b6c591cbfb44174034d014e2011a98482000000042bf2d1f3dc9ceb02bbd6aaed7da7377aa2125b9311ef3644cad0587c125775240000000d44836b51533b2f6328c9e42f07ef31a43b12769ae0ac525de1b80b9a5ea9a79738c397091bfbcc6e7c0ed57616de6b675a77073838e901ec641e357c9639194	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000adc90e94306c404d7e23d59558228eb1156155858f92621b4d8bac2b759ea191000000000e8000000002000020000000fa7e67defb2d2fd9c808c9d987ddbb5a7337e7eb969c1e796ebc0e5ee027799c90000000cd662762c9c4aaea1d52905fe2d7528b943e42f09e120423c2c813a829f1857107c55127745dcc87bbe3ac1fbf9d44fea5769499ae0eda558af812cc576e540d087e228de3e12f064b185893470612bc2037c4aea5c32ee5eaf5f248b8173017bd7950c73267d53c2f6decb78646040176e858138cead38f51fbfdcf210139363a7b89f84a291353acdb56b69fbcb0af400000002e27eb6a22752a9b5a76eaf45ee6fbd20b5d3bbffc1ec1e4d3227b2d5f6cd5c640dea63c2455117fa7006959a3f36c4c4ddbe7698430d30e879ad71b2812578d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{21A1D611-ED32-11EE-8414-4A4F109F65B0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417812874"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60a0a0f93e81da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3000	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3000	iexplore.exe
3000	iexplore.exe
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2208	3000	iexplore.exe	28
PID 3000 wrote to memory of 2208	3000	iexplore.exe	28
PID 3000 wrote to memory of 2208	3000	iexplore.exe	28
PID 3000 wrote to memory of 2208	3000	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0d08f40d2995e327f8128c8e452ab8d5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2208

Network

DNS

wpa.qq.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wpa.qq.com

IN A

Response

wpa.qq.com

IN CNAME

ins-7syfzeku.ias.tencent-cloud.net

ins-7syfzeku.ias.tencent-cloud.net

IN A

43.159.234.172

ins-7syfzeku.ias.tencent-cloud.net

IN A

43.129.2.11
DNS

www.cqgseb.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.cqgseb.cn

IN A

Response

www.cqgseb.cn

IN A

104.21.61.159

www.cqgseb.cn

IN A

172.67.211.142
GET

http://www.cqgseb.cn/ztgsgl/WebMonitor/GUILayer/eImgMana/gshdimg.aspx?sfdm=120120531162802561631

IEXPLORE.EXE

Remote address:

104.21.61.159:80

Request

GET /ztgsgl/WebMonitor/GUILayer/eImgMana/gshdimg.aspx?sfdm=120120531162802561631 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.cqgseb.cn
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ggdONDUXXuHoRbSiI0ycWeQJFgyHC046Ha2Atp0KBkjiqOnR1Y6Enmpv%2BKe3PWOL9Nqk9z0RjV01DTzpHXBBAU0gyK1Wj2cX9YqN%2BRquHoBC%2B62sgNZ3eAywA1OB9JIx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 86b9ba553fe9778f-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

hm.baidu.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

hm.baidu.com

IN A

Response

hm.baidu.com

IN CNAME

hm.e.shifen.com

hm.e.shifen.com

IN A

103.235.46.191
GET

http://hm.baidu.com/h.js?e750b7d0b07d3d36bc32cb07fa55f9cd

IEXPLORE.EXE

Remote address:

103.235.46.191:80

Request

GET /h.js?e750b7d0b07d3d36bc32cb07fa55f9cd HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: hm.baidu.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://hm.baidu.com/h.js?e750b7d0b07d3d36bc32cb07fa55f9cd
Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Length: 93
Content-Type: text/html; charset=utf-8
GET

http://wpa.qq.com/pa?p=4:981861837:4

IEXPLORE.EXE

Remote address:

43.159.234.172:80

Request

GET /pa?p=4:981861837:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: stgw
Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://wpa.qq.com/pa?p=4:981861837:4
GET

http://wpa.qq.com/pa?p=4:850184862:4

IEXPLORE.EXE

Remote address:

43.159.234.172:80

Request

GET /pa?p=4:850184862:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: stgw
Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://wpa.qq.com/pa?p=4:850184862:4
GET

http://wpa.qq.com/pa?p=4:759166810:4

IEXPLORE.EXE

Remote address:

43.159.234.172:80

Request

GET /pa?p=4:759166810:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: stgw
Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://wpa.qq.com/pa?p=4:759166810:4
GET

http://wpa.qq.com/pa?p=4:823580614:4

IEXPLORE.EXE

Remote address:

43.159.234.172:80

Request

GET /pa?p=4:823580614:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: stgw
Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://wpa.qq.com/pa?p=4:823580614:4
GET

http://wpa.qq.com/pa?p=4:893315515:4

IEXPLORE.EXE

Remote address:

43.159.234.172:80

Request

GET /pa?p=4:893315515:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: stgw
Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://wpa.qq.com/pa?p=4:893315515:4
GET

http://wpa.qq.com/pa?p=4:915901392:4

IEXPLORE.EXE

Remote address:

43.159.234.172:80

Request

GET /pa?p=4:915901392:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: stgw
Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://wpa.qq.com/pa?p=4:915901392:4
GET

http://wpa.qq.com/pa?p=4:1024841981:4

IEXPLORE.EXE

Remote address:

43.159.234.172:80

Request

GET /pa?p=4:1024841981:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: stgw
Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://wpa.qq.com/pa?p=4:1024841981:4
GET

http://wpa.qq.com/pa?p=4:867547869:4

IEXPLORE.EXE

Remote address:

43.159.234.172:80

Request

GET /pa?p=4:867547869:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: stgw
Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://wpa.qq.com/pa?p=4:867547869:4
GET

http://wpa.qq.com/pa?p=4:996006258:4

IEXPLORE.EXE

Remote address:

43.159.234.172:80

Request

GET /pa?p=4:996006258:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: stgw
Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://wpa.qq.com/pa?p=4:996006258:4
GET

http://wpa.qq.com/pa?p=4:871997928:4

IEXPLORE.EXE

Remote address:

43.159.234.172:80

Request

GET /pa?p=4:871997928:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: stgw
Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://wpa.qq.com/pa?p=4:871997928:4
GET

http://wpa.qq.com/pa?p=4:1012646163:4

IEXPLORE.EXE

Remote address:

43.159.234.172:80

Request

GET /pa?p=4:1012646163:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: stgw
Date: Thu, 28 Mar 2024 18:36:49 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://wpa.qq.com/pa?p=4:1012646163:4
GET

https://hm.baidu.com/h.js?e750b7d0b07d3d36bc32cb07fa55f9cd

IEXPLORE.EXE

Remote address:

103.235.46.191:443

Request

GET /h.js?e750b7d0b07d3d36bc32cb07fa55f9cd HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: hm.baidu.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Length: 0
Date: Thu, 28 Mar 2024 18:36:51 GMT
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: text/plain; charset=utf-8
GET

https://wpa.qq.com/pa?p=4:823580614:4

IEXPLORE.EXE

Remote address:

