Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
scanning_cobaltstrike_config.csv
<
ip port time_scanned arch Beacon Type Port Polling Jitter Max DNS C2 Server User Agent HTTP Method Path 2 Header 1 Header 2 Injection Process Pipe Name Year Month Day DNS Idle DNS Sleep Method 1 Method 2 Spawn To Proxy Hostname Proxy Username Proxy Password Proxy Access Type CreateRemoteThread Watermark
185.20.186.108 443 1.62002E+12 x86 8 (HTTPS) 443 5000 0 185.20.186.108,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books /N4215/adj/amzn.us.sr.aps GET POST %windir%\syswow64\rundll32.exe 1359593325
185.20.186.108 443 1.62002E+12 x64 8 (HTTPS) 443 5000 0 185.20.186.108,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books /N4215/adj/amzn.us.sr.aps GET POST %windir%\sysnative\rundll32.exe 1359593325
213.202.211.246 80 1.62002E+12 x86 0 (HTTP) 80 10000 5 213.202.211.246,/metro91/admin/1/ppptp.jpg /metro91/admin/1/secure.php GET POST %windir%\syswow64\rundll32.exe 0
213.202.211.246 80 1.62002E+12 x64 0 (HTTP) 80 10000 5 213.202.211.246,/metro91/admin/1/ppptp.jpg /metro91/admin/1/secure.php GET POST %windir%\sysnative\rundll32.exe 0
165.22.66.24 443 1.62002E+12 x86 8 (HTTPS) 443 60000 0 255 165.22.66.24,/push Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
165.22.66.24 443 1.62002E+12 x64 8 (HTTPS) 443 60000 0 255 165.22.66.24,/visit.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
185.158.248.106 80 1.62002E+12 x86 0 (HTTP) 80 60000 0 185.158.248.106,/en_US/all.js /submit.php GET POST %windir%\syswow64\rundll32.exe 0
185.158.248.106 80 1.62002E+12 x64 0 (HTTP) 80 60000 0 185.158.248.106,/activity /submit.php GET POST %windir%\sysnative\rundll32.exe 0
185.158.248.106 443 1.62002E+12 x86 8 (HTTPS) 443 60000 0 185.158.248.106,/ga.js /submit.php GET POST %windir%\syswow64\rundll32.exe 0
185.158.248.106 443 1.62002E+12 x64 8 (HTTPS) 443 60000 0 185.158.248.106,/activity /submit.php GET POST %windir%\sysnative\rundll32.exe 0
185.162.235.111 443 1.62002E+12 x86 8 (HTTPS) 443 60000 0 255 185.162.235.111,/load Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
185.162.235.111 443 1.62002E+12 x64 8 (HTTPS) 443 60000 0 255 185.162.235.111,/updates.rss Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
192.161.179.180 443 1.62002E+12 x86 8 (HTTPS) 443 60000 0 255 luoli233.top,/__utm.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
192.161.179.180 443 1.62002E+12 x64 8 (HTTPS) 443 60000 0 255 luoli233.top,/ptj Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
216.250.254.153 8080 1.62002E+12 x86 0 (HTTP) 8080 60000 0 192.95.16.245,/dpixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
216.250.254.153 8080 1.62002E+12 x64 0 (HTTP) 8080 60000 0 192.95.16.245,/fwlink /submit.php GET POST %windir%\sysnative\rundll32.exe 0
185.106.123.114 443 1.62002E+12 x86 8 (HTTPS) 443 60000 0 tulls.net,/userid= /update.php GET POST %windir%\syswow64\rundll32.exe 1580103814
185.106.123.114 443 1.62002E+12 x64 8 (HTTPS) 443 60000 0 tulls.net,/userid= /update.php GET POST %windir%\sysnative\rundll32.exe 1580103814
108.166.207.133 80 1.62017E+12 x86 0 (HTTP) 80 60000 0 255 108.166.207.133,/cm Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
108.166.207.133 80 1.62017E+12 x64 0 (HTTP) 80 60000 0 255 108.166.207.133,/pixel Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
103.64.12.177 80 1.62017E+12 x86 0 (HTTP) 80 3000 0 255 service-q06q0t7u-1251167152.gz.apigw.tencentcs.com,/api/getit Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) /api/postit 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
103.64.12.177 80 1.62017E+12 x64 0 (HTTP) 80 3000 0 255 service-q06q0t7u-1251167152.gz.apigw.tencentcs.com,/api/getit Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) /api/postit 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
103.234.54.146 80 1.62017E+12 x86 0 (HTTP) 80 60000 0 103.234.54.146,/activity /submit.php GET POST %windir%\syswow64\rundll32.exe 0
103.234.54.146 80 1.62017E+12 x64 0 (HTTP) 80 60000 0 103.234.54.146,/ptj /submit.php GET POST %windir%\sysnative\rundll32.exe 0
47.104.253.89 80 1.62017E+12 x86 0 (HTTP) 80 60000 0 255 47.104.253.89,/cx Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
47.104.253.89 80 1.62017E+12 x64 0 (HTTP) 80 60000 0 255 47.104.253.89,/push Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
47.114.36.45 443 1.62017E+12 x86 8 (HTTPS) 443 60000 0 255 47.114.36.45,/dot.gif Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
47.114.36.45 443 1.62017E+12 x64 8 (HTTPS) 443 60000 0 255 47.114.36.45,/activity Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
47.114.36.45 8080 1.62017E+12 x86 0 (HTTP) 8080 60000 0 255 47.114.36.45,/__utm.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
47.114.36.45 8080 1.62017E+12 x64 0 (HTTP) 8080 60000 0 255 47.114.36.45,/cx Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
104.248.148.74 443 1.62017E+12 x86 8 (HTTPS) 443 60000 0 255 104.248.148.74,/activity Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MASPJS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
104.248.148.74 443 1.62017E+12 x64 8 (HTTPS) 443 60000 0 255 104.248.148.74,/dpixel Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
120.132.81.146 443 1.62017E+12 x86 8 (HTTPS) 443 60000 0 120.132.81.146,/fwlink /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
120.132.81.146 443 1.62017E+12 x64 8 (HTTPS) 443 60000 0 120.132.81.146,/pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
121.5.66.190 8080 1.62017E+12 x86 0 (HTTP) 8080 60000 0 255 121.5.66.190,/j.ad Mozilla/5.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; WOW64; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 16777216
121.5.66.190 8080 1.62017E+12 x64 0 (HTTP) 8080 60000 0 255 121.5.66.190,/pixel Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; ASU2JS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 16777216
35.241.143.134 80 1.62017E+12 x86 0 (HTTP) 80 60000 20 235 control.commanderinthe.cloud,/search/ Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /Search/ 8.8.4.4 0 GET GET %windir%\syswow64\rundll32.exe 1277797054
35.241.143.134 80 1.62017E+12 x64 0 (HTTP) 80 60000 20 235 control.commanderinthe.cloud,/search/ Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /Search/ 8.8.4.4 0 GET GET %windir%\sysnative\rundll32.exe 1277797054
118.193.37.242 8000 1.62017E+12 x86 0 (HTTP) 8000 60000 0 255 118.193.37.242,/load Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MALCJS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
118.193.37.242 8000 1.62017E+12 x64 0 (HTTP) 8000 60000 0 255 118.193.37.242,/ptj Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
106.52.181.247 443 1.62017E+12 x86 8 (HTTPS) 443 60000 0 106.52.181.247,/match /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
106.52.181.247 443 1.62017E+12 x64 8 (HTTPS) 443 60000 0 106.52.181.247,/fwlink /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
106.52.181.247 8080 1.62017E+12 x86 0 (HTTP) 8080 60000 0 106.52.181.247,/cx /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
106.52.181.247 8080 1.62017E+12 x64 0 (HTTP) 8080 60000 0 106.52.181.247,/cx /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
81.68.111.192 80 1.6202E+12 x86 0 (HTTP) 80 60000 0 255 microsoftchina.org,/dot.gif Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
81.68.111.192 80 1.6202E+12 x64 0 (HTTP) 80 60000 0 255 microsoftchina.org,/dot.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATM) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
45.76.49.68 8088 1.62017E+12 x86 0 (HTTP) 8088 60000 0 255 45.76.49.68,/pixel Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
45.76.49.68 8088 1.62017E+12 x64 0 (HTTP) 8088 60000 0 255 45.76.49.68,/activity Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
134.209.92.85 80 1.62022E+12 x86 0 (HTTP) 80 5000 0 255 134.209.92.85,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko /N4215/adj/amzn.us.sr.aps 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 431177299
134.209.92.85 80 1.62022E+12 x64 0 (HTTP) 80 5000 0 255 134.209.92.85,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko /N4215/adj/amzn.us.sr.aps 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 431177299
134.209.71.188 443 1.62022E+12 x86 8 (HTTPS) 443 15000 90 www.nytimes.com,/en-us/p/onerf/MeSilentPassport /1.5/95648064/storage/tabs GET POST %windir%\syswow64\WerFault -a 1144558102
134.209.71.188 443 1.62022E+12 x64 8 (HTTPS) 443 15000 90 www.nytimes.com,/en-us/store/api/checkproductinwishlist /v3/links/ping-beat/check GET POST %windir%\sysnative\WerFault -a 1144558102
213.217.0.217 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 213.217.0.217,/__utm.gif Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
213.217.0.217 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 213.217.0.217,/match Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
99.79.101.225 80 1.62021E+12 x86 0 (HTTP) 80 60000 20 ads.gellpac.com,/c/msdownload/update/1930155_ /c/msdownload/update/1534335_ POST POST %windir%\syswow64\rundll32.exe 922183268
99.79.101.225 80 1.62021E+12 x64 0 (HTTP) 80 60000 20 ads.gellpac.com,/c/msdownload/update/1930155_ /c/msdownload/update/1534335_ POST POST %windir%\sysnative\rundll32.exe 922183268
99.79.101.225 443 1.62021E+12 x86 8 (HTTPS) 443 60000 20 ajax.microsoft.com,/c/msdownload/update/1930155_ /c/msdownload/update/1534335_ POST POST %windir%\syswow64\rundll32.exe 922183268
99.79.101.225 443 1.62021E+12 x64 8 (HTTPS) 443 60000 20 ajax.microsoft.com,/c/msdownload/update/1930155_ /c/msdownload/update/1534335_ POST POST %windir%\sysnative\rundll32.exe 922183268
185.158.249.38 80 1.62021E+12 x86 0 (HTTP) 80 60000 0 185.158.249.38,/pixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
185.158.249.38 80 1.62021E+12 x64 0 (HTTP) 80 60000 0 185.158.249.38,/ga.js /submit.php GET POST %windir%\sysnative\rundll32.exe 0
217.12.201.118 443 1.62021E+12 x86 8 (HTTPS) 443 60000 0 217.12.201.118,/load /submit.php GET POST %windir%\syswow64\rundll32.exe 0
217.12.201.118 443 1.62021E+12 x64 8 (HTTPS) 443 60000 0 217.12.201.118,/ga.js /submit.php GET POST %windir%\sysnative\rundll32.exe 0
217.12.201.118 8080 1.62021E+12 x86 0 (HTTP) 8080 60000 0 217.12.201.118,/en_US/all.js /submit.php GET POST %windir%\syswow64\rundll32.exe 0
217.12.201.118 8080 1.62021E+12 x64 0 (HTTP) 8080 60000 0 217.12.201.118,/g.pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 0
213.217.0.218 443 1.62021E+12 x86 8 (HTTPS) 443 60000 0 255 213.217.0.218,/ca Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
213.217.0.218 443 1.62021E+12 x64 8 (HTTPS) 443 60000 0 255 213.217.0.218,/IE9CompatViewList.xml Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
185.25.51.172 80 1.62021E+12 x86 0 (HTTP) 80 59584 37 185.25.51.172,/mobile-android /af GET POST %windir%\syswow64\regsvr32.exe 1359593325
185.25.51.172 80 1.62021E+12 x64 0 (HTTP) 80 59584 37 185.25.51.172,/mobile-android /af GET POST %windir%\sysnative\regsvr32.exe 1359593325
217.12.201.100 80 1.62021E+12 x86 0 (HTTP) 80 45000 37 217.12.201.100,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 0
217.12.201.100 80 1.62021E+12 x64 0 (HTTP) 80 45000 37 217.12.201.100,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 0
52.28.253.50 80 1.62021E+12 x86 0 (HTTP) 80 5000 10 rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants /vlk/xmlrpc/v2 GET POST %windir%\syswow64\mavinject.exe 1807886020
52.28.253.50 80 1.62021E+12 x64 0 (HTTP) 80 5000 10 rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants /vlk/xmlrpc/v2 GET POST %windir%\sysnative\gpupdate.exe 1807886020
185.14.29.42 443 1.62021E+12 x86 8 (HTTPS) 443 45000 37 mingrand.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 0
185.14.29.42 443 1.62021E+12 x64 8 (HTTPS) 443 45000 37 mingrand.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 0
195.206.181.213 80 1.62022E+12 x86 0 (HTTP) 80 55198 43 195.206.181.213,/ee.html /ak GET POST %windir%\syswow64\WUAUCLT.exe 1359593325
195.206.181.213 80 1.62022E+12 x64 0 (HTTP) 80 55198 43 195.206.181.213,/ak.html /ak GET POST %windir%\sysnative\WUAUCLT.exe 1359593325
213.217.0.216 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 213.217.0.216,/updates.rss Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
213.217.0.216 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 213.217.0.216,/pixel Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BO1IE8_v1;ENUS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
213.217.0.216 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 213.217.0.216,/push Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; LBBROWSER) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
213.217.0.216 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 213.217.0.216,/updates.rss Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
209.141.37.21 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 209.141.37.21,/ca Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
209.141.37.21 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 209.141.37.21,/dot.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
218.253.251.115 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 218.253.251.115,/ga.js Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
218.253.251.115 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 218.253.251.115,/IE9CompatViewList.xml Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
217.12.218.46 80 1.62022E+12 x86 0 (HTTP) 80 45000 37 217.12.218.46,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 0
217.12.218.46 80 1.62022E+12 x64 0 (HTTP) 80 45000 37 217.12.218.46,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 0
185.232.52.137 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 185.232.52.137,/cx Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MALC) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
185.232.52.137 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 185.232.52.137,/ca Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
185.232.52.137 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 185.232.52.137,/activity Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
185.232.52.137 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 185.232.52.137,/IE9CompatViewList.xml Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
213.227.154.244 80 1.62022E+12 x86 8 (HTTPS) 80 48963 24 risetomoon.com,/jquery-3.2.2.min.js,213.227.154.244,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\syswow64\WUAUCLT.exe 1580103814
213.227.154.244 80 1.62022E+12 x64 8 (HTTPS) 80 48963 24 risetomoon.com,/jquery-3.2.2.min.js,213.227.154.244,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\sysnative\WUAUCLT.exe 1580103814
213.227.154.244 8080 1.62022E+12 x86 8 (HTTPS) 8080 48963 24 risetomoon.com,/jquery-3.2.2.min.js,213.227.154.244,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\syswow64\WUAUCLT.exe 1580103814
213.227.154.244 8080 1.62022E+12 x64 8 (HTTPS) 8080 48963 24 risetomoon.com,/jquery-3.2.2.min.js,213.227.154.244,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\sysnative\WUAUCLT.exe 1580103814
209.222.98.79 443 1.62022E+12 x86 8 (HTTPS) 443 5000 1 upfros.com,/aa /admin GET POST %windir%\syswow64\mstsc.exe 1580103814
209.222.98.79 443 1.62022E+12 x64 8 (HTTPS) 443 5000 1 upfros.com,/aa /admin GET POST %windir%\sysnative\mstsc.exe 1580103814
185.239.226.133 443 1.62022E+12 x86 8 (HTTPS) 443 45000 37 255 ortvpn.ga,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\syswow64\dllhost.exe 305419896
185.239.226.133 443 1.62022E+12 x64 8 (HTTPS) 443 45000 37 255 ortvpn.ga,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\sysnative\dllhost.exe 305419896
185.106.123.107 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 fut1.net,/userid= /update.php GET POST %windir%\syswow64\rundll32.exe 1580103814
185.106.123.107 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 fut1.net,/userid= /update.php GET POST %windir%\sysnative\rundll32.exe 1580103814
216.250.254.153 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 159.65.36.16,/cm /submit.php GET POST %windir%\syswow64\rundll32.exe 0
216.250.254.153 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 159.65.36.16,/dpixel /submit.php GET POST %windir%\sysnative\rundll32.exe 0
216.250.254.153 8080 1.62022E+12 x86 0 (HTTP) 8080 60000 0 192.95.16.245,/ga.js /submit.php GET POST %windir%\syswow64\rundll32.exe 0
216.250.254.153 8080 1.62022E+12 x64 0 (HTTP) 8080 60000 0 192.95.16.245,/pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 0
156.236.114.72 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 156.236.114.72,/dpixel Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