43.159.234.172:443

Request

GET /pa?p=4:823580614:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 28 Mar 2024 18:36:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
GET

https://wpa.qq.com/pa?p=4:893315515:4

IEXPLORE.EXE

Remote address:

43.159.234.172:443

Request

GET /pa?p=4:893315515:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 28 Mar 2024 18:36:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
GET

https://wpa.qq.com/pa?p=4:981861837:4

IEXPLORE.EXE

Remote address:

43.159.234.172:443

Request

GET /pa?p=4:981861837:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 28 Mar 2024 18:36:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
GET

https://wpa.qq.com/pa?p=4:996006258:4

IEXPLORE.EXE

Remote address:

43.159.234.172:443

Request

GET /pa?p=4:996006258:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 28 Mar 2024 18:36:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
GET

https://wpa.qq.com/pa?p=4:915901392:4

IEXPLORE.EXE

Remote address:

43.159.234.172:443

Request

GET /pa?p=4:915901392:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 28 Mar 2024 18:36:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
GET

https://wpa.qq.com/pa?p=4:871997928:4

IEXPLORE.EXE

Remote address:

43.159.234.172:443

Request

GET /pa?p=4:871997928:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 28 Mar 2024 18:36:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
GET

https://wpa.qq.com/pa?p=4:759166810:4

IEXPLORE.EXE

Remote address:

43.159.234.172:443

Request

GET /pa?p=4:759166810:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 28 Mar 2024 18:36:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
GET

https://wpa.qq.com/pa?p=4:1012646163:4

IEXPLORE.EXE

Remote address:

43.159.234.172:443

Request

GET /pa?p=4:1012646163:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 28 Mar 2024 18:36:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
GET

https://wpa.qq.com/pa?p=4:850184862:4

IEXPLORE.EXE

Remote address:

43.159.234.172:443

Request

GET /pa?p=4:850184862:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 28 Mar 2024 18:36:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
GET

https://wpa.qq.com/pa?p=4:1024841981:4

IEXPLORE.EXE

Remote address:

43.159.234.172:443

Request

GET /pa?p=4:1024841981:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 28 Mar 2024 18:36:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
GET

https://wpa.qq.com/pa?p=4:867547869:4

IEXPLORE.EXE

Remote address:

43.159.234.172:443

Request

GET /pa?p=4:867547869:4 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 28 Mar 2024 18:36:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
DNS

ocsp.digicert.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.digicert.cn

IN A

Response

ocsp.digicert.cn

IN CNAME

ocsp.digicert.cn.w.cdngslb.com

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.243

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.248

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.249

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.239

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.240

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.244

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.241

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.242
DNS

ocsp.digicert.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.digicert.cn

IN A

Response

ocsp.digicert.cn

IN CNAME

ocsp.digicert.cn.w.cdngslb.com

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.243

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.248

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.239

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.244

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.242

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.249

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.240

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.241
DNS

ocsp.digicert.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.digicert.cn

IN A

Response

ocsp.digicert.cn

IN CNAME

ocsp.digicert.cn.w.cdngslb.com

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.243

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.248

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.249

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.239

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.240

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.244

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.241

ocsp.digicert.cn.w.cdngslb.com

IN A

163.181.154.242
GET

http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3D

IEXPLORE.EXE

Remote address:

163.181.154.243:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Thu, 28 Mar 2024 18:35:01 GMT
Ali-Swift-Global-Savetime: 1711650901
Via: cache34.l2fr1[356,113,200-0,C], cache15.l2fr1[115,0], ens-cache19.gb4[0,0,200-0,H], ens-cache26.gb4[0,0]
Age: 109
X-Cache: HIT TCP_MEM_HIT dirn:10:9624855
X-Swift-SaveTime: Thu, 28 Mar 2024 18:35:01 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59aae17116510107956361e
GET

http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA5Z6OBcFD8WYQNao%2BF7KoQ%3D

IEXPLORE.EXE

Remote address:

163.181.154.243:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA5Z6OBcFD8WYQNao%2BF7KoQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Thu, 28 Mar 2024 18:33:09 GMT
Ali-Swift-Global-Savetime: 1711650789
Via: cache40.l2fr1[0,0,200-0,H], cache17.l2fr1[1,0], ens-cache22.gb4[19,18,200-0,M], ens-cache26.gb4[21,0]
Age: 221
X-Cache: MISS TCP_REFRESH_MISS dirn:10:203705595
X-Swift-SaveTime: Thu, 28 Mar 2024 18:36:50 GMT
X-Swift-CacheTime: 3379
Timing-Allow-Origin: *
EagleId: a3b59aae17116510108536431e
GET

http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3D

IEXPLORE.EXE

Remote address:

163.181.154.243:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Thu, 28 Mar 2024 18:35:01 GMT
Ali-Swift-Global-Savetime: 1711650901
Via: cache34.l2fr1[356,113,200-0,C], cache15.l2fr1[115,0], ens-cache19.gb4[0,0,200-0,H], ens-cache24.gb4[0,0]
Age: 109
X-Cache: HIT TCP_MEM_HIT dirn:10:9624855
X-Swift-SaveTime: Thu, 28 Mar 2024 18:35:01 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59aac17116510108008820e
GET

http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA5Z6OBcFD8WYQNao%2BF7KoQ%3D

IEXPLORE.EXE

Remote address:

163.181.154.243:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA5Z6OBcFD8WYQNao%2BF7KoQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Thu, 28 Mar 2024 18:33:09 GMT
Ali-Swift-Global-Savetime: 1711650789
Via: cache40.l2fr1[0,0,200-0,H], cache17.l2fr1[1,0], ens-cache22.gb4[19,8,200-0,C], ens-cache24.gb4[10,0]
Age: 221
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
X-Swift-SaveTime: Thu, 28 Mar 2024 18:36:50 GMT
X-Swift-CacheTime: 3379
Timing-Allow-Origin: *
EagleId: a3b59aac17116510108658914e
GET

http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3D

IEXPLORE.EXE

Remote address:

163.181.154.243:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Thu, 28 Mar 2024 18:35:01 GMT
Ali-Swift-Global-Savetime: 1711650901
Via: cache34.l2fr1[356,113,200-0,C], cache15.l2fr1[115,0], ens-cache19.gb4[0,0,200-0,H], ens-cache2.gb4[1,0]
Age: 109
X-Cache: HIT TCP_MEM_HIT dirn:10:9624855
X-Swift-SaveTime: Thu, 28 Mar 2024 18:35:01 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59a9617116510108281751e
GET

http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA5Z6OBcFD8WYQNao%2BF7KoQ%3D

IEXPLORE.EXE

Remote address:

163.181.154.243:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA5Z6OBcFD8WYQNao%2BF7KoQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Thu, 28 Mar 2024 18:33:09 GMT
Ali-Swift-Global-Savetime: 1711650789
Via: cache40.l2fr1[0,0,200-0,H], cache17.l2fr1[1,0], ens-cache22.gb4[0,0,200-0,H], ens-cache2.gb4[0,0]
Age: 221
X-Cache: HIT TCP_MEM_HIT dirn:9:353290197
X-Swift-SaveTime: Thu, 28 Mar 2024 18:36:50 GMT
X-Swift-CacheTime: 3379
Timing-Allow-Origin: *
EagleId: a3b59a9617116510109361871e
DNS

pub.idqqimg.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

pub.idqqimg.com

IN A

Response

pub.idqqimg.com

IN CNAME

pub.idqqimg.com.tc.qq.com

pub.idqqimg.com.tc.qq.com

IN CNAME

pub.idqqimg.com.sched.legopic1.tdnsv6.com

pub.idqqimg.com.sched.legopic1.tdnsv6.com

IN A

203.205.136.81

pub.idqqimg.com.sched.legopic1.tdnsv6.com

IN A

203.205.136.105

pub.idqqimg.com.sched.legopic1.tdnsv6.com

IN A

203.205.137.184

pub.idqqimg.com.sched.legopic1.tdnsv6.com

IN A

203.205.137.227

pub.idqqimg.com.sched.legopic1.tdnsv6.com

IN A

203.205.137.72
GET

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:80

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Content-Length: 0
X-NWS-LOG-UUID: 7514086348055755539
Connection: keep-alive
Server: Lego Server
Date: Thu, 28 Mar 2024 18:36:52 GMT
X-Cache-Lookup: Return Directly
Vary: Origin
Cache-Control: max-age=86400
GET

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:80

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Content-Length: 0
X-NWS-LOG-UUID: 7568744623641896455
Connection: keep-alive
Server: Lego Server
Date: Thu, 28 Mar 2024 18:36:52 GMT
X-Cache-Lookup: Return Directly
Vary: Origin
Cache-Control: max-age=86400
GET

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:80

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Content-Length: 0
X-NWS-LOG-UUID: 5232408485527185426
Connection: keep-alive
Server: Lego Server
Date: Thu, 28 Mar 2024 18:36:52 GMT
X-Cache-Lookup: Return Directly
Vary: Origin
Cache-Control: max-age=86400
GET

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:80

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Content-Length: 0
X-NWS-LOG-UUID: 14733027689761078065
Connection: keep-alive
Server: Lego Server
Date: Thu, 28 Mar 2024 18:36:52 GMT
X-Cache-Lookup: Return Directly
Vary: Origin
Cache-Control: max-age=86400
GET

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:80

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Content-Length: 0
X-NWS-LOG-UUID: 16833117575964266408
Connection: keep-alive
Server: Lego Server
Date: Thu, 28 Mar 2024 18:36:52 GMT
X-Cache-Lookup: Return Directly
Vary: Origin
Cache-Control: max-age=86400
GET

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:80

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Content-Length: 0
X-NWS-LOG-UUID: 14572059138721758025
Connection: keep-alive
Server: Lego Server
Date: Thu, 28 Mar 2024 18:36:52 GMT
X-Cache-Lookup: Return Directly
Vary: Origin
Cache-Control: max-age=86400
GET

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:80

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Content-Length: 0
X-NWS-LOG-UUID: 11316597414830842781
Connection: keep-alive
Server: Lego Server
Date: Thu, 28 Mar 2024 18:36:52 GMT
X-Cache-Lookup: Return Directly
Vary: Origin
Cache-Control: max-age=86400
GET

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:80

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Content-Length: 0
X-NWS-LOG-UUID: 14251375460792101646
Connection: keep-alive
Server: Lego Server
Date: Thu, 28 Mar 2024 18:36:52 GMT
X-Cache-Lookup: Return Directly
Vary: Origin
Cache-Control: max-age=86400
GET

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:80

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Content-Length: 0
X-NWS-LOG-UUID: 15142901960005434
Connection: keep-alive
Server: Lego Server
Date: Thu, 28 Mar 2024 18:36:52 GMT
X-Cache-Lookup: Return Directly
Vary: Origin
Cache-Control: max-age=86400
GET

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:80

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Content-Length: 0
X-NWS-LOG-UUID: 2875671342072532786
Connection: keep-alive
Server: Lego Server
Date: Thu, 28 Mar 2024 18:36:52 GMT
X-Cache-Lookup: Return Directly
Vary: Origin
Cache-Control: max-age=86400
GET

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:80

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif
Content-Length: 0
X-NWS-LOG-UUID: 3368101255575364772
Connection: keep-alive
Server: Lego Server
Date: Thu, 28 Mar 2024 18:36:52 GMT
X-Cache-Lookup: Return Directly
Vary: Origin
Cache-Control: max-age=86400
GET

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:443

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 23 Oct 2022 20:14:50 GMT
Server: NWS_SSD_MID
Date: Wed, 15 Nov 2023 07:56:37 GMT
Expires: Sat, 18 Nov 2023 07:56:37 GMT
Content-Type: image/gif
X-Verify-Code: 60cfd7bb219b39947906604bf8a7e970
X-Daa-Tunnel: hop_count=1
Age: 12900
Content-Length: 1303
Accept-Ranges: bytes
X-NWS-LOG-UUID: 7521058343448037036
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Vary: Origin
Cache-Control: max-age=86400
GET

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:443

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 23 Oct 2022 20:14:50 GMT
Server: NWS_SSD_MID
Date: Wed, 15 Nov 2023 07:56:37 GMT
Expires: Sat, 18 Nov 2023 07:56:37 GMT
Content-Type: image/gif
X-Verify-Code: 60cfd7bb219b39947906604bf8a7e970
X-Daa-Tunnel: hop_count=1
Age: 12901
Content-Length: 1303
Accept-Ranges: bytes
X-NWS-LOG-UUID: 10752428865572163995
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Vary: Origin
Cache-Control: max-age=86400
GET

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:443

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 23 Oct 2022 20:14:50 GMT
Server: NWS_SSD_MID
Date: Wed, 15 Nov 2023 07:56:37 GMT
Expires: Sat, 18 Nov 2023 07:56:37 GMT
Content-Type: image/gif
X-Verify-Code: 60cfd7bb219b39947906604bf8a7e970
X-Daa-Tunnel: hop_count=1
Age: 12900
Content-Length: 1303
Accept-Ranges: bytes
X-NWS-LOG-UUID: 7313572198143277449
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Vary: Origin
Cache-Control: max-age=86400
GET

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:443

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 23 Oct 2022 20:14:50 GMT
Server: NWS_SSD_MID
Date: Wed, 15 Nov 2023 07:56:37 GMT
Expires: Sat, 18 Nov 2023 07:56:37 GMT
Content-Type: image/gif
X-Verify-Code: 60cfd7bb219b39947906604bf8a7e970
X-Daa-Tunnel: hop_count=1
Age: 12900
Content-Length: 1303
Accept-Ranges: bytes
X-NWS-LOG-UUID: 8917021707635843300
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Vary: Origin
Cache-Control: max-age=86400
GET