156.236.114.72 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 156.236.114.72,/ptj Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
213.227.155.7 443 1.62022E+12 x86 8 (HTTPS) 443 5000 23 tepabaf.com,/mobile-android.html /ce GET POST %windir%\syswow64\wusa.exe 1580103814
213.227.155.7 443 1.62022E+12 x64 8 (HTTPS) 443 5000 23 tepabaf.com,/panel.html /ce GET POST %windir%\sysnative\wusa.exe 1580103814
193.149.161.252 80 1.62022E+12 x86 0 (HTTP) 80 30 20 193.149.161.252,/search/ /Search/ GET GET %windir%\syswow64\rundll32.exe 1359593325
193.149.161.252 80 1.62022E+12 x64 0 (HTTP) 80 30 20 193.149.161.252,/search/ /Search/ GET GET %windir%\sysnative\rundll32.exe 1359593325
195.206.181.210 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 195.206.181.210,/ga.js /submit.php GET POST %windir%\syswow64\rundll32.exe 0
195.206.181.210 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 195.206.181.210,/cx /submit.php GET POST %windir%\sysnative\rundll32.exe 0
195.206.181.210 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 citrixsecurityy.com,/updates.rss /submit.php GET POST %windir%\syswow64\rundll32.exe 0
195.206.181.210 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 citrixsecurityy.com,/load /submit.php GET POST %windir%\sysnative\rundll32.exe 0
185.32.124.168 443 1.62022E+12 x86 8 (HTTPS) 443 15000 20 255 stereeofficeknot.net,/safebrowsing/rd/nX4Yecwd6qp3a3T7BhgTvJbjFwAwgUZj0-N3zAu1AP4BE Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko /safebrowsing/rd/iQAZBiFXcdnxy8Q1RX6qgE9PuauWzX3qa 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
185.32.124.168 443 1.62022E+12 x64 8 (HTTPS) 443 15000 20 255 stereeofficeknot.net,/safebrowsing/rd/nX4Yecwd6qp3a3T7BhgTvJbjFwAwgUZj0-N3zAu1AP4BE Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko /safebrowsing/rd/iQAZBiFXcdnxy8Q1RX6qgE9PuauWzX3qa 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
206.189.106.19 443 1.62022E+12 x86 8 (HTTPS) 443 5000 0 255 jubiterstar.me,/s/ref=nb_sb_noss_1/18-0262949/field-keywords=electronics Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko /N5190/adjs/amzn.us.sr.aps 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
206.189.106.19 443 1.62022E+12 x64 8 (HTTPS) 443 5000 0 255 jubiterstar.me,/s/ref=nb_sb_noss_1/18-0262949/field-keywords=electronics Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko /N5190/adjs/amzn.us.sr.aps 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
45.32.38.4 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 daxi0ng.com,/IE9CompatViewList.xml Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
45.32.38.4 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 daxi0ng.com,/pixel.gif Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
194.68.32.17 443 1.62022E+12 x86 8 (HTTPS) 443 45474 37 255 194.68.32.17,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\syswow64\eventvwr.exe 305419896
194.68.32.17 443 1.62022E+12 x64 8 (HTTPS) 443 45474 37 255 194.68.32.17,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\sysnative\eventvwr.exe 305419896
185.162.235.111 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 185.162.235.111,/push Mozilla/5.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; WOW64; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
185.162.235.111 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 185.162.235.111,/updates.rss Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
172.98.192.91 443 1.62022E+12 x86 8 (HTTPS) 443 5000 0 255 172.98.192.91,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko /N4215/adj/amzn.us.sr.aps 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
172.98.192.91 443 1.62022E+12 x64 8 (HTTPS) 443 5000 0 255 172.98.192.91,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko /N4215/adj/amzn.us.sr.aps 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
154.221.27.35 443 1.62022E+12 x86 8 (HTTPS) 443 25000 37 fish.hellomrsone.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\svchost.exe 1359593325
154.221.27.35 443 1.62022E+12 x64 8 (HTTPS) 443 25000 37 fish.hellomrsone.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\svchost.exe 1359593325
193.29.57.9 443 1.62022E+12 x86 8 (HTTPS) 443 30000 37 46.30.188.196,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 1359593325
193.29.57.9 443 1.62022E+12 x64 8 (HTTPS) 443 30000 37 46.30.188.196,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 1359593325
192.161.179.180 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 luoli233.top,/IE9CompatViewList.xml Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
192.161.179.180 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 luoli233.top,/dot.gif Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
185.213.175.149 443 1.62022E+12 x86 8 (HTTPS) 443 2000 10 235 185.213.175.149,/updates Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36 /hello/flash.php 8.8.4.4 0 GET POST %windir%\syswow64\rundll32.exe 305419896
185.213.175.149 443 1.62022E+12 x64 8 (HTTPS) 443 2000 10 235 185.213.175.149,/updates Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36 /windebug/updcheck.php 8.8.4.4 0 GET POST %windir%\sysnative\rundll32.exe 305419896
195.123.222.5 80 1.62022E+12 x86 0 (HTTP) 80 45000 37 195.123.222.5,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 0
195.123.222.5 80 1.62022E+12 x64 0 (HTTP) 80 45000 37 195.123.222.5,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 0
198.252.99.93 80 1.62022E+12 x86 0 (HTTP) 80 48956 32 cdnsyndication.digital,/g/rfer=nmn_fr_gees_1/42-332638-0264389/field-keywords=toys,198.252.99.93,/g/rfer=nmn_fr_gees_1/42-332638-0264389/field-keywords=toys /L2741/hojk/amzon.SX.90.sok GET POST %windir%\syswow64\dllhost.exe 1580103814
198.252.99.93 80 1.62022E+12 x64 0 (HTTP) 80 48956 32 cdnsyndication.digital,/g/rfer=nmn_fr_gees_1/42-332638-0264389/field-keywords=toys,198.252.99.93,/g/rfer=nmn_fr_gees_1/42-332638-0264389/field-keywords=toys /L2741/hojk/amzon.SX.90.sok GET POST %windir%\sysnative\dllhost.exe 1580103814
198.252.99.93 8080 1.62022E+12 x86 0 (HTTP) 8080 48956 32 cdnsyndication.digital,/g/rfer=nmn_fr_gees_1/42-332638-0264389/field-keywords=toys,198.252.99.93,/g/rfer=nmn_fr_gees_1/42-332638-0264389/field-keywords=toys /L2741/hojk/amzon.SX.90.sok GET POST %windir%\syswow64\dllhost.exe 1580103814
198.252.99.93 8080 1.62022E+12 x64 0 (HTTP) 8080 48956 32 cdnsyndication.digital,/g/rfer=nmn_fr_gees_1/42-332638-0264389/field-keywords=toys,198.252.99.93,/g/rfer=nmn_fr_gees_1/42-332638-0264389/field-keywords=toys /L2741/hojk/amzon.SX.90.sok GET POST %windir%\sysnative\dllhost.exe 1580103814
194.165.16.60 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 194.165.16.60,/fwlink /submit.php GET POST %windir%\syswow64\rundll32.exe 1580103814
194.165.16.60 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 194.165.16.60,/push /submit.php GET POST %windir%\sysnative\rundll32.exe 1580103814
192.111.153.186 80 1.62022E+12 x86 0 (HTTP) 80 5000 17 172.241.27.70,/bg.css /mobile-android GET POST %windir%\syswow64\wusa.exe 1580103814
192.111.153.186 80 1.62022E+12 x64 0 (HTTP) 80 5000 17 172.241.27.70,/bg.css /gv GET POST %windir%\sysnative\wusa.exe 1580103814
188.34.142.201 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 188.34.142.201,/updates.rss Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAM2) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
188.34.142.201 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 188.34.142.201,/visit.js Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Touch) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
188.34.142.201 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 188.34.142.201,/cm Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
188.34.142.201 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 188.34.142.201,/dot.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
199.127.61.167 443 1.62022E+12 x86 8 (HTTPS) 443 5000 16 winohak.com,/common /an GET POST %windir%\syswow64\mstsc.exe 1580103814
199.127.61.167 443 1.62022E+12 x64 8 (HTTPS) 443 5000 16 winohak.com,/common /an GET POST %windir%\sysnative\mstsc.exe 1580103814
195.123.222.12 80 1.62022E+12 x86 0 (HTTP) 80 45000 37 195.123.222.12,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 0
195.123.222.12 80 1.62022E+12 x64 0 (HTTP) 80 45000 37 195.123.222.12,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 0
195.123.222.12 443 1.62022E+12 x86 8 (HTTPS) 443 45000 37 azama12.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 0
195.123.222.12 443 1.62022E+12 x64 8 (HTTPS) 443 45000 37 azama12.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 0
195.123.217.45 80 1.62022E+12 x86 0 (HTTP) 80 45000 37 195.123.217.45,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 0
195.123.217.45 80 1.62022E+12 x64 0 (HTTP) 80 45000 37 195.123.217.45,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 0
192.198.81.46 443 1.62022E+12 x86 8 (HTTPS) 443 5000 43 192.198.81.46,/ku.html /profile GET POST %windir%\syswow64\mstsc.exe 1580103814
192.198.81.46 443 1.62022E+12 x64 8 (HTTPS) 443 5000 43 192.198.81.46,/ku.html /html GET POST %windir%\sysnative\mstsc.exe 1580103814
52.59.168.192 80 1.62022E+12 x86 0 (HTTP) 80 5000 10 rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants /vlk/xmlrpc/v2 GET POST %windir%\syswow64\mavinject.exe 1807886020
52.59.168.192 80 1.62022E+12 x64 0 (HTTP) 80 5000 10 rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants /vlk/xmlrpc/v2 GET POST %windir%\sysnative\gpupdate.exe 1807886020
192.95.16.245 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 159.65.36.16,/cm /submit.php GET POST %windir%\syswow64\rundll32.exe 0
192.95.16.245 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 159.65.36.16,/dpixel /submit.php GET POST %windir%\sysnative\rundll32.exe 0
192.95.16.245 8080 1.62022E+12 x86 0 (HTTP) 8080 60000 0 192.95.16.245,/ga.js /submit.php GET POST %windir%\syswow64\rundll32.exe 0
192.95.16.245 8080 1.62022E+12 x64 0 (HTTP) 8080 60000 0 192.95.16.245,/pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 0
195.123.221.225 80 1.62022E+12 x86 0 (HTTP) 80 60000 20 canihouse.com,/c/msdownload/update/others/2016/12/29136388_ /c/msdownload/update/others/2016/12/3215234_ GET GET %windir%\syswow64\rundll32.exe 0
195.123.221.225 80 1.62022E+12 x64 0 (HTTP) 80 60000 20 canihouse.com,/c/msdownload/update/others/2016/12/29136388_ /c/msdownload/update/others/2016/12/3215234_ GET GET %windir%\sysnative\rundll32.exe 0
195.123.221.225 443 1.62022E+12 x86 8 (HTTPS) 443 60000 20 canihouse.com,/c/msdownload/update/others/2016/12/29136388_ /c/msdownload/update/others/2016/12/3215234_ GET GET %windir%\syswow64\rundll32.exe 0
195.123.221.225 443 1.62022E+12 x64 8 (HTTPS) 443 60000 20 canihouse.com,/c/msdownload/update/others/2016/12/29136388_ /c/msdownload/update/others/2016/12/3215234_ GET GET %windir%\sysnative\rundll32.exe 0
185.150.189.202 443 1.62022E+12 x86 8 (HTTPS) 443 5000 18 davevud.com,/Content.html /ch GET POST %windir%\syswow64\wusa.exe 1580103814
185.150.189.202 443 1.62022E+12 x64 8 (HTTPS) 443 5000 18 davevud.com,/Content.html /ch GET POST %windir%\sysnative\wusa.exe 1580103814
185.25.51.10 443 1.62022E+12 x86 8 (HTTPS) 443 61524 41 249 shopdsld-invoce.com,/ky.js Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9 /ch 247.160.159.135 0 GET POST %windir%\syswow64\svchost.exe 0
185.25.51.10 443 1.62022E+12 x64 8 (HTTPS) 443 61524 41 249 shopdsld-invoce.com,/btn_bg.js Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9 /ce 247.160.159.135 0 GET POST %windir%\sysnative\svchost.exe 0
185.162.235.35 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 185.162.235.35,/pixel.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 16777216
185.162.235.35 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 185.162.235.35,/push Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; ASU2JS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 16777216
172.82.148.202 80 1.62022E+12 x86 0 (HTTP) 80 5000 10 235 172.82.148.202,/us/ky/louisville/312-s-fourth-st.html Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) /OrderEntryService.asmx/AddOrderLine 8.8.8.8 0 GET POST %windir%\syswow64\mstsc.exe 0
172.82.148.202 80 1.62022E+12 x64 0 (HTTP) 80 5000 10 235 172.82.148.202,/us/ky/louisville/312-s-fourth-st.html Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) /OrderEntryService.asmx/AddOrderLine 8.8.8.8 0 GET POST %windir%\sysnative\mstsc.exe 0
172.82.148.202 443 1.62022E+12 x86 8 (HTTPS) 443 5000 10 235 resnote.com,/us/ky/louisville/312-s-fourth-st.html,172.82.148.202,/us/ky/louisville/312-s-fourth-st.html Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) /OrderEntryService.asmx/AddOrderLine 8.8.8.8 0 GET POST %windir%\syswow64\mstsc.exe 0
172.82.148.202 443 1.62022E+12 x64 8 (HTTPS) 443 5000 10 235 resnote.com,/us/ky/louisville/312-s-fourth-st.html,172.82.148.202,/us/ky/louisville/312-s-fourth-st.html Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) /OrderEntryService.asmx/AddOrderLine 8.8.8.8 0 GET POST %windir%\sysnative\mstsc.exe 0
107.161.114.226 443 1.62022E+12 x86 8 (HTTPS) 443 5000 20 slicemia.com,/es.js /get GET POST %windir%\syswow64\mstsc.exe 1580103814
107.161.114.226 443 1.62022E+12 x64 8 (HTTPS) 443 5000 20 slicemia.com,/es.js /get GET POST %windir%\sysnative\mstsc.exe 1580103814
180.215.229.41 8080 1.62022E+12 x86 0 (HTTP) 8080 60000 0 up.adobe-flash-update.com,/pixel.gif /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
180.215.229.41 8080 1.62022E+12 x64 0 (HTTP) 8080 60000 0 up.adobe-flash-update.com,/pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
185.244.150.169 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 helle1.net,/userid= /update.php GET POST %windir%\syswow64\rundll32.exe 1580103814
185.244.150.169 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 helle1.net,/userid= /update.php GET POST %windir%\sysnative\rundll32.exe 1580103814
167.99.184.82 80 1.62022E+12 x86 0 (HTTP) 80 20000 20 167.99.184.82,/oscp/,microsoft.com,/oscp/ /oscp/a/ GET POST %windir%\syswow64\rundll32.exe 1823600325
167.99.184.82 80 1.62022E+12 x64 0 (HTTP) 80 20000 20 167.99.184.82,/oscp/,microsoft.com,/oscp/ /oscp/a/ GET POST %windir%\sysnative\rundll32.exe 1823600325
167.99.184.82 443 1.62022E+12 x86 8 (HTTPS) 443 20000 20 167.99.184.82,/oscp/ /oscp/a/ GET POST %windir%\syswow64\rundll32.exe 1823600325
167.99.184.82 443 1.62022E+12 x64 8 (HTTPS) 443 20000 20 167.99.184.82,/oscp/ /oscp/a/ GET POST %windir%\sysnative\rundll32.exe 1823600325
180.215.229.50 8080 1.62022E+12 x86 0 (HTTP) 8080 60000 0 up.adobe-flash-update.com,/pixel.gif /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
180.215.229.50 8080 1.62022E+12 x64 0 (HTTP) 8080 60000 0 up.adobe-flash-update.com,/pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
104.247.196.170 443 1.62022E+12 x86 8 (HTTPS) 443 5000 10 235 clubuz.com,/us/ky/louisville/312-s-fourth-st.html Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) /OrderEntryService.asmx/AddOrderLine 8.8.8.8 0 GET POST %windir%\syswow64\mstsc.exe 0
104.247.196.170 443 1.62022E+12 x64 8 (HTTPS) 443 5000 10 235 clubuz.com,/us/ky/louisville/312-s-fourth-st.html Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) /OrderEntryService.asmx/AddOrderLine 8.8.8.8 0 GET POST %windir%\sysnative\mstsc.exe 0
104.248.27.231 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 update.asaicell.com,/ca /submit.php GET POST %windir%\syswow64\rundll32.exe 0
104.248.27.231 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 update.asaicell.com,/ptj /submit.php GET POST %windir%\sysnative\rundll32.exe 0
18.209.28.236 443 1.62022E+12 x86 8 (HTTPS) 443 30000 57 accounts.bankpaygateway.com,/jquery-1.12.1.min.js /jquery-1.12.2.min.js GET POST %windir%\syswow64\svchost.exe 1158458342
18.209.28.236 443 1.62022E+12 x64 8 (HTTPS) 443 30000 57 accounts.bankpaygateway.com,/jquery-1.12.1.min.js /jquery-1.12.2.min.js GET POST %windir%\sysnative\spoolsv.exe 1158458342
104.243.38.20 443 1.62022E+12 x86 8 (HTTPS) 443 5000 18 nihahi.com,/modcp.css,yedawu.com,/modcp.css /ky GET POST %windir%\syswow64\wusa.exe 1580103814
104.243.38.20 443 1.62022E+12 x64 8 (HTTPS) 443 5000 18 nihahi.com,/html.css,yedawu.com,/modcp.css /ky GET POST %windir%\sysnative\wusa.exe 1580103814
107.173.164.125 8080 1.62022E+12 x86 0 (HTTP) 8080 60000 0 107.173.164.125,/fwlink /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
107.173.164.125 8080 1.62022E+12 x64 0 (HTTP) 8080 60000 0 107.173.164.125,/dpixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
185.250.151.48 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 185.250.151.48,/g.pixel /submit.php GET POST %windir%\syswow64\rundll32.exe 1580103814