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:443

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 23 Oct 2022 20:14:50 GMT
Server: NWS_SSD_MID
Date: Wed, 15 Nov 2023 07:56:37 GMT
Expires: Sat, 18 Nov 2023 07:56:37 GMT
Content-Type: image/gif
X-Verify-Code: 60cfd7bb219b39947906604bf8a7e970
X-Daa-Tunnel: hop_count=1
Age: 12901
Content-Length: 1303
Accept-Ranges: bytes
X-NWS-LOG-UUID: 6815270835704087462
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Vary: Origin
Cache-Control: max-age=86400
GET

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:443

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 23 Oct 2022 20:14:50 GMT
Server: NWS_SSD_MID
Date: Wed, 15 Nov 2023 07:56:37 GMT
Expires: Sat, 18 Nov 2023 07:56:37 GMT
Content-Type: image/gif
X-Verify-Code: 60cfd7bb219b39947906604bf8a7e970
X-Daa-Tunnel: hop_count=1
Age: 12901
Content-Length: 1303
Accept-Ranges: bytes
X-NWS-LOG-UUID: 4659958568421191307
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Vary: Origin
Cache-Control: max-age=86400
GET

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:443

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 23 Oct 2022 20:14:50 GMT
Server: NWS_SSD_MID
Date: Wed, 15 Nov 2023 07:56:37 GMT
Expires: Sat, 18 Nov 2023 07:56:37 GMT
Content-Type: image/gif
X-Verify-Code: 60cfd7bb219b39947906604bf8a7e970
X-Daa-Tunnel: hop_count=1
Age: 12901
Content-Length: 1303
Accept-Ranges: bytes
X-NWS-LOG-UUID: 1029777096993189891
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Vary: Origin
Cache-Control: max-age=86400
DNS

ocsp.dcocsp.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.dcocsp.cn

IN A

Response

ocsp.dcocsp.cn

IN CNAME

ocsp.dcocsp.cn.w.kunlunar.com

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.243

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.248

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.244

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.241

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.239

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.242

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.249

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.240
GET

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:443

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 23 Oct 2022 20:14:50 GMT
Server: NWS_SSD_MID
Date: Wed, 15 Nov 2023 07:56:37 GMT
Expires: Sat, 18 Nov 2023 07:56:37 GMT
Content-Type: image/gif
X-Verify-Code: 60cfd7bb219b39947906604bf8a7e970
X-Daa-Tunnel: hop_count=1
Age: 12900
Content-Length: 1303
Accept-Ranges: bytes
X-NWS-LOG-UUID: 9896395719372279265
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Vary: Origin
Cache-Control: max-age=86400
GET

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:443

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 23 Oct 2022 20:14:50 GMT
Server: NWS_SSD_MID
Date: Wed, 15 Nov 2023 07:56:37 GMT
Expires: Sat, 18 Nov 2023 07:56:37 GMT
Content-Type: image/gif
X-Verify-Code: 60cfd7bb219b39947906604bf8a7e970
X-Daa-Tunnel: hop_count=1
Age: 12901
Content-Length: 1303
Accept-Ranges: bytes
X-NWS-LOG-UUID: 16346035382060006864
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Vary: Origin
Cache-Control: max-age=86400
DNS

ocsp.dcocsp.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.dcocsp.cn

IN A

Response

ocsp.dcocsp.cn

IN CNAME

ocsp.dcocsp.cn.w.kunlunar.com

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.240

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.243

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.242

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.244

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.249

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.241

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.239

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.248
DNS

ocsp.dcocsp.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.dcocsp.cn

IN A

Response

ocsp.dcocsp.cn

IN CNAME

ocsp.dcocsp.cn.w.kunlunar.com

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.239

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.240

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.242

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.249

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.243

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.241

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.248

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.244
DNS

ocsp.dcocsp.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.dcocsp.cn

IN A

Response

ocsp.dcocsp.cn

IN CNAME

ocsp.dcocsp.cn.w.kunlunar.com

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.242

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.249

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.241

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.240

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.243

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.239

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.244

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.248
DNS

ocsp.dcocsp.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.dcocsp.cn

IN A

Response

ocsp.dcocsp.cn

IN CNAME

ocsp.dcocsp.cn.w.kunlunar.com

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.243

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.249

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.239

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.242

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.241

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.248

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.244

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.240
DNS

ocsp.dcocsp.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.dcocsp.cn

IN A

Response

ocsp.dcocsp.cn

IN CNAME

ocsp.dcocsp.cn.w.kunlunar.com

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.249

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.239

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.240

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.241

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.242

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.243

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.244

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.248
DNS

ocsp.dcocsp.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.dcocsp.cn

IN A

Response

ocsp.dcocsp.cn

IN CNAME

ocsp.dcocsp.cn.w.kunlunar.com

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.242

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.248

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.244

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.241

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.239

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.243

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.249

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.154.240
GET

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

IEXPLORE.EXE

Remote address:

163.181.154.243:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.dcocsp.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 28 Mar 2024 18:27:06 GMT
Ali-Swift-Global-Savetime: 1711650426
Via: cache16.l2fr1[213,212,200-0,M], cache39.l2fr1[213,0], ens-cache4.gb4[0,0,200-0,H], ens-cache28.gb4[0,0]
Age: 587
X-Cache: HIT TCP_MEM_HIT dirn:11:391240408
X-Swift-SaveTime: Thu, 28 Mar 2024 18:27:06 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59ab017116510136926886e
GET

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEA%2BeJjBpNYxBgP3UUDzaNWo%3D

IEXPLORE.EXE

Remote address:

163.181.154.243:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEA%2BeJjBpNYxBgP3UUDzaNWo%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.dcocsp.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 28 Mar 2024 17:57:46 GMT
Ali-Swift-Global-Savetime: 1711648666
Via: cache19.l2fr1[213,156,200-0,C], cache29.l2fr1[157,0], ens-cache13.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
Age: 2347
X-Cache: HIT TCP_MEM_HIT dirn:9:131537314
X-Swift-SaveTime: Thu, 28 Mar 2024 17:57:46 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59ab017116510137476958e
GET

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

IEXPLORE.EXE

Remote address:

163.181.154.243:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.dcocsp.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 28 Mar 2024 18:27:06 GMT
Ali-Swift-Global-Savetime: 1711650426
Via: cache16.l2fr1[213,212,200-0,M], cache39.l2fr1[213,0], ens-cache4.gb4[0,0,200-0,H], ens-cache26.gb4[1,0]
Age: 587
X-Cache: HIT TCP_MEM_HIT dirn:11:391240408
X-Swift-SaveTime: Thu, 28 Mar 2024 18:27:06 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59aae17116510136952836e
GET

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEA%2BeJjBpNYxBgP3UUDzaNWo%3D

IEXPLORE.EXE

Remote address:

163.181.154.243:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEA%2BeJjBpNYxBgP3UUDzaNWo%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.dcocsp.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 28 Mar 2024 17:57:46 GMT
Ali-Swift-Global-Savetime: 1711648666
Via: cache19.l2fr1[213,156,200-0,C], cache29.l2fr1[157,0], ens-cache13.gb4[0,0,200-0,H], ens-cache26.gb4[1,0]
Age: 2347
X-Cache: HIT TCP_MEM_HIT dirn:9:131537314
X-Swift-SaveTime: Thu, 28 Mar 2024 17:57:46 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59aae17116510137532920e
GET

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

IEXPLORE.EXE

Remote address:

163.181.154.240:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.dcocsp.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 28 Mar 2024 18:27:06 GMT
Ali-Swift-Global-Savetime: 1711650426
Via: cache16.l2fr1[213,212,200-0,M], cache39.l2fr1[213,0], ens-cache4.gb4[0,0,200-0,H], ens-cache24.gb4[1,0]
Age: 587
X-Cache: HIT TCP_MEM_HIT dirn:11:391240408
X-Swift-SaveTime: Thu, 28 Mar 2024 18:27:06 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59aac17116510137484996e
GET

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:443

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 23 Oct 2022 20:14:50 GMT
Server: NWS_SSD_MID
Date: Wed, 15 Nov 2023 07:56:37 GMT
Expires: Sat, 18 Nov 2023 07:56:37 GMT
Content-Type: image/gif
X-Verify-Code: 60cfd7bb219b39947906604bf8a7e970
X-Daa-Tunnel: hop_count=1
Age: 12901
Content-Length: 1303
Accept-Ranges: bytes
X-NWS-LOG-UUID: 15692752241656875255
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Vary: Origin
Cache-Control: max-age=86400
GET

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

IEXPLORE.EXE

Remote address:

203.205.136.81:443

Request

GET /qconn/wpa/button/button_old_41.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pub.idqqimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 23 Oct 2022 20:14:50 GMT
Server: NWS_SSD_MID
Date: Wed, 15 Nov 2023 07:56:37 GMT
Expires: Sat, 18 Nov 2023 07:56:37 GMT
Content-Type: image/gif
X-Verify-Code: 60cfd7bb219b39947906604bf8a7e970
X-Daa-Tunnel: hop_count=1
Age: 12901
Content-Length: 1303
Accept-Ranges: bytes
X-NWS-LOG-UUID: 7788551945650961622
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Vary: Origin
Cache-Control: max-age=86400
GET

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

IEXPLORE.EXE

Remote address:

163.181.154.239:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.dcocsp.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 28 Mar 2024 18:27:06 GMT
Ali-Swift-Global-Savetime: 1711650426
Via: cache16.l2fr1[213,212,200-0,M], cache39.l2fr1[213,0], ens-cache4.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
Age: 587
X-Cache: HIT TCP_MEM_HIT dirn:11:391240408
X-Swift-SaveTime: Thu, 28 Mar 2024 18:27:06 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59ab017116510137766998e
GET

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

IEXPLORE.EXE

Remote address:

163.181.154.242:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.dcocsp.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 28 Mar 2024 18:27:06 GMT
Ali-Swift-Global-Savetime: 1711650426
Via: cache16.l2fr1[213,212,200-0,M], cache39.l2fr1[213,0], ens-cache4.gb4[0,0,200-0,H], ens-cache6.gb4[0,0]
Age: 587
X-Cache: HIT TCP_MEM_HIT dirn:11:391240408
X-Swift-SaveTime: Thu, 28 Mar 2024 18:27:06 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59a9a17116510138551952e
GET

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

IEXPLORE.EXE

Remote address:

163.181.154.243:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.dcocsp.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 28 Mar 2024 18:27:06 GMT
Ali-Swift-Global-Savetime: 1711650426
Via: cache16.l2fr1[213,212,200-0,M], cache39.l2fr1[213,0], ens-cache4.gb4[0,0,200-0,H], ens-cache23.gb4[0,0]
Age: 587
X-Cache: HIT TCP_MEM_HIT dirn:11:391240408
X-Swift-SaveTime: Thu, 28 Mar 2024 18:27:06 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59aab17116510138634418e
GET

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

IEXPLORE.EXE

Remote address:

163.181.154.249:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.dcocsp.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 28 Mar 2024 18:27:06 GMT
Ali-Swift-Global-Savetime: 1711650426
Via: cache16.l2fr1[213,212,200-0,M], cache39.l2fr1[213,0], ens-cache4.gb4[0,0,200-0,H], ens-cache28.gb4[0,0]
Age: 587
X-Cache: HIT TCP_MEM_HIT dirn:11:391240408
X-Swift-SaveTime: Thu, 28 Mar 2024 18:27:06 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59ab017116510138857156e
GET

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

IEXPLORE.EXE

Remote address:

163.181.154.242:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.dcocsp.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 28 Mar 2024 18:27:06 GMT
Ali-Swift-Global-Savetime: 1711650426
Via: cache16.l2fr1[213,212,200-0,M], cache39.l2fr1[213,0], ens-cache4.gb4[0,0,200-0,H], ens-cache15.gb4[0,0]
Age: 587
X-Cache: HIT TCP_MEM_HIT dirn:11:391240408
X-Swift-SaveTime: Thu, 28 Mar 2024 18:27:06 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: a3b59aa317116510139488587e
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.17.5.133
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.17.5.133

104.21.61.159:80

http://www.cqgseb.cn/ztgsgl/WebMonitor/GUILayer/eImgMana/gshdimg.aspx?sfdm=120120531162802561631

http

IEXPLORE.EXE

599 B
921 B
6
5

HTTP Request

GET http://www.cqgseb.cn/ztgsgl/WebMonitor/GUILayer/eImgMana/gshdimg.aspx?sfdm=120120531162802561631