185.250.151.48 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 185.250.151.48,/visit.js /submit.php GET POST %windir%\sysnative\rundll32.exe 1580103814
185.180.197.86 443 1.62022E+12 x86 8 (HTTPS) 443 52442 47 tailgatethenation.com,/tran.html /today.html POST POST %windir%\syswow64\msdt.exe 702890041
185.180.197.86 443 1.62022E+12 x64 8 (HTTPS) 443 52442 47 tailgatethenation.com,/find.html /high.html POST POST %windir%\sysnative\msdt.exe 702890041
35.200.6.25 80 1.62022E+12 x86 0 (HTTP) 80 61814 39 35.200.6.25,/ur.js /media GET POST %windir%\syswow64\regsvr32.exe 1359593325
35.200.6.25 80 1.62022E+12 x64 0 (HTTP) 80 61814 39 35.200.6.25,/ur.js /media GET POST %windir%\sysnative\regsvr32.exe 1359593325
35.200.6.25 443 1.62022E+12 x86 8 (HTTPS) 443 61814 39 www.fu4k.ml,/d_config /lv GET POST %windir%\syswow64\regsvr32.exe 1359593325
35.200.6.25 443 1.62022E+12 x64 8 (HTTPS) 443 61814 39 www.fu4k.ml,/d_config /lu GET POST %windir%\sysnative\regsvr32.exe 1359593325
172.105.10.217 80 1.62022E+12 x86 0 (HTTP) 80 30000 20 remote.claycityhealthcare.com,/CWoNaJLBo/VTNeWw11212/ /CWoNaJLBo/VTNeWw11213/ GET POST %windir%\syswow64\rundll32.exe 1616449647
172.105.10.217 80 1.62022E+12 x64 0 (HTTP) 80 30000 20 remote.claycityhealthcare.com,/CWoNaJLBo/VTNeWw11212/ /CWoNaJLBo/VTNeWw11213/ GET POST %windir%\sysnative\rundll32.exe 1616449647
172.105.10.217 443 1.62022E+12 x86 8 (HTTPS) 443 30000 20 remote.claycityhealthcare.com,/CWoNaJLBo/VTNeWw11212/ /CWoNaJLBo/VTNeWw11213/ GET POST %windir%\syswow64\rundll32.exe 1616449647
172.105.10.217 443 1.62022E+12 x64 8 (HTTPS) 443 30000 20 remote.claycityhealthcare.com,/CWoNaJLBo/VTNeWw11212/ /CWoNaJLBo/VTNeWw11213/ GET POST %windir%\sysnative\rundll32.exe 1616449647
104.243.37.30 443 1.62022E+12 x86 8 (HTTPS) 443 5000 30 talkeve.com,/fo /en GET POST %windir%\syswow64\mstsc.exe 1580103814
104.243.37.30 443 1.62022E+12 x64 8 (HTTPS) 443 5000 30 talkeve.com,/sm /en GET POST %windir%\sysnative\mstsc.exe 1580103814
176.105.254.220 443 1.62022E+12 x86 8 (HTTPS) 443 34310 15 245 dataprotocol.site,/login Mozilla/6.0 (Windows NT 6.2) AppleWebKit/587.39 (KHTML, like Gecko) Chrome/41.0.228.0 Safari/536.7 /Admin 0.0.0.0 0 GET GET %windir%\syswow64\adobe86.exe 0
176.105.254.220 443 1.62022E+12 x64 8 (HTTPS) 443 34310 15 245 dataprotocol.site,/config Mozilla/6.0 (Windows NT 6.2) AppleWebKit/587.39 (KHTML, like Gecko) Chrome/41.0.228.0 Safari/536.7 /Login 0.0.0.0 0 GET GET %windir%\sysnative\adobe64.exe 0
104.243.35.115 443 1.62022E+12 x86 8 (HTTPS) 443 5000 3 dimuyum.com,/lt /mobile-android GET POST %windir%\syswow64\mstsc.exe 1580103814
104.243.35.115 443 1.62022E+12 x64 8 (HTTPS) 443 5000 3 dimuyum.com,/lt /us GET POST %windir%\sysnative\mstsc.exe 1580103814
176.123.8.228 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 safeconnections.xyz,/__utm.gif /___utm.gif GET POST %windir%\syswow64\rundll32.exe 1359593325
176.123.8.228 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 safeconnections.xyz,/__utm.gif /___utm.gif GET POST %windir%\sysnative\rundll32.exe 1359593325
34.238.192.43 443 1.62022E+12 x86 8 (HTTPS) 443 30000 57 sharkfishinguk.com,/jquery-1.12.1.min.js /jquery-1.12.2.min.js GET POST %windir%\syswow64\svchost.exe 1808212404
34.238.192.43 443 1.62022E+12 x64 8 (HTTPS) 443 30000 57 sharkfishinguk.com,/jquery-1.12.1.min.js /jquery-1.12.2.min.js GET POST %windir%\sysnative\spoolsv.exe 1808212404
134.209.117.238 443 1.62022E+12 x86 8 (HTTPS) 443 50000 37 jude.saintjameschurch.org,/Video /search GET POST %windir%\syswow64\rundll32.exe 1293900656
134.209.117.238 443 1.62022E+12 x64 8 (HTTPS) 443 50000 37 jude.saintjameschurch.org,/Video /search GET POST %windir%\sysnative\rundll32.exe 1293900656
45.93.201.114 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 45.93.201.114,/en_US/all.js /submit.php GET POST %windir%\syswow64\rundll32.exe 0
45.93.201.114 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 45.93.201.114,/pixel.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 0
45.93.201.114 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 aphina-sec.com,/push /submit.php GET POST %windir%\syswow64\rundll32.exe 0
45.93.201.114 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 aphina-sec.com,/j.ad /submit.php GET POST %windir%\sysnative\rundll32.exe 0
143.198.197.247 443 1.62022E+12 x86 8 (HTTPS) 443 5000 10 143.198.197.247,/updates /windowsxp/updcheck.php GET POST %windir%\syswow64\rundll32.exe 1359593325
143.198.197.247 443 1.62022E+12 x64 8 (HTTPS) 443 5000 10 143.198.197.247,/updates /aero2/fly.php GET POST %windir%\sysnative\rundll32.exe 1359593325
167.179.76.191 443 1.62022E+12 x86 8 (HTTPS) 443 30000 37 255 www.weixim.ga,/__utm.gif Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) /___utm.gif 8.8.8.8 0 GET POST %windir%\syswow64\rundll32.exe 16777216
167.179.76.191 443 1.62022E+12 x64 8 (HTTPS) 443 30000 37 255 www.weixim.ga,/__utm.gif Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) /___utm.gif 8.8.8.8 0 GET POST %windir%\sysnative\rundll32.exe 16777216
45.33.27.73 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 45.33.27.73,/cx Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 1833616007
45.33.27.73 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 45.33.27.73,/push Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 1833616007
45.33.27.73 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 45.33.27.73,/en_US/all.js Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 1833616007
45.33.27.73 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 45.33.27.73,/dpixel Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 1833616007
34.92.115.71 443 1.62022E+12 x86 8 (HTTPS) 443 100 0 baidu.jdbaa0nline.com,/jquery.min.js /wp-admin GET POST %windir%\syswow64\rundll32.exe 0
34.92.115.71 443 1.62022E+12 x64 8 (HTTPS) 443 100 0 baidu.jdbaa0nline.com,/jquery.min.js /wp-admin GET POST %windir%\sysnative\rundll32.exe 0
23.82.140.186 443 1.62022E+12 x86 8 (HTTPS) 443 5000 42 yazorac.com,/us.css /av GET POST %windir%\syswow64\mstsc.exe 1580103814
23.82.140.186 443 1.62022E+12 x64 8 (HTTPS) 443 5000 42 yazorac.com,/ms.css /av GET POST %windir%\sysnative\mstsc.exe 1580103814
54.172.22.64 80 1.62022E+12 x86 0 (HTTP) 80 5000 0 255 thefaithfulamerican.com,/s/ref=nb_sb_noss 5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.7113.93 Safari/537.36 /gp/product/sessionCacheUpdateHandler.html 0.0.0.0 0 GET POST %windir%\syswow64\nslookup.exe 1
54.172.22.64 80 1.62022E+12 x64 0 (HTTP) 80 5000 0 255 thefaithfulamerican.com,/s/ref=nb_sb_noss 5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.7113.93 Safari/537.36 /gp/product/sessionCacheUpdateHandler.html 0.0.0.0 0 GET POST %windir%\system32\mobsync.exe 1
54.172.22.64 443 1.62022E+12 x86 8 (HTTPS) 443 5000 0 255 thefaithfulamerican.com,/s/ref=nb_sb_noss 5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.7113.93 Safari/537.36 /gp/product/sessionCacheUpdateHandler.html 0.0.0.0 0 GET POST %windir%\syswow64\nslookup.exe 1
54.172.22.64 443 1.62022E+12 x64 8 (HTTPS) 443 5000 0 255 thefaithfulamerican.com,/s/ref=nb_sb_noss 5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.7113.93 Safari/537.36 /gp/product/sessionCacheUpdateHandler.html 0.0.0.0 0 GET POST %windir%\system32\mobsync.exe 1
160.116.52.106 443 1.62022E+12 x86 8 (HTTPS) 443 15000 50 58.218.215.129,/jquery-3.3.1.min.js,58.215.145.132,/jquery-3.3.1.min.js,114.80.187.88,/jquery-3.3.1.min.js,118.180.56.198,/jquery-3.3.1.min.js,60.217.246.203,/jquery-3.3.1.min.js,222.222.88.69,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 0
160.116.52.106 443 1.62022E+12 x64 8 (HTTPS) 443 15000 50 58.218.215.129,/jquery-3.3.1.min.js,58.215.145.132,/jquery-3.3.1.min.js,114.80.187.88,/jquery-3.3.1.min.js,118.180.56.198,/jquery-3.3.1.min.js,60.217.246.203,/jquery-3.3.1.min.js,222.222.88.69,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 0
103.64.12.177 443 1.62022E+12 x86 8 (HTTPS) 443 3000 0 255 service-q06q0t7u-1251167152.gz.apigw.tencentcs.com,/api/getit Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) /api/postit 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
103.64.12.177 443 1.62022E+12 x64 8 (HTTPS) 443 3000 0 255 service-q06q0t7u-1251167152.gz.apigw.tencentcs.com,/api/getit Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) /api/postit 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
23.108.57.31 80 1.62022E+12 x86 0 (HTTP) 80 48963 24 ticksecuritybusiness.com,/jquery-3.2.2.min.js,23.108.57.31,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\syswow64\WUAUCLT.exe 1580103814
23.108.57.31 80 1.62022E+12 x64 0 (HTTP) 80 48963 24 ticksecuritybusiness.com,/jquery-3.2.2.min.js,23.108.57.31,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\sysnative\WUAUCLT.exe 1580103814
23.108.57.31 443 1.62022E+12 x86 8 (HTTPS) 443 48963 24 ticksecuritybusiness.com,/jquery-3.2.2.min.js,23.108.57.31,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\syswow64\WUAUCLT.exe 1580103814
23.108.57.31 443 1.62022E+12 x64 8 (HTTPS) 443 48963 24 ticksecuritybusiness.com,/jquery-3.2.2.min.js,23.108.57.31,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\sysnative\WUAUCLT.exe 1580103814
23.108.57.31 8080 1.62022E+12 x86 8 (HTTPS) 8080 48963 24 ticksecuritybusiness.com,/jquery-3.2.2.min.js,23.108.57.31,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\syswow64\WUAUCLT.exe 1580103814
23.108.57.31 8080 1.62022E+12 x64 8 (HTTPS) 8080 48963 24 ticksecuritybusiness.com,/jquery-3.2.2.min.js,23.108.57.31,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\sysnative\WUAUCLT.exe 1580103814
154.220.3.226 80 1.62022E+12 x86 0 (HTTP) 80 60000 20 235 154.220.3.226,/preload Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko /sa 8.8.4.4 0 GET GET %windir%\syswow64\rundll32.exe 0
154.220.3.226 80 1.62022E+12 x64 0 (HTTP) 80 60000 20 235 154.220.3.226,/preload Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko /sa 8.8.4.4 0 GET GET %windir%\sysnative\rundll32.exe 0
149.28.233.123 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 149.28.233.123,/visit.js Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 1711276032
149.28.233.123 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 149.28.233.123,/__utm.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 1711276032
149.28.148.133 443 1.62022E+12 x86 8 (HTTPS) 443 45000 37 255 149.28.148.133,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\syswow64\dllhost.exe 0
149.28.148.133 443 1.62022E+12 x64 8 (HTTPS) 443 45000 37 255 149.28.148.133,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\sysnative\dllhost.exe 0
159.89.206.190 80 1.62022E+12 x86 0 (HTTP) 80 38500 27 245 159.89.206.190,/maps/overlaybfpr Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 /fd/ls/lsp.aspx 8.8.8.8 0 GET POST %windir%\syswow64\gpupdate.exe 305419896
159.89.206.190 80 1.62022E+12 x64 0 (HTTP) 80 38500 27 245 159.89.206.190,/maps/overlaybfpr Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 /fd/ls/lsp.aspx 8.8.8.8 0 GET POST %windir%\sysnative\gpupdate.exe 305419896
157.90.160.200 80 1.62022E+12 x86 0 (HTTP) 80 60000 20 hourshape.com,/search/ /Search/ GET GET %windir%\syswow64\rundll32.exe 0
157.90.160.200 80 1.62022E+12 x64 0 (HTTP) 80 60000 20 hourshape.com,/search/ /Search/ GET GET %windir%\sysnative\rundll32.exe 0
158.247.203.203 80 1.62022E+12 x86 0 (HTTP) 80 30000 0 158.247.203.203,/include/template/isx.php /modules/mod_search.php GET POST %windir%\syswow64\rundll32.exe 1359593325
158.247.203.203 80 1.62022E+12 x64 0 (HTTP) 80 30000 0 158.247.203.203,/wp06/wp-includes/po.php /includes/phpmailer/class.pop3.php GET POST %windir%\sysnative\rundll32.exe 1359593325
139.162.76.207 80 1.62022E+12 x86 0 (HTTP) 80 45000 15 255 banweb.cityu.dev,/include/template/ClassSvc.php,cc12234.cityu.dev,/include/template/ClassSvc.php,lb23311.cityu.dev,/core/wp-includes/pol.php Mozilla/6.0 (Windows; U; MSIE 7.0; Windows NT 6.0) Java/1.5.0_08 /modules/mod_search.php 0.0.0.0 0 GET POST %windir%\syswow64\dllhost.exe 1873433027
139.162.76.207 80 1.62022E+12 x64 0 (HTTP) 80 45000 15 255 banweb.cityu.dev,/core/wp-includes/pol.php,cc12234.cityu.dev,/center/gateway/common.php,lb23311.cityu.dev,/center/gateway/common.php Mozilla/6.0 (Windows; U; MSIE 7.0; Windows NT 6.0) Java/1.5.0_08 /includes/libs/route.php 0.0.0.0 0 GET POST %windir%\sysnative\dllhost.exe 1873433027
139.162.221.161 80 1.62022E+12 x86 0 (HTTP) 80 45000 37 139.162.221.161,/jquery-3.3.1.min.js,192.46.221.58,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 1354679710
139.162.221.161 80 1.62022E+12 x64 0 (HTTP) 80 45000 37 139.162.221.161,/jquery-3.3.1.min.js,192.46.221.58,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 1354679710
45.76.219.26 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 47.56.219.26,/en_US/all.js Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
45.76.219.26 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 47.56.219.26,/j.ad Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
119.28.92.130 80 1.62022E+12 x86 0 (HTTP) 80 45000 37 255 dataoss.microsoft.com.w.kunluncan.com,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\syswow64\dllhost.exe 305419896
119.28.92.130 80 1.62022E+12 x64 0 (HTTP) 80 45000 37 255 dataoss.microsoft.com.w.kunluncan.com,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\sysnative\dllhost.exe 305419896
119.28.92.130 443 1.62022E+12 x86 8 (HTTPS) 443 45000 37 255 app.tech.icbc.com.cn.w.cdngslb.com,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\syswow64\dllhost.exe 305419896
119.28.92.130 443 1.62022E+12 x64 8 (HTTPS) 443 45000 37 255 app.tech.icbc.com.cn.w.cdngslb.com,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\sysnative\dllhost.exe 305419896
142.93.152.156 80 1.62022E+12 x86 0 (HTTP) 80 60000 70 www.canada-gov.ca,/my.gif /send GET POST %windir%\syswow64\WerFault.exe 879716007
142.93.152.156 80 1.62022E+12 x64 0 (HTTP) 80 60000 70 www.canada-gov.ca,/my.gif /send GET POST %windir%\sysnative\WerFault.exe 879716007
139.177.196.191 443 1.62022E+12 x86 8 (HTTPS) 443 30000 17 dev.burdine-health.com,/visit.js /submit.php GET POST %windir%\syswow64\fsutil.exe 1616449647
139.177.196.191 443 1.62022E+12 x64 8 (HTTPS) 443 30000 17 dev.burdine-health.com,/visit.js /submit.php GET POST %windir%\sysnative\fsutil.exe 1616449647
145.249.106.104 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 145.249.106.104,/dpixel /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
145.249.106.104 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 145.249.106.104,/cm /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
23.94.96.238 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 test.pikachuu.cf,/__utm.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
23.94.96.238 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 test.pikachuu.cf,/match Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;NLNL) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
47.111.163.10 80 1.62022E+12 x86 0 (HTTP) 80 5000 0 47.111.163.10,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books /N4215/adj/amzn.us.sr.aps GET POST %windir%\syswow64\rundll32.exe 1
47.111.163.10 80 1.62022E+12 x64 0 (HTTP) 80 5000 0 47.111.163.10,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books /N4215/adj/amzn.us.sr.aps GET POST %windir%\sysnative\rundll32.exe 1
149.28.20.245 80 1.62022E+12 x86 0 (HTTP) 80 60000 20 235 149.28.20.245,/search/ Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /Search/ 8.8.4.4 0 GET GET %windir%\syswow64\rundll32.exe 305419896
149.28.20.245 80 1.62022E+12 x64 0 (HTTP) 80 60000 20 235 149.28.20.245,/search/ Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /Search/ 8.8.4.4 0 GET GET %windir%\sysnative\rundll32.exe 305419896
138.124.180.71 80 1.62022E+12 x86 0 (HTTP) 80 7000 15 mortgagesection.com,/_/scs/mail-static/_/js/ /mail/u/0/ GET POST %windir%\syswow64\rundll32.exe 0
138.124.180.71 80 1.62022E+12 x64 0 (HTTP) 80 7000 15 mortgagesection.com,/_/scs/mail-static/_/js/ /mail/u/0/ GET POST %windir%\sysnative\rundll32.exe 0
121.40.242.232 80 1.62022E+12 x86 0 (HTTP) 80 10000 0 255 121.40.242.232,/images/logo.png Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36 /user/CheckLogin 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
121.40.242.232 80 1.62022E+12 x64 0 (HTTP) 80 10000 0 255 121.40.242.232,/images/logo.png Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36 /user/CheckLogin 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
145.239.41.243 443 1.62022E+12 x86 8 (HTTPS) 443 5000 0 cov19-alerts.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books /N4215/adj/amzn.us.sr.aps GET POST %windir%\syswow64\rundll32.exe 1359593325