HTTP Response

404
104.21.61.159:80

www.cqgseb.cn

IEXPLORE.EXE

466 B
92 B
10
2
103.235.46.191:80

hm.baidu.com

IEXPLORE.EXE

374 B
52 B
8
1
103.235.46.191:80

http://hm.baidu.com/h.js?e750b7d0b07d3d36bc32cb07fa55f9cd

http

IEXPLORE.EXE

1.1kB
1.3kB
17
10

HTTP Request

GET http://hm.baidu.com/h.js?e750b7d0b07d3d36bc32cb07fa55f9cd

HTTP Response

301
43.159.234.172:80

http://wpa.qq.com/pa?p=4:981861837:4

http

IEXPLORE.EXE

506 B
513 B
5
4

HTTP Request

GET http://wpa.qq.com/pa?p=4:981861837:4

HTTP Response

302
43.159.234.172:80

http://wpa.qq.com/pa?p=4:850184862:4

http

IEXPLORE.EXE

506 B
513 B
5
4

HTTP Request

GET http://wpa.qq.com/pa?p=4:850184862:4

HTTP Response

302
43.159.234.172:80

http://wpa.qq.com/pa?p=4:759166810:4

http

IEXPLORE.EXE

506 B
513 B
5
4

HTTP Request

GET http://wpa.qq.com/pa?p=4:759166810:4

HTTP Response

302
43.159.234.172:80

http://wpa.qq.com/pa?p=4:893315515:4

http

IEXPLORE.EXE

822 B
934 B
6
6

HTTP Request

GET http://wpa.qq.com/pa?p=4:823580614:4

HTTP Response

302

HTTP Request

GET http://wpa.qq.com/pa?p=4:893315515:4

HTTP Response

302
43.159.234.172:80

http://wpa.qq.com/pa?p=4:915901392:4

http

IEXPLORE.EXE

506 B
513 B
5
4

HTTP Request

GET http://wpa.qq.com/pa?p=4:915901392:4

HTTP Response

302
43.159.234.172:80

http://wpa.qq.com/pa?p=4:1024841981:4

http

IEXPLORE.EXE

507 B
514 B
5
4

HTTP Request

GET http://wpa.qq.com/pa?p=4:1024841981:4

HTTP Response

302
43.159.234.172:80

http://wpa.qq.com/pa?p=4:867547869:4

http

IEXPLORE.EXE

506 B
513 B
5
4

HTTP Request

GET http://wpa.qq.com/pa?p=4:867547869:4

HTTP Response

302
43.159.234.172:80

http://wpa.qq.com/pa?p=4:996006258:4

http

IEXPLORE.EXE

506 B
513 B
5
4

HTTP Request

GET http://wpa.qq.com/pa?p=4:996006258:4

HTTP Response

302
43.159.234.172:80

http://wpa.qq.com/pa?p=4:871997928:4

http

IEXPLORE.EXE

506 B
513 B
5
4

HTTP Request

GET http://wpa.qq.com/pa?p=4:871997928:4

HTTP Response

302
43.159.234.172:80

http://wpa.qq.com/pa?p=4:1012646163:4

http

IEXPLORE.EXE

507 B
514 B
5
4

HTTP Request

GET http://wpa.qq.com/pa?p=4:1012646163:4

HTTP Response

302
103.235.46.191:443

https://hm.baidu.com/h.js?e750b7d0b07d3d36bc32cb07fa55f9cd

tls, http

IEXPLORE.EXE

1.6kB
10.7kB
20
21

HTTP Request

GET https://hm.baidu.com/h.js?e750b7d0b07d3d36bc32cb07fa55f9cd

HTTP Response

200
43.159.234.172:443

https://wpa.qq.com/pa?p=4:893315515:4

tls, http

IEXPLORE.EXE

1.6kB
4.9kB
13
14

HTTP Request

GET https://wpa.qq.com/pa?p=4:823580614:4

HTTP Response

301

HTTP Request

GET https://wpa.qq.com/pa?p=4:893315515:4

HTTP Response

301
43.159.234.172:443

https://wpa.qq.com/pa?p=4:981861837:4

tls, http

IEXPLORE.EXE

1.2kB
4.5kB
12
12

HTTP Request

GET https://wpa.qq.com/pa?p=4:981861837:4

HTTP Response

301
43.159.234.172:443

https://wpa.qq.com/pa?p=4:996006258:4

tls, http

IEXPLORE.EXE

1.1kB
4.3kB
9
10

HTTP Request

GET https://wpa.qq.com/pa?p=4:996006258:4

HTTP Response

301
43.159.234.172:443

https://wpa.qq.com/pa?p=4:871997928:4

tls, http

IEXPLORE.EXE

1.5kB
4.9kB
12
14

HTTP Request

GET https://wpa.qq.com/pa?p=4:915901392:4

HTTP Response

301

HTTP Request

GET https://wpa.qq.com/pa?p=4:871997928:4

HTTP Response

301
43.159.234.172:443

https://wpa.qq.com/pa?p=4:1012646163:4

tls, http

IEXPLORE.EXE

1.5kB
4.9kB
12
14

HTTP Request

GET https://wpa.qq.com/pa?p=4:759166810:4

HTTP Response

301

HTTP Request

GET https://wpa.qq.com/pa?p=4:1012646163:4

HTTP Response

301
43.159.234.172:443

https://wpa.qq.com/pa?p=4:850184862:4

tls, http

IEXPLORE.EXE

1.0kB
4.3kB
8
10

HTTP Request

GET https://wpa.qq.com/pa?p=4:850184862:4

HTTP Response

301
43.159.234.172:443

https://wpa.qq.com/pa?p=4:1024841981:4

tls, http

IEXPLORE.EXE

1.1kB
991 B
10
9

HTTP Request

GET https://wpa.qq.com/pa?p=4:1024841981:4

HTTP Response

301
43.159.234.172:443

https://wpa.qq.com/pa?p=4:867547869:4

tls, http

IEXPLORE.EXE

1.1kB
991 B
10
9

HTTP Request

GET https://wpa.qq.com/pa?p=4:867547869:4

HTTP Response

301
163.181.154.243:80

http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA5Z6OBcFD8WYQNao%2BF7KoQ%3D

http

IEXPLORE.EXE

788 B
3.3kB
7
6

HTTP Request

GET http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3D

HTTP Response

200

HTTP Request

GET http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA5Z6OBcFD8WYQNao%2BF7KoQ%3D

HTTP Response

200
163.181.154.243:80

http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA5Z6OBcFD8WYQNao%2BF7KoQ%3D

http

IEXPLORE.EXE

788 B
3.2kB
7
6

HTTP Request

GET http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3D

HTTP Response

200

HTTP Request

GET http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA5Z6OBcFD8WYQNao%2BF7KoQ%3D

HTTP Response

200
163.181.154.243:80

http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA5Z6OBcFD8WYQNao%2BF7KoQ%3D

http

IEXPLORE.EXE

736 B
2.2kB
6
5

HTTP Request

GET http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3D

HTTP Response

200

HTTP Request

GET http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA5Z6OBcFD8WYQNao%2BF7KoQ%3D