145.239.41.243 443 1.62022E+12 x64 8 (HTTPS) 443 5000 0 cov19-alerts.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books /N4215/adj/amzn.us.sr.aps GET POST %windir%\sysnative\rundll32.exe 1359593325
145.249.107.35 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 145.249.107.35,/IE9CompatViewList.xml /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
145.249.107.35 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 145.249.107.35,/en_US/all.js /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
45.140.167.105 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 31.44.184.232,/pixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
45.140.167.105 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 31.44.184.232,/__utm.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 0
139.60.161.65 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 139.60.161.65,/match Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
139.60.161.65 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 139.60.161.65,/visit.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
139.60.161.65 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 139.60.161.65,/ga.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ESES) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
139.60.161.65 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 139.60.161.65,/cm Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
144.202.87.13 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 www.welbo.co,/j.ad Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MAAU) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
144.202.87.13 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 www.welbo.co,/cm Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
119.29.189.237 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 119.29.189.237,/load /submit.php GET POST %windir%\syswow64\rundll32.exe 0
119.29.189.237 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 119.29.189.237,/cx /submit.php GET POST %windir%\sysnative\rundll32.exe 0
121.5.103.116 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 121.5.103.116,/visit.js /submit.php GET POST %windir%\syswow64\rundll32.exe 1
121.5.103.116 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 121.5.103.116,/j.ad /submit.php GET POST %windir%\sysnative\rundll32.exe 1
87.120.8.67 80 1.62022E+12 x86 0 (HTTP) 80 5000 0 ec2-54-82-176-65.compute-1.amazonaws.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books /N4215/adj/amzn.us.sr.aps GET POST %windir%\syswow64\rundll32.exe 0
87.120.8.67 80 1.62022E+12 x64 0 (HTTP) 80 5000 0 ec2-54-82-176-65.compute-1.amazonaws.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books /N4215/adj/amzn.us.sr.aps GET POST %windir%\sysnative\rundll32.exe 0
139.60.161.99 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 139.60.161.99,/cx Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
139.60.161.99 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 139.60.161.99,/activity Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; LBBROWSER) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
139.224.118.73 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 139.224.118.73,/pixel /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
139.224.118.73 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 139.224.118.73,/cx /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
39.102.55.191 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 39.102.55.191,/en_US/all.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 16777216
39.102.55.191 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 39.102.55.191,/ptj Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 16777216
123.56.236.57 443 1.62022E+12 x86 8 (HTTPS) 443 60000 20 123.56.236.57,/cnn/cnnx/dai/hds/stream_hd/1/cnnxlive1_4.bootstrap /cnn/cnnx/dai/hds/stream_hd/2/cnnxlive1_4.bootstrap GET GET %windir%\syswow64\rundll32.exe 1359593325
123.56.236.57 443 1.62022E+12 x64 8 (HTTPS) 443 60000 20 123.56.236.57,/cnn/cnnx/dai/hds/stream_hd/1/cnnxlive1_4.bootstrap /cnn/cnnx/dai/hds/stream_hd/2/cnnxlive1_4.bootstrap GET GET %windir%\sysnative\rundll32.exe 1359593325
106.15.197.67 443 1.62022E+12 x86 8 (HTTPS) 443 3000 37 255 106.15.197.67,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 1.1.1.1 0 GET POST %windir%\syswow64\dllhost.exe 305419896
106.15.197.67 443 1.62022E+12 x64 8 (HTTPS) 443 3000 37 255 106.15.197.67,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 1.1.1.1 0 GET POST %windir%\sysnative\dllhost.exe 305419896
104.131.210.108 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 mobilecdnprod.azureedge.net,/IE9CompatViewList.xml /submit.php GET POST %windir%\syswow64\rundll32.exe 1518076171
104.131.210.108 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 mobilecdnprod.azureedge.net,/ptj /submit.php GET POST %windir%\sysnative\rundll32.exe 1518076171
23.224.70.226 443 1.62022E+12 x86 8 (HTTPS) 443 25000 37 www.hellomrsone.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\svchost.exe 1359593325
23.224.70.226 443 1.62022E+12 x64 8 (HTTPS) 443 25000 37 www.hellomrsone.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\svchost.exe 1359593325
104.238.221.68 443 1.62022E+12 x86 8 (HTTPS) 443 5000 22 zovipiy.com,/mg.js /fam_cart GET POST %windir%\syswow64\mstsc.exe 1580103814
104.238.221.68 443 1.62022E+12 x64 8 (HTTPS) 443 5000 22 zovipiy.com,/dhl.js /fam_cart GET POST %windir%\sysnative\mstsc.exe 1580103814
119.3.141.162 80 1.62022E+12 x86 0 (HTTP) 80 45000 37 255 192.168.98.1,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 8.8.8.8 0 GET POST %windir%\syswow64\dllhost.exe 305419896
119.3.141.162 80 1.62022E+12 x64 0 (HTTP) 80 45000 37 255 192.168.98.1,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 8.8.8.8 0 GET POST %windir%\sysnative\dllhost.exe 305419896
103.64.12.176 80 1.62022E+12 x86 0 (HTTP) 80 3000 0 255 service-q06q0t7u-1251167152.gz.apigw.tencentcs.com,/api/getit Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) /api/postit 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
103.64.12.176 80 1.62022E+12 x64 0 (HTTP) 80 3000 0 255 service-q06q0t7u-1251167152.gz.apigw.tencentcs.com,/api/getit Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) /api/postit 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
128.199.146.191 443 1.62022E+12 x86 8 (HTTPS) 443 15000 90 www.usatoday.com,/tangstatic/js/main-q1a2z3b37df2b1.min.js /b/ss/globaldesktopmobilesite/1/JS-2.11.0/s06303290763118 GET POST C:\Program Files (x86)\Internet Explorer\iexplore.exe 1288033143
128.199.146.191 443 1.62022E+12 x64 8 (HTTPS) 443 15000 90 www.usatoday.com,/tangsvc/pg/5066496002/ /b/ss/globaldesktopmobilesite/1/JS-2.17.0/s08013123891571 GET POST C:\Program Files\Internet Explorer\iexplore.exe 1288033143
45.79.35.99 80 1.62022E+12 x86 0 (HTTP) 80 45000 37 139.162.221.161,/jquery-3.3.1.min.js,192.46.221.58,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 1354679710
45.79.35.99 80 1.62022E+12 x64 0 (HTTP) 80 45000 37 139.162.221.161,/jquery-3.3.1.min.js,192.46.221.58,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 1354679710
35.177.95.190 80 1.62022E+12 x86 0 (HTTP) 80 200 23 vanguard.medicaloptionsfinance.com,/real-world-investing/ /personal-finance/ GET POST %windir%\syswow64\dllhost.exe http://127.0.0.1:8080 554663886
35.177.95.190 80 1.62022E+12 x64 0 (HTTP) 80 200 23 vanguard.medicaloptionsfinance.com,/real-world-investing/ /personal-finance/ GET POST %windir%\sysnative\dllhost.exe http://127.0.0.1:8080 554663886
35.177.95.190 443 1.62022E+12 x86 8 (HTTPS) 443 200 23 private.medicaloptionsfinance.com,/real-world-investing/ /personal-finance/ GET POST %windir%\syswow64\dllhost.exe 554663886
35.177.95.190 443 1.62022E+12 x64 8 (HTTPS) 443 200 23 private.medicaloptionsfinance.com,/real-world-investing/ /personal-finance/ GET POST %windir%\sysnative\dllhost.exe 554663886
108.62.118.4 80 1.62022E+12 x86 0 (HTTP) 80 59570 39 108.62.118.4,/zh /mg GET POST %windir%\syswow64\svchost.exe 1359593325
108.62.118.4 80 1.62022E+12 x64 0 (HTTP) 80 59570 39 108.62.118.4,/cs /mg GET POST %windir%\sysnative\svchost.exe 1359593325
108.62.118.131 443 1.62022E+12 x86 8 (HTTPS) 443 5000 38 gerepa.com,/ce /common GET POST %windir%\syswow64\wusa.exe 1580103814
108.62.118.131 443 1.62022E+12 x64 8 (HTTPS) 443 5000 38 gerepa.com,/ce /common GET POST %windir%\sysnative\wusa.exe 1580103814
78.129.165.207 80 1.62022E+12 x86 0 (HTTP) 80 60000 41 78.129.165.207,/avatars.css /RELEASE_NOTES GET POST %windir%\syswow64\svchost.exe 0
78.129.165.207 80 1.62022E+12 x64 0 (HTTP) 80 60000 41 78.129.165.207,/av.css /fam_cart GET POST %windir%\sysnative\svchost.exe 0
104.243.46.74 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 104.243.46.74,/ca Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENCA) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
104.243.46.74 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 104.243.46.74,/push Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASP) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
45.132.12.231 443 1.62022E+12 x86 8 (HTTPS) 443 10000 0 ts.wii.qq.com,/ping /log GET POST %windir%\syswow64\rundll32.exe 1359593325
45.132.12.231 443 1.62022E+12 x64 8 (HTTPS) 443 10000 0 ts.wii.qq.com,/ping /log GET POST %windir%\sysnative\rundll32.exe 1359593325
66.181.34.16 8080 1.62022E+12 x86 0 (HTTP) 8080 51872 41 akamaclouds.tech,/oLP/,66.181.34.16,/oLP/ /OLLP/ GET GET %windir%\syswow64\dllhost.exe 1580103814
66.181.34.16 8080 1.62022E+12 x64 0 (HTTP) 8080 51872 41 akamaclouds.tech,/oLP/,66.181.34.16,/oLP/ /OLLP/ GET GET %windir%\sysnative\dllhost.exe 1580103814
108.62.118.213 80 1.62022E+12 x86 0 (HTTP) 80 55054 43 108.62.118.213,/boxes.js /avatars GET POST %windir%\syswow64\WUAUCLT.exe 1359593325
108.62.118.213 80 1.62022E+12 x64 0 (HTTP) 80 55054 43 108.62.118.213,/boxes.js /avatars GET POST %windir%\sysnative\WUAUCLT.exe 1359593325
109.201.142.110 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 forteupdate.com,/IE9CompatViewList.xml Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 555758901
109.201.142.110 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 forteupdate.com,/match Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 555758901
109.201.142.110 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 forteupdate.com,/match Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 555758901
109.201.142.110 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 forteupdate.com,/activity Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 555758901
62.128.111.176 80 1.62022E+12 x86 0 (HTTP) 80 47771 57 akastat.app,/oscp/,62.128.111.176,/oscp/ /signer/g/ GET POST %windir%\syswow64\gpupdate.exe 1580103814
62.128.111.176 80 1.62022E+12 x64 0 (HTTP) 80 47771 57 akastat.app,/oscp/,62.128.111.176,/oscp/ /signer/g/ GET POST %windir%\sysnative\gpupdate.exe 1580103814
62.128.111.176 8080 1.62022E+12 x86 0 (HTTP) 8080 47771 57 akastat.app,/oscp/,62.128.111.176,/oscp/ /signer/g/ GET POST %windir%\syswow64\gpupdate.exe 1580103814
62.128.111.176 8080 1.62022E+12 x64 0 (HTTP) 8080 47771 57 akastat.app,/oscp/,62.128.111.176,/oscp/ /signer/g/ GET POST %windir%\sysnative\gpupdate.exe 1580103814
52.232.80.105 80 1.62022E+12 x86 0 (HTTP) 80 13000 41 workhub.microsoft.com,/static/js/main.9e106473.chunk.js /metrics GET POST %windir%\syswow64\gpupdate.exe 1592042872
52.232.80.105 80 1.62022E+12 x64 0 (HTTP) 80 13000 41 workhub.microsoft.com,/static/js/main.9e106473.chunk.js /metrics GET POST %windir%\sysnative\gpupdate.exe 1592042872
109.236.84.121 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 109.236.84.121,/fwlink Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
109.236.84.121 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 109.236.84.121,/load Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
69.49.229.88 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 69.49.229.88,/dpixel Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
69.49.229.88 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 69.49.229.88,/ga.js Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
18.217.215.212 443 1.62022E+12 x86 8 (HTTPS) 443 1000 37 18.217.215.212,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 1359593325
18.217.215.212 443 1.62022E+12 x64 8 (HTTPS) 443 1000 37 18.217.215.212,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 1359593325
74.119.192.25 80 1.62022E+12 x86 0 (HTTP) 80 60000 20 ptcearner.com,/c/msdownload/update/others/2016/12/29136388_ /c/msdownload/update/others/2016/12/3215234_ GET GET %windir%\syswow64\rundll32.exe 0
74.119.192.25 80 1.62022E+12 x64 0 (HTTP) 80 60000 20 ptcearner.com,/c/msdownload/update/others/2016/12/29136388_ /c/msdownload/update/others/2016/12/3215234_ GET GET %windir%\sysnative\rundll32.exe 0
35.196.208.58 443 1.62022E+12 x86 8 (HTTPS) 443 60000 20 35.196.208.58,/index.html /secure/upload GET POST C:\Program Files (x86)\Internet Explorer\iexplore.exe 2028080768
35.196.208.58 443 1.62022E+12 x64 8 (HTTPS) 443 60000 20 35.196.208.58,/index.html /secure/upload GET POST C:\Program Files\Internet Explorer\iexplore.exe 2028080768
80.92.204.193 80 1.62022E+12 x86 0 (HTTP) 80 7300 37 foreverfamilypjs.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\svchost.exe -k netsvcs 0
80.92.204.193 80 1.62022E+12 x64 0 (HTTP) 80 7300 37 foreverfamilypjs.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\svchost.exe -k netsvcs 0
51.81.153.58 80 1.62022E+12 x86 0 (HTTP) 80 7514 66 asl-ofc-msoffice.com,/truth/vision /valid GET POST %windir%\syswow64\gpupdate.exe 1359593325
51.81.153.58 80 1.62022E+12 x64 0 (HTTP) 80 7514 66 asl-ofc-msoffice.com,/truth/vision /feedback GET POST %windir%\sysnative\gpupdate.exe 1359593325
94.158.244.78 80 1.62022E+12 x86 0 (HTTP) 80 56771 47 azurestat.app,/oLP/,94.158.244.78,/oLP/ /OLLP/ GET GET %windir%\syswow64\dllhost.exe 1580103814
94.158.244.78 80 1.62022E+12 x64 0 (HTTP) 80 56771 47 azurestat.app,/oLP/,94.158.244.78,/oLP/ /OLLP/ GET GET %windir%\sysnative\dllhost.exe 1580103814
94.158.244.78 8080 1.62022E+12 x86 0 (HTTP) 8080 56771 47 azurestat.app,/oLP/,94.158.244.78,/oLP/ /OLLP/ GET GET %windir%\syswow64\dllhost.exe 1580103814
94.158.244.78 8080 1.62022E+12 x64 0 (HTTP) 8080 56771 47 azurestat.app,/oLP/,94.158.244.78,/oLP/ /OLLP/ GET GET %windir%\sysnative\dllhost.exe 1580103814
47.242.41.171 80 1.62022E+12 x86 0 (HTTP) 80 55229 37 247 cdn.sogou-update.com,/template.css Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246 /modcp 66.232.38.134 0 GET POST %windir%\syswow64\WUAUCLT.exe 305419896
47.242.41.171 80 1.62022E+12 x64 0 (HTTP) 80 55229 37 247 cdn.sogou-update.com,/copyright.css Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246 /modcp 66.232.38.134 0 GET POST %windir%\sysnative\WUAUCLT.exe 305419896
47.111.144.178 443 1.62022E+12 x86 8 (HTTPS) 443 45000 37 255 47.111.144.178,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\syswow64\dllhost.exe 0
47.111.144.178 443 1.62022E+12 x64 8 (HTTPS) 443 45000 37 255 47.111.144.178,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\sysnative\dllhost.exe 0
74.121.191.2 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 159.65.36.16,/cm /submit.php GET POST %windir%\syswow64\rundll32.exe 0
74.121.191.2 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 159.65.36.16,/dpixel /submit.php GET POST %windir%\sysnative\rundll32.exe 0
74.121.191.2 8080 1.62022E+12 x86 0 (HTTP) 8080 60000 0 192.95.16.245,/ga.js /submit.php GET POST %windir%\syswow64\rundll32.exe 0
74.121.191.2 8080 1.62022E+12 x64 0 (HTTP) 8080 60000 0 192.95.16.245,/pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 0
45.79.239.17 80 1.62022E+12 x86 0 (HTTP) 80 45000 37 139.162.221.161,/jquery-3.3.1.min.js,192.46.221.58,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 1354679710
45.79.239.17 80 1.62022E+12 x64 0 (HTTP) 80 45000 37 139.162.221.161,/jquery-3.3.1.min.js,192.46.221.58,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 1354679710
47.243.89.249 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 47.243.89.249,/updates.rss /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
47.243.89.249 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 47.243.89.249,/IE9CompatViewList.xml /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
82.117.252.32 80 1.62022E+12 x86 0 (HTTP) 80 58302 37 testsubnet.com,/ky /ky GET POST %windir%\syswow64\WUAUCLT.exe 1580103814
82.117.252.32 80 1.62022E+12 x64 0 (HTTP) 80 58302 37 testsubnet.com,/ky /ky GET POST %windir%\sysnative\WUAUCLT.exe 1580103814
78.108.180.43 443 1.62022E+12 x86 8 (HTTPS) 443 34310 15 245 dataprotocol.site,/login Mozilla/6.0 (Windows NT 6.2) AppleWebKit/587.39 (KHTML, like Gecko) Chrome/41.0.228.0 Safari/536.7 /Admin 0.0.0.0 0 GET GET %windir%\syswow64\adobe86.exe 0