HTTP Response

200
203.205.136.81:80

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

http

IEXPLORE.EXE

968 B
948 B
8
8

HTTP Request

GET http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

302

HTTP Request

GET http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

302
203.205.136.81:80

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

http

IEXPLORE.EXE

968 B
949 B
8
8

HTTP Request

GET http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

302

HTTP Request

GET http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

302
203.205.136.81:80

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

http

IEXPLORE.EXE

579 B
521 B
6
5

HTTP Request

GET http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

302
203.205.136.81:80

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

http

IEXPLORE.EXE

579 B
521 B
6
5

HTTP Request

GET http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

302
203.205.136.81:80

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

http

IEXPLORE.EXE

579 B
521 B
6
5

HTTP Request

GET http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

302
203.205.136.81:80

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

http

IEXPLORE.EXE

631 B
562 B
7
6

HTTP Request

GET http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

302
203.205.136.81:80

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

http

IEXPLORE.EXE

579 B
518 B
6
5

HTTP Request

GET http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

302
203.205.136.81:80

http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

http

IEXPLORE.EXE

968 B
948 B
8
8

HTTP Request

GET http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

302

HTTP Request

GET http://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

302
203.205.136.81:443

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

tls, http

IEXPLORE.EXE

1.9kB
10.1kB
19
25

HTTP Request

GET https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

200

HTTP Request

GET https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

200
203.205.136.81:443

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

tls, http

IEXPLORE.EXE

1.4kB
7.9kB
16
19

HTTP Request

GET https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

200
203.205.136.81:443

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

tls, http

IEXPLORE.EXE

1.4kB
7.9kB
16
19

HTTP Request

GET https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

200
203.205.136.81:443

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

tls, http

IEXPLORE.EXE

1.4kB
7.9kB
16
19

HTTP Request

GET https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

200
203.205.136.81:443

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

tls, http

IEXPLORE.EXE

1.4kB
8.0kB
16
20

HTTP Request

GET https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

200
203.205.136.81:443

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

tls, http

IEXPLORE.EXE

1.4kB
8.0kB
16
20

HTTP Request

GET https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

200
203.205.136.81:443

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

tls, http

IEXPLORE.EXE

1.2kB
2.6kB
11
12

HTTP Request

GET https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

200
203.205.136.81:443

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

tls, http

IEXPLORE.EXE

1.2kB
2.6kB
11
13

HTTP Request

GET https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

200
163.181.154.243:80

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEA%2BeJjBpNYxBgP3UUDzaNWo%3D

http

IEXPLORE.EXE

740 B
2.1kB
6
5

HTTP Request

GET http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

HTTP Response

200

HTTP Request

GET http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEA%2BeJjBpNYxBgP3UUDzaNWo%3D

HTTP Response

200
163.181.154.243:80

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEA%2BeJjBpNYxBgP3UUDzaNWo%3D

http

IEXPLORE.EXE

740 B
2.1kB
6
5

HTTP Request

GET http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

HTTP Response

200

HTTP Request

GET http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEA%2BeJjBpNYxBgP3UUDzaNWo%3D

HTTP Response

200
163.181.154.240:80

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

http

IEXPLORE.EXE

516 B
2.1kB
6
5

HTTP Request

GET http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

HTTP Response

200
203.205.136.81:443

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

tls, http

IEXPLORE.EXE

1.1kB
2.6kB
10
12

HTTP Request

GET https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

200
203.205.136.81:443

https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

tls, http

IEXPLORE.EXE

1.2kB
2.6kB
11
12

HTTP Request

GET https://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

HTTP Response

200
163.181.154.239:80

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

http

IEXPLORE.EXE

516 B
2.1kB
6
5

HTTP Request

GET http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

HTTP Response

200
163.181.154.242:80

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

http

IEXPLORE.EXE

470 B
2.1kB
5
5

HTTP Request

GET http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

HTTP Response

200
163.181.154.243:80

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

http

IEXPLORE.EXE

470 B
2.1kB
5
5

HTTP Request

GET http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

HTTP Response

200
163.181.154.249:80

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

http

IEXPLORE.EXE

470 B
2.1kB
5
5

HTTP Request

GET http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

HTTP Response

200
163.181.154.242:80

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

http

IEXPLORE.EXE

464 B
1.1kB
5
4

HTTP Request

GET http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.7kB
10
13

8.8.8.8:53

wpa.qq.com

dns

IEXPLORE.EXE

56 B
136 B
1
1

DNS Request

wpa.qq.com

DNS Response

43.159.234.172

43.129.2.11
8.8.8.8:53

www.cqgseb.cn

dns

IEXPLORE.EXE

59 B
91 B
1
1

DNS Request

www.cqgseb.cn

DNS Response

104.21.61.159

172.67.211.142
8.8.8.8:53

hm.baidu.com

dns

IEXPLORE.EXE

58 B
100 B
1
1

DNS Request

hm.baidu.com

DNS Response

103.235.46.191
8.8.8.8:53

ocsp.digicert.cn

dns

IEXPLORE.EXE

62 B
234 B
1
1

DNS Request

ocsp.digicert.cn

DNS Response

163.181.154.243

163.181.154.248

163.181.154.249

163.181.154.239

163.181.154.240

163.181.154.244

163.181.154.241

163.181.154.242
8.8.8.8:53

ocsp.digicert.cn

dns

IEXPLORE.EXE

62 B
234 B
1
1

DNS Request

ocsp.digicert.cn

DNS Response

163.181.154.243

163.181.154.248

163.181.154.239

163.181.154.244

163.181.154.242

163.181.154.249

163.181.154.240

163.181.154.241
8.8.8.8:53

ocsp.digicert.cn

dns

IEXPLORE.EXE

62 B
234 B
1
1

DNS Request

ocsp.digicert.cn

DNS Response

163.181.154.243

163.181.154.248

163.181.154.249

163.181.154.239

163.181.154.240

163.181.154.244

163.181.154.241

163.181.154.242
8.8.8.8:53

pub.idqqimg.com

dns

IEXPLORE.EXE

61 B
229 B
1
1

DNS Request

pub.idqqimg.com

DNS Response

203.205.136.81

203.205.136.105

203.205.137.184

203.205.137.227

203.205.137.72
8.8.8.8:53

ocsp.dcocsp.cn

dns

IEXPLORE.EXE

60 B
231 B
1
1

DNS Request

ocsp.dcocsp.cn

DNS Response

163.181.154.243

163.181.154.248

163.181.154.244

163.181.154.241

163.181.154.239

163.181.154.242

163.181.154.249

163.181.154.240
8.8.8.8:53

ocsp.dcocsp.cn

dns

IEXPLORE.EXE

60 B
231 B
1
1

DNS Request

ocsp.dcocsp.cn

DNS Response

163.181.154.240

163.181.154.243

163.181.154.242

163.181.154.244

163.181.154.249

163.181.154.241

163.181.154.239

163.181.154.248
8.8.8.8:53

ocsp.dcocsp.cn

dns

IEXPLORE.EXE

60 B
231 B
1
1

DNS Request

ocsp.dcocsp.cn

DNS Response

163.181.154.239

163.181.154.240

163.181.154.242

163.181.154.249

163.181.154.243

163.181.154.241

163.181.154.248

163.181.154.244
8.8.8.8:53

ocsp.dcocsp.cn

dns

IEXPLORE.EXE

60 B
231 B
1
1

DNS Request

ocsp.dcocsp.cn

DNS Response

163.181.154.242

163.181.154.249

163.181.154.241

163.181.154.240

163.181.154.243

163.181.154.239

163.181.154.244

163.181.154.248
8.8.8.8:53

ocsp.dcocsp.cn

dns

IEXPLORE.EXE

60 B
231 B
1
1

DNS Request

ocsp.dcocsp.cn

DNS Response

163.181.154.243

163.181.154.249

163.181.154.239

163.181.154.242

163.181.154.241

163.181.154.248

163.181.154.244

163.181.154.240
8.8.8.8:53

ocsp.dcocsp.cn

dns

IEXPLORE.EXE

60 B
231 B
1
1

DNS Request

ocsp.dcocsp.cn

DNS Response

163.181.154.249

163.181.154.239

163.181.154.240

163.181.154.241

163.181.154.242

163.181.154.243

163.181.154.244

163.181.154.248
8.8.8.8:53

ocsp.dcocsp.cn

dns

IEXPLORE.EXE

60 B
231 B
1
1

DNS Request

ocsp.dcocsp.cn

DNS Response

163.181.154.242

163.181.154.248

163.181.154.244

163.181.154.241

163.181.154.239

163.181.154.243

163.181.154.249

163.181.154.240
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.17.5.133
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.17.5.133