78.108.180.43 443 1.62022E+12 x64 8 (HTTPS) 443 34310 15 245 dataprotocol.site,/config Mozilla/6.0 (Windows NT 6.2) AppleWebKit/587.39 (KHTML, like Gecko) Chrome/41.0.228.0 Safari/536.7 /Login 0.0.0.0 0 GET GET %windir%\sysnative\adobe64.exe 0
47.111.13.98 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 47.111.13.98,/push /submit.php GET POST %windir%\syswow64\rundll32.exe 426352781
47.111.13.98 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 47.111.13.98,/fwlink /submit.php GET POST %windir%\sysnative\rundll32.exe 426352781
59.63.224.101 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 59.63.224.101,/cm Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
59.63.224.101 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 59.63.224.101,/match Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Touch) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
52.220.162.114 80 1.62022E+12 x86 0 (HTTP) 80 30000 20 52.220.162.114,/CWoNaJLBo/VTNeWw11212/ /CWoNaJLBo/VTNeWw11213/ GET POST %windir%\syswow64\rundll32.exe 0
52.220.162.114 80 1.62022E+12 x64 0 (HTTP) 80 30000 20 52.220.162.114,/CWoNaJLBo/VTNeWw11212/ /CWoNaJLBo/VTNeWw11213/ GET POST %windir%\sysnative\rundll32.exe 0
35.158.226.16 80 1.62022E+12 x86 0 (HTTP) 80 5000 10 rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants /vlk/xmlrpc/v2 GET POST %windir%\syswow64\mavinject.exe 1807886020
35.158.226.16 80 1.62022E+12 x64 0 (HTTP) 80 5000 10 rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants /vlk/xmlrpc/v2 GET POST %windir%\sysnative\gpupdate.exe 1807886020
64.187.238.58 443 1.62022E+12 x86 8 (HTTPS) 443 5000 19 hayitad.com,/bg /mt GET POST %windir%\syswow64\mstsc.exe 1580103814
64.187.238.58 443 1.62022E+12 x64 8 (HTTPS) 443 5000 19 hayitad.com,/ch /mt GET POST %windir%\sysnative\mstsc.exe 1580103814
63.250.33.110 443 1.62022E+12 x86 8 (HTTPS) 443 30000 35 paginator.tekerezoo.cx,/config /Uri1 GET GET %windir%\syswow64\gpupdate.exe 0
63.250.33.110 443 1.62022E+12 x64 8 (HTTPS) 443 30000 35 paginator.tekerezoo.cx,/config /Uri1 GET GET %windir%\sysnative\gpupdate.exe 0
62.171.142.145 443 1.62022E+12 x86 8 (HTTPS) 443 3000 0 255 62.171.142.145,/api/getit Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) /api/postit 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
62.171.142.145 443 1.62022E+12 x64 8 (HTTPS) 443 3000 0 255 62.171.142.145,/api/getit Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) /api/postit 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
45.146.165.143 80 1.62022E+12 x86 0 (HTTP) 80 10000 50 255 45.146.165.143,/complete/search Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 /gen_204 8.8.8.8 0 GET POST %windir%\syswow64\lsass.exe 305419896
45.146.165.143 80 1.62022E+12 x64 0 (HTTP) 80 10000 50 255 45.146.165.143,/complete/search Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 /gen_204 8.8.8.8 0 GET POST %windir%\sysnative\lsass.exe 305419896
3.233.224.182 80 1.62022E+12 x86 0 (HTTP) 80 60000 37 www.tastydonutco.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\rundll32.exe 1121135275
3.233.224.182 80 1.62022E+12 x64 0 (HTTP) 80 60000 37 www.tastydonutco.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\rundll32.exe 1121135275
46.17.63.191 443 1.62022E+12 x86 8 (HTTPS) 443 48963 24 justicedev.com,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\syswow64\WUAUCLT.exe 0
46.17.63.191 443 1.62022E+12 x64 8 (HTTPS) 443 48963 24 justicedev.com,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\sysnative\WUAUCLT.exe 0
47.90.202.152 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 47.90.202.152,/updates.rss Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; ASU2JS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
47.90.202.152 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 47.90.202.152,/j.ad Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
5.181.156.46 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 5.181.156.46,/dot.gif /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
5.181.156.46 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 5.181.156.46,/j.ad /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
23.106.122.197 443 1.62022E+12 x86 8 (HTTPS) 443 45000 37 45.86.162.82,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 1359593325
23.106.122.197 443 1.62022E+12 x64 8 (HTTPS) 443 45000 37 45.86.162.82,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 1359593325
47.57.125.197 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 47.57.125.197,/__utm.gif Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
47.57.125.197 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 47.57.125.197,/pixel Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
31.44.184.73 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 31.44.184.73,/IE9CompatViewList.xml /submit.php GET POST %windir%\syswow64\rundll32.exe 0
31.44.184.73 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 31.44.184.73,/en_US/all.js /submit.php GET POST %windir%\sysnative\rundll32.exe 0
43.128.54.142 8088 1.62022E+12 x86 0 (HTTP) 8088 5000 33 245 43.18.54.12,/config Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.39 (KHTML, like Gecko) Chrome/41.0.2229.0 Safari/537.38 /Config 8.8.8.8 0 GET GET %windir%\syswow64\gpupdate.exe 305419896
43.128.54.142 8088 1.62022E+12 x64 0 (HTTP) 8088 5000 33 245 43.18.54.12,/config Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.39 (KHTML, like Gecko) Chrome/41.0.2229.0 Safari/537.38 /Config 8.8.8.8 0 GET GET %windir%\sysnative\gpupdate.exe 305419896
18.180.45.136 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 18.180.45.136,/dot.gif Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
18.180.45.136 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 18.180.45.136,/ga.js Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
31.44.3.198 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 31.44.3.198,/ptj /submit.php GET POST %windir%\syswow64\rundll32.exe 0
31.44.3.198 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 31.44.3.198,/cx /submit.php GET POST %windir%\sysnative\rundll32.exe 0
3.101.21.96 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 cobaltstrike.mywire.org,/load /submit.php GET POST %windir%\syswow64\rundll32.exe 161861454
3.101.21.96 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 cobaltstrike.mywire.org,/fwlink /submit.php GET POST %windir%\sysnative\rundll32.exe 161861454
35.73.62.248 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 35.73.62.248,/ca Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
35.73.62.248 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 35.73.62.248,/dot.gif Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
23.163.0.12 80 1.62022E+12 x86 0 (HTTP) 80 5000 0 23.163.0.12,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books /N4215/adj/amzn.us.sr.aps GET POST %windir%\syswow64\rundll32.exe 0
23.163.0.12 80 1.62022E+12 x64 0 (HTTP) 80 5000 0 23.163.0.12,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books /N4215/adj/amzn.us.sr.aps GET POST %windir%\sysnative\rundll32.exe 0
3.84.92.3 443 1.62022E+12 x86 8 (HTTPS) 443 20000 20 microsoft-api.azurewebsites.net,/api/GetData /api/PostData GET POST %windir%\syswow64\rundll32.exe 1654237132
3.84.92.3 443 1.62022E+12 x64 8 (HTTPS) 443 20000 20 microsoft-api.azurewebsites.net,/api/GetData /api/PostData GET POST %windir%\sysnative\rundll32.exe 1654237132
8.210.208.66 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 8.210.208.66,/j.ad Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
8.210.208.66 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 8.210.208.66,/__utm.gif Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
18.218.140.159 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 18.218.140.159,/activity /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
18.218.140.159 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 18.218.140.159,/g.pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
8.140.175.24 80 1.62022E+12 x86 0 (HTTP) 80 1500 0 235 8.140.175.24,/live-txy/check Shockwave Flash /live-txy/ 8.8.4.4 0 GET POST %windir%\syswow64\rundll32.exe 305419896
8.140.175.24 80 1.62022E+12 x64 0 (HTTP) 80 1500 0 235 8.140.175.24,/live-txy/check Shockwave Flash /live-txy/ 8.8.4.4 0 GET POST %windir%\sysnative\rundll32.exe 305419896
8.210.161.205 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 8.210.161.205,/ca Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 1873433027
8.210.161.205 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 8.210.161.205,/IE9CompatViewList.xml Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 1873433027
8.140.190.80 80 1.62022E+12 x86 0 (HTTP) 80 1500 0 235 8.140.190.80,/live-txy/check Shockwave Flash /live-txy/ 8.8.4.4 0 GET POST %windir%\syswow64\rundll32.exe 305419896
8.140.190.80 80 1.62022E+12 x64 0 (HTTP) 80 1500 0 235 8.140.190.80,/live-txy/check Shockwave Flash /live-txy/ 8.8.4.4 0 GET POST %windir%\sysnative\rundll32.exe 305419896
5.252.179.195 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 5.252.179.195,/match /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
5.252.179.195 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 5.252.179.195,/cx /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
1.14.16.138 80 1.62022E+12 x86 0 (HTTP) 80 3000 0 service-0dibtqsv-1255352921.cd.apigw.tencentcs.com,/api/getit /api/postit GET POST %windir%\syswow64\rundll32.exe 1359593325
1.14.16.138 80 1.62022E+12 x64 0 (HTTP) 80 3000 0 service-0dibtqsv-1255352921.cd.apigw.tencentcs.com,/api/getit /api/postit GET POST %windir%\sysnative\rundll32.exe 1359593325
5.2.70.173 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 5.2.70.173,/fwlink /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
5.2.70.173 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 5.2.70.173,/__utm.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
5.2.70.173 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 5.2.70.173,/load /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
5.2.70.173 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 5.2.70.173,/visit.js /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
1.116.130.98 443 1.62022E+12 x86 8 (HTTPS) 443 5000 10 235 1.116.130.98,/updates Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0 /windowsxp/updcheck.php 8.8.4.4 0 GET POST %windir%\syswow64\rundll32.exe 0
1.116.130.98 443 1.62022E+12 x64 8 (HTTPS) 443 5000 10 235 1.116.130.98,/updates Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0 /aero2/fly.php 8.8.4.4 0 GET POST %windir%\sysnative\rundll32.exe 0
23.92.212.54 443 1.62022E+12 x86 8 (HTTPS) 443 5000 38 gerepa.com,/ce /common GET POST %windir%\syswow64\wusa.exe 1580103814
23.92.212.54 443 1.62022E+12 x64 8 (HTTPS) 443 5000 38 gerepa.com,/ce /common GET POST %windir%\sysnative\wusa.exe 1580103814
204.16.247.151 443 1.62022E+12 x86 8 (HTTPS) 443 5000 10 idxup.com,/us/ky/louisville/312-s-fourth-st.html,dbhigh.com,/us/ky/louisville/312-s-fourth-st.html /OrderEntryService.asmx/AddOrderLine GET POST %windir%\syswow64\mstsc.exe 1580103814
204.16.247.151 443 1.62022E+12 x64 8 (HTTPS) 443 5000 10 idxup.com,/us/ky/louisville/312-s-fourth-st.html,dbhigh.com,/us/ky/louisville/312-s-fourth-st.html /OrderEntryService.asmx/AddOrderLine GET POST %windir%\sysnative\mstsc.exe 1580103814
198.44.163.48 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 198.44.163.48,/dpixel Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
198.44.163.48 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 198.44.163.48,/fwlink Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
167.99.197.196 80 1.62022E+12 x86 0 (HTTP) 80 10000 20 255 myteamserver.azureedge.net,/pab2a2q2ba2/22292123262328282_ Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40 /c2/m2s2cache/packages/28986731_ 0.0.0.0 0 GET POST %windir%\syswow64\gpupdate.exe 1556462172
167.99.197.196 80 1.62022E+12 x64 0 (HTTP) 80 10000 20 255 myteamserver.azureedge.net,/pab2a2q2ba2/22292123262328282_ Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40 /c2/m2s2cache/packages/28986731_ 0.0.0.0 0 GET POST %windir%\sysnative\gpupdate.exe 1556462172
172.241.27.125 443 1.62022E+12 x86 8 (HTTPS) 443 5000 10 massflip.com,/us/ky/louisville/312-s-fourth-st.html,mixalt.com,/us/ky/louisville/312-s-fourth-st.html /OrderEntryService.asmx/AddOrderLine GET POST %windir%\syswow64\mstsc.exe 1580103814
172.241.27.125 443 1.62022E+12 x64 8 (HTTPS) 443 5000 10 massflip.com,/us/ky/louisville/312-s-fourth-st.html,mixalt.com,/us/ky/louisville/312-s-fourth-st.html /OrderEntryService.asmx/AddOrderLine GET POST %windir%\sysnative\mstsc.exe 1580103814
165.227.102.250 80 1.62022E+12 x86 0 (HTTP) 80 30000 20 regionsbankk.com,/search/ /Search/ GET GET %windir%\syswow64\rundll32.exe 1701371983
165.227.102.250 80 1.62022E+12 x64 0 (HTTP) 80 30000 20 regionsbankk.com,/search/ /Search/ GET GET %windir%\sysnative\rundll32.exe 1701371983
103.39.213.35 443 1.62022E+12 x86 8 (HTTPS) 443 30000 20 103.39.213.35,/r/webdev/comments/95ltyr /r/webdev/comments/95lyr/slow_loading_of_google GET GET %windir%\syswow64\gpupdate.exe 1359593325
103.39.213.35 443 1.62022E+12 x64 8 (HTTPS) 443 30000 20 103.39.213.35,/r/webdev/comments/95ltyr /r/webdev/comments/95lyr/slow_loading_of_google GET GET %windir%\sysnative\gpupdate.exe 1359593325
3.23.87.31 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 scripts.eskominvestments.com,/j.ad /submit.php GET POST %windir%\syswow64\rundll32.exe 1548680553
3.23.87.31 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 scripts.eskominvestments.com,/ptj /submit.php GET POST %windir%\sysnative\rundll32.exe 1548680553
45.195.8.100 443 1.62022E+12 x86 8 (HTTPS) 443 1500 18 248 pro.pro-pay.xyz,/preload Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB6 (.NET CLR 3.5.30729) /about 8.8.4.4 0 GET POST %windir%\syswow64\rundll32.exe 305419896
45.195.8.100 443 1.62022E+12 x64 8 (HTTPS) 443 1500 18 248 pro.pro-pay.xyz,/preload Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB6 (.NET CLR 3.5.30729) /about 8.8.4.4 0 GET POST %windir%\sysnative\rundll32.exe 305419896
117.50.35.158 80 1.62022E+12 x86 0 (HTTP) 80 60000 20 117.50.35.158,/preload /sa GET GET %windir%\syswow64\rundll32.exe 1359593325
117.50.35.158 80 1.62022E+12 x64 0 (HTTP) 80 60000 20 117.50.35.158,/preload /sa GET GET %windir%\sysnative\rundll32.exe 1359593325
46.101.98.38 443 1.62022E+12 x86 8 (HTTPS) 443 15000 23 255 46.101.98.38,/sxn/start Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /dd/met7 0.0.0.0 0 GET POST %windir%\syswow64\cmstp.exe 305419896
46.101.98.38 443 1.62022E+12 x64 8 (HTTPS) 443 15000 23 255 46.101.98.38,/sxn/start Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /dd/met7 0.0.0.0 0 GET POST %windir%\sysnative\cmstp.exe 305419896
46.166.173.101 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 46.166.173.101,/cm /submit.php GET POST %windir%\syswow64\rundll32.exe 0
46.166.173.101 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 46.166.173.101,/ca /submit.php GET POST %windir%\sysnative\rundll32.exe 0
39.103.213.155 443 1.62022E+12 x86 8 (HTTPS) 443 1500 0 235 39.103.213.155,/live-txy/check Shockwave Flash /live-txy/ 8.8.4.4 0 GET POST %windir%\syswow64\rundll32.exe 305419896
39.103.213.155 443 1.62022E+12 x64 8 (HTTPS) 443 1500 0 235 39.103.213.155,/live-txy/check Shockwave Flash /live-txy/ 8.8.4.4 0 GET POST %windir%\sysnative\rundll32.exe 305419896
3.136.160.122 443 1.62022E+12 x86 8 (HTTPS) 443 60000 37 255 telemetry.wessonlabpartners.com,/jquery-3.3.1.min.js,admitting.healthfitconnection.com,/jquery-3.3.1.min.js,skilled_nursing.healthmanagementtoday.com,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 3.136.160.122 0 GET POST %windir%\syswow64\spoolsv.exe 294197571
3.136.160.122 443 1.62022E+12 x64 8 (HTTPS) 443 60000 37 255 telemetry.wessonlabpartners.com,/jquery-3.3.1.min.js,admitting.healthfitconnection.com,/jquery-3.3.1.min.js,skilled_nursing.healthmanagementtoday.com,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 3.136.160.122 0 GET POST %windir%\sysnative\spoolsv.exe 294197571
3.141.170.200 80 1.62022E+12 x86 0 (HTTP) 80 5000 0 23.163.0.12,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books /N4215/adj/amzn.us.sr.aps GET POST %windir%\syswow64\rundll32.exe 0
3.141.170.200 80 1.62022E+12 x64 0 (HTTP) 80 5000 0 23.163.0.12,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books /N4215/adj/amzn.us.sr.aps GET POST %windir%\sysnative\rundll32.exe 0
5.45.83.2 80 1.62022E+12 x86 0 (HTTP) 80 15000 20 212 owa.artunetworks.com,/sxn/start Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /dd/met7 8.8.8.8 0 GET POST %windir%\syswow64\rundll32.exe 305419896