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0A17BC17FF10008872A7205D0D43E2_5FE90E28A5C4F66460B6A36ECFF82C5E

Filesize
471B

MD5
942e51869609c65d403bd1c7ab7c130c

SHA1
d6b2f4ff92e97224169ec90ca0590d997c8891a4

SHA256
2b3595f7a30553dd94f393d45ce645f351c2ef0248f6cd8fbaeb3c589e914471

SHA512
e90f0ebcebff4b00df623aef064e8527566cc7786684d3b918f73dc7a3cc5795d0bf2802c198c46795fa4794c659cc24563c4ddd803d127746886de384e9ab39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
c767d73ca03edd58142a3bbd3d3c2c08

SHA1
267b2f48a90e54c2caba1bc1a59577eb61ab6771

SHA256
1bce9536502713563deec5e93c4a7845fa7bf8f1daaf8e268dd18eca6e51bcb2

SHA512
180578f7d909babff7c4218b1805e94f8dce4aae4c8a9c3397dc25bba4d5176832ce3037d7d6d5ef44657484bbe4f5a810cb2c8c183ec2151bd6485cb282deb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a43fed21ce4b051f3b9999fa9fbc3a18

SHA1
53359075cd0e402a565441d0a1c673b53a4b26ab

SHA256
63640f99776e42970e56aabe1a7f05676475ddf71f7e727a1524c80e68a9e335

SHA512
5daf080836ea25bee4fe5914a93e52296f090b278bddc51682dc60d2b26277a96cba9a6be686fe2344971b45f883fe345f97f4d865c029fa10a3ad4bd8e88414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9964f814a06da12488558d2a56de02b

SHA1
fa1974639373b309b919451249fdc63e2689eb0b

SHA256
d1343963b9c4935377cda0b6541d226b2620c16720b19c2239476ae2fdba9cf5

SHA512
27447d4707b167760eee4b6d28024bffec159bdc7c0052eff213cc19a2ce3fbc01418ed50d3f13ceeefda9db6b0b02715e493b5bd86ba26b7ea714dd30b9e1f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fe62ab1467a37ee29eaf52e5c0df986

SHA1
7d2845cbbbd173bd51e5c4ae506f08e4bdbd3ea9

SHA256
76a83515d2b2d3c32b223ccd6f2d046e3c08872fad1ebae74bd9d1ed37a95752

SHA512
4ebccca4f37bf21f019b1edabf654d3063a98ed2d185a3dd3bdacb565574560c3a25fe1f7d9b365c9b5d822afcbf3c152ae2ef1483e1a923296e97b413885d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0624b97a5221f3125a0cccb16a50302a

SHA1
0a0d59be8fb020a9a8cee4203d27f85e889caa43

SHA256
2117f90208b3a8db959f68c85b79787bcdb2ad710b352b5efaaf0a91ed45ffe8

SHA512
45381a5c8daf50a7a7e42a1856a87ec070de786a40e20ff2f9d31fd44a867bb83ad2259d80d6a880e79f4c9c755792f93ad595408575f186e35b90c10d237481

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e0e14a5c0f168f7d09bc859744b189e

SHA1
12ada0bf75290204a95f38e9112632d5fdb95d14

SHA256
809c3db3961042378ec3a46907b12978e6dc9e1cf443dd53534a4311afaa9b42

SHA512
90376477908a431cfd42b771edbf4e9a137e3ed36897705deed6533c6e95d19b82a61c8d37f9378f721ac94c7139577a0be1c82d7f7673a15e3c1d31d1d65b2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e84182fc98c861c4c68c19bafafcd5d0

SHA1
04e536b2a6b2a7dd85e8a90f14f272aee5efe52d

SHA256
37a0f90129817eabe31e0e16db5085b7bb75da744406332406ac1b45ecc9dde1

SHA512
6ed8ff9c7d026cdb3f619223f00112f801799f884c6d9e1cdafe44789d077b805af7edcf06786b7ea6ded7975e39e66adaeacd7d47446634d35bca531e96baf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2269b133f861c2e4d63e00dca725e08

SHA1
5d1f956965572c63afcb68cb2e1d1de57b635e36

SHA256
7f8ba0f3b1a686ede019a99a36720548f974e5ec1edce790878d45ec5b3ca078

SHA512
12f5b58936201c82cac157cd13f62250bac5ef18c3cb77a22d963deccd2c7035c49294490c33d4f5c6ca271f82e065dafbf39ddedd14cf1113ad00bdda6d97a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7a65593f05d15c96461fee648f27790

SHA1
9992da770460748b20073dba65b558c5fb4b8d4a

SHA256
557913bb682ee023f5064e4a8aec81c937726d6f0263567bacc35507427f0696

SHA512
93843d3c48e266110bded8fda7c1086a163f2ac2a00d2d20dfced7ccce8d0113077e255c080422c8a6cd34a84beacbede89ae24c2e0d4e4835e69300be60de63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86bfeef0d55911c50d19b8306d416d5a

SHA1
ba0acaaf3c94484bd63e27db73526f9fd463e027

SHA256
a9d7e860f8c9a2b012217a01d80f05d513a79f76712adffcc970f99e6b6f633d

SHA512
3d66a6f0a8e7beb4612e2ccb4d2a285aa22db9acd5cc68c3eb817f2d22245b8c9883a3c2748346a5ba09fc4e0914c9ae28881dfa921762b302a0a32c4c596868

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b513b5b1332383230f5731c1ecbb5bee

SHA1
a30f549cf8b553cf56bb78e07625347108cd20c6

SHA256
47403c950edb9f6ca6af45d380d5bf60e80cb2c6488eb797cbaa06fef4998ff6

SHA512
45a5041c09d9b6b68e9af29c5b4a563bc7ac933c91fbec7a6291d97fc630262533da01aafa77e8a19a6706c4c962ed779597fb891877a0bcaa6d1ed9077a6f29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ef43f39ba8d42b5436bd08dd1a6b1051

SHA1
b09f7c2f3d82784e3839c2a635246591fed976d7

SHA256
7eb90a7d5929b84f4c5fe2c4436391a18907afe7359001ea15c366002d44a044

SHA512
be01bf323ebbc7c8007c9025128196cd01eb29fe973411732af14b4ceb213138a267373d72c3ba358f4ac2735d57e8d8208055cbd886ddec47662d943f6356c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab21D5.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4E52.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar22C4.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4E53.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request