5.45.83.2 80 1.62022E+12 x64 0 (HTTP) 80 15000 20 212 owa.artunetworks.com,/sxn/start Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /dd/met7 8.8.8.8 0 GET POST %windir%\sysnative\rundll32.exe 305419896
3.135.189.104 80 1.62022E+12 x86 0 (HTTP) 80 810 0 cdn1.agency.thomsonreuters.com,/access/ /radio/xmlrpc/v35 GET POST %windir%\syswow64\rundll32.exe 671330563
3.135.189.104 80 1.62022E+12 x64 0 (HTTP) 80 810 0 cdn1.agency.thomsonreuters.com,/access/ /radio/xmlrpc/v35 GET POST %windir%\sysnative\rundll32.exe 671330563
3.135.189.104 443 1.62022E+12 x86 8 (HTTPS) 443 810 0 raymondjames.hostedconnectedrisk.com:,/access/ /radio/xmlrpc/v35 GET POST %windir%\syswow64\rundll32.exe 671330563
3.135.189.104 443 1.62022E+12 x64 8 (HTTPS) 443 810 0 raymondjames.hostedconnectedrisk.com:,/access/ /radio/xmlrpc/v35 GET POST %windir%\sysnative\rundll32.exe 671330563
172.93.96.194 443 1.62022E+12 x86 8 (HTTPS) 443 5000 10 idxup.com,/us/ky/louisville/312-s-fourth-st.html,dbhigh.com,/us/ky/louisville/312-s-fourth-st.html /OrderEntryService.asmx/AddOrderLine GET POST %windir%\syswow64\mstsc.exe 1580103814
172.93.96.194 443 1.62022E+12 x64 8 (HTTPS) 443 5000 10 idxup.com,/us/ky/louisville/312-s-fourth-st.html,dbhigh.com,/us/ky/louisville/312-s-fourth-st.html /OrderEntryService.asmx/AddOrderLine GET POST %windir%\sysnative\mstsc.exe 1580103814
218.253.251.100 80 1.62022E+12 x86 0 (HTTP) 80 60000 20 218.253.251.100,/c/msdownload/update/others/2016/12/29136388_ /c/msdownload/update/others/2016/12/3215234_ GET GET %windir%\syswow64\rundll32.exe 0
218.253.251.100 80 1.62022E+12 x64 0 (HTTP) 80 60000 20 218.253.251.100,/c/msdownload/update/others/2016/12/29136388_ /c/msdownload/update/others/2016/12/3215234_ GET GET %windir%\sysnative\rundll32.exe 0
45.199.160.117 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 45.199.160.117,/push Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
45.199.160.117 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 45.199.160.117,/dpixel Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
45.199.160.117 8080 1.62022E+12 x86 0 (HTTP) 8080 60000 0 255 45.199.160.117,/match Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATM) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
45.199.160.117 8080 1.62022E+12 x64 0 (HTTP) 8080 60000 0 255 45.199.160.117,/fwlink Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAM2) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
104.36.231.44 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 104.36.231.42,/cx Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
104.36.231.44 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 104.36.231.42,/j.ad Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
45.11.19.218 443 1.62022E+12 x86 8 (HTTPS) 443 56086 39 onlinechangetransfer.com,/s/ref=nb_sb_noss_1/167-3246918-0264889/field-keywords=books,45.11.19.218,/s/ref=nb_sb_noss_1/167-3246918-0264889/field-keywords=books /N6515/adoj/amzn.us.sr.aps GET POST %windir%\syswow64\dllhost.exe 1580103814
45.11.19.218 443 1.62022E+12 x64 8 (HTTPS) 443 56086 39 onlinechangetransfer.com,/s/ref=nb_sb_noss_1/167-3246918-0264889/field-keywords=books,45.11.19.218,/s/ref=nb_sb_noss_1/167-3246918-0264889/field-keywords=books /N6515/adoj/amzn.us.sr.aps GET POST %windir%\sysnative\dllhost.exe 1580103814
104.36.231.43 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 104.36.231.42,/cx Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
104.36.231.43 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 104.36.231.42,/j.ad Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
35.173.48.181 443 1.62022E+12 x86 8 (HTTPS) 443 10000 20 synergiedental.com,/safebrowsing/rd/CltOb12nLW1IbHehcmUtd2hUdmFzEBAY7-0KIOkUDC7h2 /safebrowsing/rd/CINnu27nLO8hbHdfgmUtc2ihdmFyEAcY4 GET POST %windir%\syswow64\rundll32.exe 990295916
35.173.48.181 443 1.62022E+12 x64 8 (HTTPS) 443 10000 20 synergiedental.com,/safebrowsing/rd/CltOb12nLW1IbHehcmUtd2hUdmFzEBAY7-0KIOkUDC7h2 /safebrowsing/rd/CINnu27nLO8hbHdfgmUtc2ihdmFyEAcY4 GET POST %windir%\sysnative\rundll32.exe 990295916
18.184.6.176 80 1.62022E+12 x86 0 (HTTP) 80 64825 43 18.184.6.176,/fam_cart /favicon GET POST %windir%\syswow64\runonce.exe 1132499470
18.184.6.176 80 1.62022E+12 x64 0 (HTTP) 80 64825 43 18.184.6.176,/fam_cart /ro GET POST %windir%\sysnative\runonce.exe 1132499470
18.184.6.176 443 1.62022E+12 x86 8 (HTTPS) 443 64825 43 18.184.6.176,/fam_cart /favicon GET POST %windir%\syswow64\runonce.exe 1132499470
18.184.6.176 443 1.62022E+12 x64 8 (HTTPS) 443 64825 43 18.184.6.176,/fam_cart /favicon GET POST %windir%\sysnative\runonce.exe 1132499470
198.23.153.220 8080 1.62022E+12 x86 0 (HTTP) 8080 60000 0 255 microsoftchina.org,/j.ad Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
198.23.153.220 8080 1.62022E+12 x64 0 (HTTP) 8080 60000 0 255 microsoftchina.org,/IE9CompatViewList.xml Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
192.69.91.119 8088 1.62022E+12 x86 0 (HTTP) 8088 60000 0 255 192.69.91.119,/IE9CompatViewList.xml Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
192.69.91.119 8088 1.62022E+12 x64 0 (HTTP) 8088 60000 0 255 192.69.91.119,/load Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
172.82.179.58 443 1.62022E+12 x86 8 (HTTPS) 443 5000 45 derotin.com,/Content.html /cr GET POST %windir%\syswow64\mstsc.exe 1580103814
172.82.179.58 443 1.62022E+12 x64 8 (HTTPS) 443 5000 45 derotin.com,/Content.html /cr GET POST %windir%\sysnative\mstsc.exe 1580103814
106.55.2.166 8080 1.62022E+12 x86 0 (HTTP) 8090 60000 0 255 106.55.2.166,/updates.rss Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
106.55.2.166 8080 1.62022E+12 x64 0 (HTTP) 8090 60000 0 255 106.55.2.166,/j.ad Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
45.61.136.99 80 1.62022E+12 x86 0 (HTTP) 80 62094 43 248 cloudflare.com,/r_config Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko) /nv 98.165.33.35 0 GET POST %windir%\syswow64\WUAUCLT.exe 1711276032
45.61.136.99 80 1.62022E+12 x64 0 (HTTP) 80 62094 43 248 cloudflare.com,/r_config Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko) /r-arrow 98.165.33.35 0 GET POST %windir%\sysnative\WUAUCLT.exe 1711276032
82.156.14.169 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 82.156.14.169,/pixel.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
82.156.14.169 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 82.156.14.169,/fwlink Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Touch) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
80.209.228.62 80 1.62022E+12 x86 0 (HTTP) 80 4215 40 azuresecure.tech,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef,80.209.228.62,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef /c/msdownload/update/2019/05/lp_2b2fe45d38601f8ee9f0fef GET POST %windir%\syswow64\mstsc.exe 1580103814
80.209.228.62 80 1.62022E+12 x64 0 (HTTP) 80 4215 40 azuresecure.tech,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef,80.209.228.62,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef /c/msdownload/update/2019/05/lp_2b2fe45d38601f8ee9f0fef GET POST %windir%\sysnative\mstsc.exe 1580103814
80.209.228.62 443 1.62022E+12 x86 8 (HTTPS) 443 4215 40 azuresecure.tech,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef,80.209.228.62,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef /c/msdownload/update/2019/05/lp_2b2fe45d38601f8ee9f0fef GET POST %windir%\syswow64\mstsc.exe 1580103814
80.209.228.62 443 1.62022E+12 x64 8 (HTTPS) 443 4215 40 azuresecure.tech,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef,80.209.228.62,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef /c/msdownload/update/2019/05/lp_2b2fe45d38601f8ee9f0fef GET POST %windir%\sysnative\mstsc.exe 1580103814
80.209.228.62 8080 1.62022E+12 x86 0 (HTTP) 8080 4215 40 azuresecure.tech,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef,80.209.228.62,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef /c/msdownload/update/2019/05/lp_2b2fe45d38601f8ee9f0fef GET POST %windir%\syswow64\mstsc.exe 1580103814
80.209.228.62 8080 1.62022E+12 x64 0 (HTTP) 8080 4215 40 azuresecure.tech,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef,80.209.228.62,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef /c/msdownload/update/2019/05/lp_2b2fe45d38601f8ee9f0fef GET POST %windir%\sysnative\mstsc.exe 1580103814
193.123.248.225 80 1.62022E+12 x86 0 (HTTP) 80 42500 20 235 23.225.94.33,/search/,23.225.94.11,/search/,23.225.94.7,/search/ Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:78.0) Gecko/20100101 Firefox/78.0 /Search/ 223.5.5.5 0 GET GET %windir%\syswow64\rundll32.exe 0
193.123.248.225 80 1.62022E+12 x64 0 (HTTP) 80 42500 20 235 23.225.94.33,/search/,23.225.94.11,/search/,23.225.94.7,/search/ Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:78.0) Gecko/20100101 Firefox/78.0 /Search/ 223.5.5.5 0 GET GET %windir%\sysnative\rundll32.exe 0
52.163.51.150 80 1.62022E+12 x86 0 (HTTP) 80 940 0 52.163.51.150,/access/ /radio/xmlrpc/v35 GET POST %windir%\syswow64\rundll32.exe http://52.237.78.1:80 749461548
52.163.51.150 80 1.62022E+12 x64 0 (HTTP) 80 940 0 52.163.51.150,/access/ /radio/xmlrpc/v35 GET POST %windir%\sysnative\rundll32.exe http://52.237.78.1:80 749461548
52.163.51.150 443 1.62022E+12 x86 0 (HTTP) 443 940 0 52.163.51.150,/access/ /radio/xmlrpc/v35 GET POST %windir%\syswow64\rundll32.exe 749461548
52.163.51.150 443 1.62022E+12 x64 0 (HTTP) 443 940 0 52.163.51.150,/access/ /radio/xmlrpc/v35 GET POST %windir%\sysnative\rundll32.exe 749461548
128.199.115.88 8088 1.62022E+12 x86 8 (HTTPS) 8088 45000 15 255 128.199.115.88,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\syswow64\dllhost.exe socks=192.168.5.127:1080 305419896
128.199.115.88 8088 1.62022E+12 x64 8 (HTTPS) 8088 45000 15 255 128.199.115.88,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 74.125.196.113 0 GET POST %windir%\sysnative\dllhost.exe socks=192.168.5.127:1080 305419896
39.97.118.130 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 service-o9sr3b3f-1259312707.bj.apigw.tencentcs.com,/fwlink Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
39.97.118.130 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 service-o9sr3b3f-1259312707.bj.apigw.tencentcs.com,/pixel.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
202.182.108.159 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 255 202.182.108.159,/updates.rss Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 341083760
202.182.108.159 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 255 202.182.108.159,/load Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 341083760
45.146.164.199 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 45.146.164.199,/__utm.gif /submit.php GET POST %windir%\syswow64\rundll32.exe 1580103824
45.146.164.199 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 45.146.164.199,/dpixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1580103824
47.98.213.120 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 47.98.213.120,/activity /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
47.98.213.120 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 47.98.213.120,/load /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
87.120.37.120 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 trashborting.com,/updates.rss /submit.php GET POST %windir%\syswow64\rundll32.exe 0
87.120.37.120 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 trashborting.com,/__utm.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 0
3.95.132.134 80 1.62022E+12 x86 0 (HTTP) 80 45000 37 d1yxgunqlbb2ab.cloudfront.net,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 2101893364
3.95.132.134 80 1.62022E+12 x64 0 (HTTP) 80 45000 37 d1yxgunqlbb2ab.cloudfront.net,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 2101893364
8.140.150.177 8080 1.62022E+12 x86 0 (HTTP) 8080 60000 0 8.140.150.177,/updates.rss /submit.php GET POST %windir%\syswow64\rundll32.exe 0
8.140.150.177 8080 1.62022E+12 x64 0 (HTTP) 8080 60000 0 8.140.150.177,/dot.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 0
185.118.166.205 80 1.62022E+12 x86 0 (HTTP) 80 300000 37 255 help01.softether.net,/users/sign_in,work.cloud01.tk,/users/sign_in,work.cloud20.tk,/users/sign_in,185.118.166.205,/users/sign_in Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko /signup/custom 8.8.8.8 0 GET POST %windir%\syswow64\rundll32.exe 305419896
185.118.166.205 80 1.62022E+12 x64 0 (HTTP) 80 300000 37 255 help01.softether.net,/users/sign_in,work.cloud01.tk,/users/sign_in,work.cloud20.tk,/users/sign_in,185.118.166.205,/users/sign_in Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko /signup/custom 8.8.8.8 0 GET POST %windir%\sysnative\rundll32.exe 305419896
192.46.221.58 80 1.62001E+12 x86 0 (HTTP) 80 45000 37 139.162.221.161,/jquery-3.3.1.min.js,192.46.221.58,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 1354679710
192.46.221.58 80 1.62001E+12 x64 0 (HTTP) 80 45000 37 139.162.221.161,/jquery-3.3.1.min.js,192.46.221.58,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 1354679710
52.28.253.50 443 1.62001E+12 x86 8 (HTTPS) 443 5000 10 rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants /vlk/xmlrpc/v2 GET POST %windir%\syswow64\mavinject.exe 1807886020
52.28.253.50 443 1.62001E+12 x64 8 (HTTPS) 443 5000 10 rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants /vlk/xmlrpc/v2 GET POST %windir%\sysnative\gpupdate.exe 1807886020
185.14.29.42 80 1.62001E+12 x86 0 (HTTP) 80 45000 37 185.14.29.42,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 0
185.14.29.42 80 1.62001E+12 x64 0 (HTTP) 80 45000 37 185.14.29.42,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 0
185.232.52.137 80 1.62002E+12 x86 0 (HTTP) 80 60000 0 255 185.232.52.137,/IE9CompatViewList.xml Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0; Touch) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
185.232.52.137 80 1.62002E+12 x64 0 (HTTP) 80 60000 0 255 185.232.52.137,/load Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
216.250.254.153 80 1.62003E+12 x86 0 (HTTP) 80 60000 0 159.65.36.16,/dpixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
216.250.254.153 80 1.62003E+12 x64 0 (HTTP) 80 60000 0 159.65.36.16,/ptj /submit.php GET POST %windir%\sysnative\rundll32.exe 0
193.29.13.201 80 1.62004E+12 x86 0 (HTTP) 80 60000 0 193.29.13.201,/__utm.gif /submit.php GET POST %windir%\syswow64\rundll32.exe 1580103814
193.29.13.201 80 1.62004E+12 x64 0 (HTTP) 80 60000 0 193.29.13.201,/j.ad /submit.php GET POST %windir%\sysnative\rundll32.exe 1580103814
193.29.13.201 443 1.62004E+12 x86 8 (HTTPS) 443 60000 0 193.29.13.201,/g.pixel /submit.php GET POST %windir%\syswow64\rundll32.exe 1580103814
193.29.13.201 443 1.62004E+12 x64 8 (HTTPS) 443 60000 0 193.29.13.201,/__utm.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 1580103814
35.236.144.90 80 1.62005E+12 x86 0 (HTTP) 80 24500 36 172.67.129.206,/bfs/static/jinkela/long/sentry/sentry-5.7.1.vue.min.js /bfs/static/jinkela/long/sentry/sentry-5.7.2.vue.min.js GET POST %windir%\syswow64\conhost.exe 1359593325
35.236.144.90 80 1.62005E+12 x64 0 (HTTP) 80 24500 36 172.67.129.206,/bfs/static/jinkela/long/sentry/sentry-5.7.1.vue.min.js /bfs/static/jinkela/long/sentry/sentry-5.7.2.vue.min.js GET POST %windir%\sysnative\conhost.exe 1359593325
192.254.65.202 443 1.62008E+12 x86 8 (HTTPS) 443 5000 0 hireja.com,/Content /remove GET POST %windir%\syswow64\wusa.exe 1580103814
192.254.65.202 443 1.62008E+12 x64 8 (HTTPS) 443 5000 0 hireja.com,/Content /remove GET POST %windir%\sysnative\wusa.exe 1580103814
192.198.85.182 443 1.62009E+12 x86 8 (HTTPS) 443 5000 0 ronedep.com,/RELEASES /tab_home_active GET POST %windir%\syswow64\mstsc.exe 1580103814
192.198.85.182 443 1.62009E+12 x64 8 (HTTPS) 443 5000 0 ronedep.com,/RELEASES /tab_home_active GET POST %windir%\sysnative\mstsc.exe 1580103814
193.239.84.152 443 1.62009E+12 x86 8 (HTTPS) 443 5000 37 aloogi.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 0
193.239.84.152 443 1.62009E+12 x64 8 (HTTPS) 443 5000 37 aloogi.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 0
199.127.61.95 443 1.6201E+12 x86 8 (HTTPS) 443 5000 40 sopoyeh.com,/styles.js /ro GET POST %windir%\syswow64\wusa.exe 1580103814
199.127.61.95 443 1.6201E+12 x64 8 (HTTPS) 443 5000 40 sopoyeh.com,/an.js /Content GET POST %windir%\sysnative\wusa.exe 1580103814
194.110.220.69 80 1.6201E+12 x86 0 (HTTP) 80 60874 39 252 194.110.220.69,/RELEASE_NOTES Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202 /ms 205.89.7.95 0 GET POST %windir%\syswow64\regsvr32.exe 1836518272
194.110.220.69 80 1.6201E+12 x64 0 (HTTP) 80 60874 39 252 194.110.220.69,/RELEASE_NOTES Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202 /ms 205.89.7.95 0 GET POST %windir%\sysnative\regsvr32.exe 1836518272
192.95.16.245 80 1.62011E+12 x86 0 (HTTP) 80 60000 0 159.65.36.16,/dpixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
192.95.16.245 80 1.62011E+12 x64 0 (HTTP) 80 60000 0 159.65.36.16,/ptj /submit.php GET POST %windir%\sysnative\rundll32.exe 0
192.95.16.245 8080 1.62011E+12 x86 0 (HTTP) 8080 60000 0 192.95.16.245,/dpixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
192.95.16.245 8080 1.62011E+12 x64 0 (HTTP) 8080 60000 0 192.95.16.245,/fwlink /submit.php GET POST %windir%\sysnative\rundll32.exe 0
192.198.86.130 443 1.62011E+12 x86 8 (HTTPS) 443 5000 0 cohusok.com,/mobile-ipad-home.css /fam_cart GET POST %windir%\syswow64\mstsc.exe 1580103814
192.198.86.130 443 1.62011E+12 x64 8 (HTTPS) 443 5000 0 cohusok.com,/RELEASE.css /fam_cart GET POST %windir%\sysnative\mstsc.exe 1580103814
192.198.93.86 443 1.62012E+12 x86 8 (HTTPS) 443 5000 26 areamill.com,/template.html /jp GET POST %windir%\system32\mstsc.exe 1580103814
192.198.93.86 443 1.62012E+12 x64 8 (HTTPS) 443 5000 26 areamill.com,/template.html /jp GET POST %windir%\system32\mstsc.exe 1580103814
180.235.137.14 443 1.62012E+12 x86 8 (HTTPS) 443 60000 20 235 www.365office.tk,/c/msdownload/update/others/2016/12/29136388_ Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40 /c/msdownload/update/others/2016/12/3215234_ 8.8.4.4 0 GET GET %windir%\syswow64\rundll32.exe 305419896
180.235.137.14 443 1.62012E+12 x64 8 (HTTPS) 443 60000 20 235 www.365office.tk,/c/msdownload/update/others/2016/12/29136388_ Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40 /c/msdownload/update/others/2016/12/3215234_ 8.8.4.4 0 GET GET %windir%\sysnative\rundll32.exe 305419896
104.248.27.231 443 1.62018E+12 x86 8 (HTTPS) 443 60000 0 test.asaicell.com,/match /submit.php GET POST %windir%\syswow64\rundll32.exe 0
104.248.27.231 443 1.62018E+12 x64 8 (HTTPS) 443 60000 0 test.asaicell.com,/visit.js /submit.php GET POST %windir%\sysnative\rundll32.exe 0
180.215.229.49 8080 1.6202E+12 x86 0 (HTTP) 8080 60000 0 up.adobe-flash-update.com,/pixel.gif /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
180.215.229.49 8080 1.6202E+12 x64 0 (HTTP) 8080 60000 0 up.adobe-flash-update.com,/pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
154.91.164.69 443 1.62021E+12 x86 8 (HTTPS) 443 60000 0 154.91.164.69,/dpixel /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
154.91.164.69 443 1.62021E+12 x64 8 (HTTPS) 443 60000 0 154.91.164.69,/cm /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
167.179.101.136 443 1.62021E+12 x86 8 (HTTPS) 443 30000 37 www.googlet.gq,/__utm.gif /___utm.gif GET POST %windir%\syswow64\rundll32.exe socks=45.76.188.149:1080 1359593325
167.179.101.136 443 1.62021E+12 x64 8 (HTTPS) 443 30000 37 www.googlet.gq,/__utm.gif /___utm.gif GET POST %windir%\sysnative\rundll32.exe socks=45.76.188.149:1080 1359593325
118.193.37.242 443 1.62021E+12 x86 8 (HTTPS) 443 60000 0 255 118.193.37.242,/cx Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
118.193.37.242 443 1.62021E+12 x64 8 (HTTPS) 443 60000 0 255 118.193.37.242,/pixel Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; ASU2JS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
23.82.185.110 443 1.61988E+12 x86 8 (HTTPS) 443 48963 24 itstrueloves.com,/jquery-3.2.2.min.js,23.82.185.110,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\syswow64\WUAUCLT.exe 1580103814
23.82.185.110 443 1.61988E+12 x64 8 (HTTPS) 443 48963 24 itstrueloves.com,/jquery-3.2.2.min.js,23.82.185.110,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\sysnative\WUAUCLT.exe 1580103814
23.92.216.30 443 1.61988E+12 x86 8 (HTTPS) 443 5000 9 buremih.com,/styles.html /temp GET POST %windir%\syswow64\wusa.exe 1580103814
23.92.216.30 443 1.61988E+12 x64 8 (HTTPS) 443 5000 9 buremih.com,/styles.html /temp GET POST %windir%\sysnative\wusa.exe 1580103814
195.206.181.208 80 1.61988E+12 x86 0 (HTTP) 80 60752 37 195.206.181.208,/adminhtml /search GET POST %windir%\syswow64\svchost.exe 1359593325
195.206.181.208 80 1.61988E+12 x64 0 (HTTP) 80 60752 37 195.206.181.208,/d_config /xmlconnect GET POST %windir%\sysnative\svchost.exe 1359593325
199.191.56.170 443 1.61988E+12 x86 8 (HTTPS) 443 5000 35 tucosu.com,/ur.html /fam_newspaper GET POST %windir%\syswow64\wusa.exe 1580103814
199.191.56.170 443 1.61988E+12 x64 8 (HTTPS) 443 5000 35 tucosu.com,/Content.html /fam_newspaper GET POST %windir%\sysnative\wusa.exe 1580103814
195.123.217.12 80 1.61988E+12 x86 0 (HTTP) 80 45000 37 255 195.123.217.12,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 195.123.217.12 0 GET POST %windir%\syswow64\dllhost.exe 305419896
195.123.217.12 80 1.61988E+12 x64 0 (HTTP) 80 45000 37 255 195.123.217.12,/jquery-3.3.1.min.js Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko /jquery-3.3.2.min.js 195.123.217.12 0 GET POST %windir%\sysnative\dllhost.exe 305419896
194.165.16.59 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 194.165.16.59,/match /submit.php GET POST %windir%\syswow64\rundll32.exe 1580103814
194.165.16.59 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 194.165.16.59,/ptj /submit.php GET POST %windir%\sysnative\rundll32.exe 1580103814
195.123.233.185 443 1.61988E+12 x86 8 (HTTPS) 443 60645 37 waystamp.com,/dz.css /get GET POST %windir%\syswow64\regsvr32.exe 1580103814
195.123.233.185 443 1.61988E+12 x64 8 (HTTPS) 443 60645 37 waystamp.com,/es.css /get GET POST %windir%\sysnative\regsvr32.exe 1580103814
178.32.123.156 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 255 178.32.123.156,/en_US/all.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; NP07; NP07) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
178.32.123.156 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 255 178.32.123.156,/visit.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
172.96.143.178 443 1.61988E+12 x86 8 (HTTPS) 443 5000 21 lifige.com,/ce.css /xmlconnect GET POST %windir%\syswow64\wusa.exe 1580103814
172.96.143.178 443 1.61988E+12 x64 8 (HTTPS) 443 5000 21 lifige.com,/media.css /xmlconnect GET POST %windir%\sysnative\wusa.exe 1580103814
23.106.160.51 443 1.61988E+12 x86 8 (HTTPS) 443 5000 0 hireja.com,/Content /remove GET POST %windir%\syswow64\wusa.exe 1580103814
23.106.160.51 443 1.61988E+12 x64 8 (HTTPS) 443 5000 0 hireja.com,/Content /remove GET POST %windir%\sysnative\wusa.exe 1580103814
104.194.9.113 443 1.61988E+12 x86 8 (HTTPS) 443 5000 41 tosayoj.com,/faq /nv GET POST %windir%\syswow64\mstsc.exe 1580103814
104.194.9.113 443 1.61988E+12 x64 8 (HTTPS) 443 5000 41 tosayoj.com,/massaction /nv GET POST %windir%\sysnative\mstsc.exe 1580103814
143.198.197.247 80 1.61988E+12 x86 0 (HTTP) 80 5000 10 143.198.197.247,/updates /windowsxp/updcheck.php GET POST %windir%\syswow64\rundll32.exe 1359593325
143.198.197.247 80 1.61988E+12 x64 0 (HTTP) 80 5000 10 143.198.197.247,/updates /hello/flash.php GET POST %windir%\sysnative\rundll32.exe 1359593325
104.168.171.240 80 1.61988E+12 x86 0 (HTTP) 80 58758 39 104.168.171.240,/av.css /as GET POST %windir%\syswow64\WUAUCLT.exe 0
104.168.171.240 80 1.61988E+12 x64 0 (HTTP) 80 58758 39 104.168.171.240,/ki.css /as GET POST %windir%\sysnative\WUAUCLT.exe 0
104.243.37.143 443 1.61988E+12 x86 8 (HTTPS) 443 5000 42 yazorac.com,/us.css /av GET POST %windir%\syswow64\mstsc.exe 1580103814
104.243.37.143 443 1.61988E+12 x64 8 (HTTPS) 443 5000 42 yazorac.com,/ms.css /av GET POST %windir%\sysnative\mstsc.exe 1580103814
104.168.159.50 443 1.61988E+12 x86 8 (HTTPS) 443 64932 41 remakeflowersimple.com,/en.css /tab_shop_active GET POST %windir%\syswow64\WUAUCLT.exe 0
104.168.159.50 443 1.61988E+12 x64 8 (HTTPS) 443 64932 41 remakeflowersimple.com,/RELEASES.css /aa GET POST %windir%\sysnative\WUAUCLT.exe 0
139.177.196.191 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 dev.burdine-health.com,/match /submit.php GET POST %windir%\syswow64\rundll32.exe 1616449647
139.177.196.191 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 dev.burdine-health.com,/g.pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1616449647
154.214.4.236 443 1.61988E+12 x86 8 (HTTPS) 443 60000 30 154.214.4.236,/search/,api.jike.shop,/search/ /Search/ GET GET %windir%\syswow64\rundll32.exe 1359593325
154.214.4.236 443 1.61988E+12 x64 8 (HTTPS) 443 60000 30 154.214.4.236,/search/,api.jike.shop,/search/ /Search/ GET GET %windir%\sysnative\rundll32.exe 1359593325
104.243.42.31 443 1.61988E+12 x86 8 (HTTPS) 443 5000 46 wideri.com,/language.css /sq GET POST %windir%\syswow64\wusa.exe 1580103814
104.243.42.31 443 1.61988E+12 x64 8 (HTTPS) 443 5000 46 wideri.com,/tab_shop.css /language GET POST %windir%\sysnative\wusa.exe 1580103814
139.180.212.74 443 1.61988E+12 x86 8 (HTTPS) 443 45000 37 139.180.212.74,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\rundll32.exe 1359593325
139.180.212.74 443 1.61988E+12 x64 8 (HTTPS) 443 45000 37 139.180.212.74,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\rundll32.exe 1359593325
18.188.183.64 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 scripts.general-aerospace.de,/updates.rss /submit.php GET POST %windir%\syswow64\rundll32.exe 1100983384
18.188.183.64 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 scripts.general-aerospace.de,/pixel.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 1100983384
108.177.235.52 8080 1.61988E+12 x86 8 (HTTPS) 8080 48963 24 displaychecks.com,/jquery-3.2.2.min.js,108.177.235.52,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\syswow64\WUAUCLT.exe 1580103814
108.177.235.52 8080 1.61988E+12 x64 8 (HTTPS) 8080 48963 24 displaychecks.com,/jquery-3.2.2.min.js,108.177.235.52,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\sysnative\WUAUCLT.exe 1580103814
78.129.165.207 443 1.61988E+12 x86 8 (HTTPS) 443 60000 41 78.129.165.207,/av.css /admin GET POST %windir%\syswow64\svchost.exe 0
78.129.165.207 443 1.61988E+12 x64 8 (HTTPS) 443 60000 41 78.129.165.207,/av.css /RELEASE_NOTES GET POST %windir%\sysnative\svchost.exe 0
108.177.235.44 8080 1.61988E+12 x86 8 (HTTPS) 8080 48963 24 adjustclouds.com,/jquery-3.2.2.min.js,108.177.235.44,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\syswow64\WUAUCLT.exe 1580103814
108.177.235.44 8080 1.61988E+12 x64 8 (HTTPS) 8080 48963 24 adjustclouds.com,/jquery-3.2.2.min.js,108.177.235.44,/jquery-3.2.2.min.js /jquery-3.2.2.full.js GET POST %windir%\sysnative\WUAUCLT.exe 1580103814
66.181.34.16 80 1.61988E+12 x86 0 (HTTP) 80 51872 41 akamaclouds.tech,/oLP/,66.181.34.16,/oLP/ /OLLP/ GET GET %windir%\syswow64\dllhost.exe 1580103814
66.181.34.16 80 1.61988E+12 x64 0 (HTTP) 80 51872 41 akamaclouds.tech,/oLP/,66.181.34.16,/oLP/ /OLLP/ GET GET %windir%\sysnative\dllhost.exe 1580103814
89.163.210.85 443 1.61988E+12 x86 8 (HTTPS) 443 5000 23 tepabaf.com,/mobile-android.html /ce GET POST %windir%\syswow64\wusa.exe 1580103814
89.163.210.85 443 1.61988E+12 x64 8 (HTTPS) 443 5000 23 tepabaf.com,/panel.html /ce GET POST %windir%\sysnative\wusa.exe 1580103814
101.32.187.53 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 101.32.187.53,/dot.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LEN2) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
101.32.187.53 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 101.32.187.53,/IE9CompatViewList.xml Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
101.32.187.53 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 255 101.32.187.53,/fwlink Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASB) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
101.32.187.53 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 255 101.32.187.53,/load Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; LBBROWSER) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
62.128.111.176 443 1.61988E+12 x86 8 (HTTPS) 443 47771 57 akastat.app,/oscp/,62.128.111.176,/oscp/ /signer/g/ GET POST %windir%\syswow64\gpupdate.exe 1580103814
62.128.111.176 443 1.61988E+12 x64 8 (HTTPS) 443 47771 57 akastat.app,/oscp/,62.128.111.176,/oscp/ /signer/g/ GET POST %windir%\sysnative\gpupdate.exe 1580103814
108.62.118.242 80 1.61988E+12 x86 0 (HTTP) 80 55864 43 108.62.118.242,/faq.js /eo GET POST %windir%\syswow64\svchost.exe 1359593325
108.62.118.242 80 1.61988E+12 x64 0 (HTTP) 80 55864 43 108.62.118.242,/ab.js /eo GET POST %windir%\sysnative\svchost.exe 1359593325
108.62.118.242 443 1.61988E+12 x86 8 (HTTPS) 443 55864 43 micrasoftdefender.com,/faq.js /eo GET POST %windir%\syswow64\svchost.exe 1359593325
108.62.118.242 443 1.61988E+12 x64 8 (HTTPS) 443 55864 43 micrasoftdefender.com,/sm.js /eo GET POST %windir%\sysnative\svchost.exe 1359593325
80.92.204.193 443 1.61988E+12 x86 8 (HTTPS) 443 7300 37 foreverfamilypjs.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\svchost.exe -k netsvcs 0
80.92.204.193 443 1.61988E+12 x64 8 (HTTPS) 443 7300 37 foreverfamilypjs.com,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\svchost.exe -k netsvcs 0
45.77.171.104 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 255 45.77.171.104,/visit.js Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MASPJS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
45.77.171.104 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 255 45.77.171.104,/g.pixel Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
74.121.191.2 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 159.65.36.16,/dpixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
74.121.191.2 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 159.65.36.16,/ptj /submit.php GET POST %windir%\sysnative\rundll32.exe 0
74.121.191.2 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 159.65.36.16,/__utm.gif /submit.php GET POST %windir%\syswow64\rundll32.exe 0
74.121.191.2 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 159.65.36.16,/load /submit.php GET POST %windir%\sysnative\rundll32.exe 0
46.101.54.16 443 1.61988E+12 x86 8 (HTTPS) 443 59872 43 test2.wolfbank-finance.com,/mg.js /be GET POST %windir%\syswow64\WUAUCLT.exe 37436721
46.101.54.16 443 1.61988E+12 x64 8 (HTTPS) 443 59872 43 test2.wolfbank-finance.com,/mg.js /be GET POST %windir%\sysnative\WUAUCLT.exe 37436721
52.220.162.114 443 1.61988E+12 x86 8 (HTTPS) 443 30000 20 52.220.162.114,/CWoNaJLBo/VTNeWw11212/ /CWoNaJLBo/VTNeWw11213/ GET POST %windir%\syswow64\rundll32.exe 0
52.220.162.114 443 1.61988E+12 x64 8 (HTTPS) 443 30000 20 52.220.162.114,/CWoNaJLBo/VTNeWw11212/ /CWoNaJLBo/VTNeWw11213/ GET POST %windir%\sysnative\rundll32.exe 0
31.210.20.136 443 1.61988E+12 x86 8 (HTTPS) 443 45000 37 31.210.20.136,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 1359593325
31.210.20.136 443 1.61988E+12 x64 8 (HTTPS) 443 45000 37 31.210.20.136,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST C:\Program Files\SABnzbd\SABnzbd.exe 1359593325
35.73.62.248 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 35.73.62.248,/en_US/all.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
35.73.62.248 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 35.73.62.248,/fwlink Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MDDCJS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
13.213.5.204 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 13.213.5.204,/g.pixel /submit.php GET POST %windir%\syswow64\rundll32.exe 1227425000
13.213.5.204 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 13.213.5.204,/fwlink /submit.php GET POST %windir%\sysnative\rundll32.exe 1227425000
5.34.182.3 443 1.61988E+12 x86 8 (HTTPS) 443 56177 43 saferem.com,/fr.html /faq GET POST %windir%\syswow64\regsvr32.exe 1580103814
5.34.182.3 443 1.61988E+12 x64 8 (HTTPS) 443 56177 43 saferem.com,/fr.html /faq GET POST %windir%\sysnative\regsvr32.exe 1580103814
134.122.35.81 80 1.61988E+12 x86 0 (HTTP) 80 45000 37 teamsinsight.myanalytics.cdn.office.net,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 757325373
134.122.35.81 80 1.61988E+12 x64 0 (HTTP) 80 45000 37 teamsinsight.myanalytics.cdn.office.net,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 757325373
23.106.160.231 443 1.61988E+12 x86 8 (HTTPS) 443 5000 37 hoguyum.com,/rw /d_config GET POST %windir%\syswow64\wusa.exe 1580103814
23.106.160.231 443 1.61988E+12 x64 8 (HTTPS) 443 5000 37 hoguyum.com,/da /d_config GET POST %windir%\sysnative\wusa.exe 1580103814
3.138.184.38 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 scripts.aerodronerd.com,/visit.js /submit.php GET POST %windir%\syswow64\rundll32.exe 1763524865
3.138.184.38 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 scripts.aerodronerd.com,/cm /submit.php GET POST %windir%\sysnative\rundll32.exe 1763524865
75.86.246.74 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 75.86.246.74,/load /submit.php GET POST %windir%\syswow64\rundll32.exe 0
75.86.246.74 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 75.86.246.74,/updates.rss /submit.php GET POST %windir%\sysnative\rundll32.exe 0
209.249.134.8 443 1.61988E+12 x86 8 (HTTPS) 443 30000 20 ej3.info-assurance.cc,/api/channels/replies /api/conversations.create GET POST %windir%\syswow64\SearchProtocolHost.exe 879804923
209.249.134.8 443 1.61988E+12 x64 8 (HTTPS) 443 30000 20 ej3.info-assurance.cc,/content/like /api/chat.postMessage GET POST %windir%\sysnative\SearchProtocolHost.exe 879804923
3.238.237.39 443 1.61988E+12 x86 8 (HTTPS) 443 30000 30 secure.acquire-investments.com,/__utm.gif /___utm.gif GET POST %windir%\syswow64\WerFault.exe 1038883953
3.238.237.39 443 1.61988E+12 x64 8 (HTTPS) 443 30000 30 secure.acquire-investments.com,/__utm.gif /___utm.gif GET POST %windir%\sysnative\WerFault.exe 1038883953
103.11.228.97 443 1.61988E+12 x86 8 (HTTPS) 443 45000 37 healthcenter24h.top,/jquery-3.3.1.min.js,admin.healthcenter24h.top,/jquery-3.3.1.min.js,report.healthcenter24h.top,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\syswow64\dllhost.exe 1782320746
103.11.228.97 443 1.61988E+12 x64 8 (HTTPS) 443 45000 37 healthcenter24h.top,/jquery-3.3.1.min.js,admin.healthcenter24h.top,/jquery-3.3.1.min.js,report.healthcenter24h.top,/jquery-3.3.1.min.js /jquery-3.3.2.min.js GET POST %windir%\sysnative\dllhost.exe 1782320746
185.203.116.130 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 217.12.218.95,/__utm.gif /submit.php GET POST %windir%\syswow64\rundll32.exe 0
185.203.116.130 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 217.12.218.95,/ptj /submit.php GET POST %windir%\sysnative\rundll32.exe 0
152.32.227.245 443 1.61988E+12 x86 0 (HTTP) 443 60000 0 255 152.32.227.245,/cx Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENXA) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
152.32.227.245 443 1.61988E+12 x64 0 (HTTP) 443 60000 0 255 152.32.227.245,/fwlink Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; LBBROWSER) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
37.49.230.49 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 37.49.230.49,/cm /submit.php GET POST %windir%\syswow64\rundll32.exe 0
37.49.230.49 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 37.49.230.49,/push /submit.php GET POST %windir%\sysnative\rundll32.exe 0
192.3.248.194 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 service-ki610gks-1304230653.hk.apigw.tencentcs.com,/j.ad /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
192.3.248.194 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 service-ki610gks-1304230653.hk.apigw.tencentcs.com,/load /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
3.138.198.248 80 1.62022E+12 x86 0 (HTTP) 80 20000 20 3.138.198.248,/oscp/ /oscp/a/ GET POST %windir%\syswow64\rundll32.exe 1876405307
3.138.198.248 80 1.62022E+12 x64 0 (HTTP) 80 20000 20 3.138.198.248,/oscp/ /oscp/a/ GET POST %windir%\sysnative\rundll32.exe 1876405307
3.138.198.248 443 1.62022E+12 x86 8 (HTTPS) 443 20000 20 3.138.198.248,/oscp/ /oscp/a/ GET POST %windir%\syswow64\rundll32.exe 1876405307
3.138.198.248 443 1.62022E+12 x64 8 (HTTPS) 443 20000 20 3.138.198.248,/oscp/ /oscp/a/ GET POST %windir%\sysnative\rundll32.exe 1876405307
111.229.209.205 80 1.62022E+12 x86 0 (HTTP) 80 3000 0 service-pgxzsrsf-1304480121.sh.apigw.tencentcs.com,/api/getit /api/postit GET POST %windir%\syswow64\rundll32.exe 1359593325
111.229.209.205 80 1.62022E+12 x64 0 (HTTP) 80 3000 0 service-pgxzsrsf-1304480121.sh.apigw.tencentcs.com,/api/getit /api/postit GET POST %windir%\sysnative\rundll32.exe 1359593325
111.229.209.205 443 1.62022E+12 x86 8 (HTTPS) 443 3000 0 service-pgxzsrsf-1304480121.sh.apigw.tencentcs.com,/api/getit /api/postit GET POST %windir%\syswow64\rundll32.exe 1359593325
111.229.209.205 443 1.62022E+12 x64 8 (HTTPS) 443 3000 0 service-pgxzsrsf-1304480121.sh.apigw.tencentcs.com,/api/getit /api/postit GET POST %windir%\sysnative\rundll32.exe 1359593325
49.234.33.106 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 49.234.33.106,/en_US/all.js /submit.php GET POST %windir%\syswow64\rundll32.exe 1
49.234.33.106 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 49.234.33.106,/g.pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1
180.101.25.48 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 180.101.25.48,/cm Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
180.101.25.48 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 180.101.25.48,/en_US/all.js Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
195.248.234.191 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 195.248.234.191,/activity /submit.php GET POST %windir%\syswow64\rundll32.exe 0
195.248.234.191 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 195.248.234.191,/en_US/all.js /submit.php GET POST %windir%\sysnative\rundll32.exe 0
95.217.123.74 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 95.217.123.74,/ga.js /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
95.217.123.74 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 95.217.123.74,/match /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
159.65.36.16 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 159.65.36.16,/cm /submit.php GET POST %windir%\syswow64\rundll32.exe 0
159.65.36.16 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 159.65.36.16,/dpixel /submit.php GET POST %windir%\sysnative\rundll32.exe 0
159.65.36.16 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 159.65.36.16,/push /submit.php GET POST %windir%\syswow64\rundll32.exe 0
159.65.36.16 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 159.65.36.16,/updates.rss /submit.php GET POST %windir%\sysnative\rundll32.exe 0
159.65.36.16 8080 1.62022E+12 x86 0 (HTTP) 8080 60000 0 192.95.16.245,/ga.js /submit.php GET POST %windir%\syswow64\rundll32.exe 0
159.65.36.16 8080 1.62022E+12 x64 0 (HTTP) 8080 60000 0 192.95.16.245,/pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 0
108.166.223.199 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 108.166.223.199,/dot.gif /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
108.166.223.199 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 108.166.223.199,/__utm.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
78.141.206.109 80 1.62022E+12 x86 0 (HTTP) 80 3000 0 poisonivy.xyz,/image/ /history/ GET POST %windir%\syswow64\notepad.exe 1359593325
78.141.206.109 80 1.62022E+12 x64 0 (HTTP) 80 3000 0 poisonivy.xyz,/image/ /history/ GET POST %windir%\sysnative\notepad.exe 1359593325
103.52.152.8 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 103.52.152.8,/match Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
103.52.152.8 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 103.52.152.8,/cm Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
54.186.43.66 80 1.62022E+12 x86 0 (HTTP) 80 62132 37 54.186.43.66,/ch.css /lv GET POST %windir%\syswow64\WUAUCLT.exe 2083419195
54.186.43.66 80 1.62022E+12 x64 0 (HTTP) 80 62132 37 54.186.43.66,/mobile-home.css /Content GET POST %windir%\sysnative\WUAUCLT.exe 2083419195
54.186.43.66 443 1.62022E+12 x86 8 (HTTPS) 443 62132 37 54.186.43.66,/ch.css /fam_cart GET POST %windir%\syswow64\WUAUCLT.exe 2083419195
54.186.43.66 443 1.62022E+12 x64 8 (HTTPS) 443 62132 37 54.186.43.66,/mobile-home.css /Content GET POST %windir%\sysnative\WUAUCLT.exe 2083419195
107.155.48.58 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 www.imqc.tk,/g.pixel /submit.php GET POST %windir%\syswow64\rundll32.exe 1
107.155.48.58 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 www.imqc.tk,/fwlink /submit.php GET POST %windir%\sysnative\rundll32.exe 1
116.62.115.46 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 255 116.62.115.46,/dot.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATM) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
116.62.115.46 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 255 116.62.115.46,/ptj Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
67.43.234.25 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 31.44.184.232,/pixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
67.43.234.25 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 31.44.184.232,/__utm.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 0
45.170.245.190 80 1.62022E+12 x86 0 (HTTP) 80 60000 0 159.65.36.16,/cm /submit.php GET POST %windir%\syswow64\rundll32.exe 0
45.170.245.190 80 1.62022E+12 x64 0 (HTTP) 80 60000 0 159.65.36.16,/dpixel /submit.php GET POST %windir%\sysnative\rundll32.exe 0
45.170.245.190 443 1.62022E+12 x86 8 (HTTPS) 443 60000 0 159.65.36.16,/push /submit.php GET POST %windir%\syswow64\rundll32.exe 0
45.170.245.190 443 1.62022E+12 x64 8 (HTTPS) 443 60000 0 159.65.36.16,/updates.rss /submit.php GET POST %windir%\sysnative\rundll32.exe 0
45.170.245.190 8080 1.62022E+12 x86 0 (HTTP) 8080 60000 0 192.95.16.245,/ga.js /submit.php GET POST %windir%\syswow64\rundll32.exe 0
45.170.245.190 8080 1.62022E+12 x64 0 (HTTP) 8080 60000 0 192.95.16.245,/pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 0
195.149.87.136 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 195.149.87.136,/ca /submit.php GET POST %windir%\syswow64\rundll32.exe 1580103814
195.149.87.136 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 195.149.87.136,/ptj /submit.php GET POST %windir%\sysnative\rundll32.exe 1580103814
185.158.249.232 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 185.158.249.232,/dot.gif /submit.php GET POST %windir%\syswow64\rundll32.exe 0
185.158.249.232 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 185.158.249.232,/g.pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 0
54.186.43.66 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 54.186.43.66,/push /submit.php GET POST %windir%\syswow64\rundll32.exe 2083419195
54.186.43.66 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 54.186.43.66,/pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 2083419195
182.92.103.213 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 182.92.103.213,/en_US/all.js /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
182.92.103.213 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 182.92.103.213,/ga.js /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
185.237.165.67 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 192.168.0.111,/ptj /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
185.237.165.67 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 192.168.0.111,/g.pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
185.237.165.67 8080 1.61988E+12 x86 0 (HTTP) 8080 60000 0 185.237.165.67,/visit.js /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
185.237.165.67 8080 1.61988E+12 x64 0 (HTTP) 8080 60000 0 185.237.165.67,/activity /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
175.24.138.70 8080 1.61988E+12 x86 0 (HTTP) 8080 60000 0 255 175.24.138.70,/pixel Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
175.24.138.70 8080 1.61988E+12 x64 0 (HTTP) 8080 60000 0 255 175.24.138.70,/fwlink Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
175.24.62.158 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 175.24.62.158,/pixel Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
175.24.62.158 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 175.24.62.158,/updates.rss Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;PTBR) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
155.94.149.237 80 1.61988E+12 x86 0 (HTTP) 80 59000 0 155.94.149.237,/api/update.js /jquery GET POST %windir%\syswow64\rundll32.exe 1359593325
155.94.149.237 80 1.61988E+12 x64 0 (HTTP) 80 59000 0 155.94.149.237,/api/update.js /jquery GET POST %windir%\sysnative\rundll32.exe 1359593325
149.28.21.217 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 test.axibala.club,/cm Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
149.28.21.217 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 test.axibala.club,/ga.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
121.37.139.238 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 121.37.139.238,/ptj Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
121.37.139.238 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 121.37.139.238,/updates.rss Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
118.195.172.251 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 118.195.172.251,/cx Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
118.195.172.251 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 118.195.172.251,/IE9CompatViewList.xml Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
139.155.27.71 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 139.155.27.71,/en_US/all.js /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
139.155.27.71 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 139.155.27.71,/dpixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
120.92.139.155 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 120.92.139.155,/en_US/all.js /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
120.92.139.155 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 120.92.139.155,/ptj /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
120.92.107.55 80 1.61988E+12 x86 0 (HTTP) 80 3000 0 255 service-p44yb571-1300400844.cd.apigw.tencentcs.com,/script/VUE/src/main.js Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0 /api/postit 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 1711276032
120.92.107.55 80 1.61988E+12 x64 0 (HTTP) 80 3000 0 255 service-p44yb571-1300400844.cd.apigw.tencentcs.com,/script/VUE/src/main.js Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0 /api/postit 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 1711276032
104.248.148.74 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 104.248.148.74,/en_US/all.js Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
104.248.148.74 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 104.248.148.74,/cx Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
123.56.76.98 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 123.56.76.98,/push /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
123.56.76.98 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 123.56.76.98,/j.ad /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
47.106.238.99 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 47.106.238.99,/load Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
47.106.238.99 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 47.106.238.99,/j.ad Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
124.70.89.118 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 192.168.20.61,/g.pixel Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MALNJS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
124.70.89.118 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 192.168.20.61,/cm Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
121.43.128.7 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 121.43.128.7,/cx Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
121.43.128.7 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 121.43.128.7,/g.pixel Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAARJS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
117.78.10.129 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 117.78.10.129,/g.pixel Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; FunWebProducts) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
117.78.10.129 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 117.78.10.129,/dpixel Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM; MANM) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
114.55.173.68 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 114.55.173.68,/IE9CompatViewList.xml /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
114.55.173.68 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 114.55.173.68,/g.pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
113.31.118.7 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 113.31.118.7,/pixel Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
113.31.118.7 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 113.31.118.7,/g.pixel Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Avant Browser) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
107.155.48.58 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 www.imqc.tk,/j.ad /submit.php GET POST %windir%\sysnative\rundll32.exe 1
106.52.152.85 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 106.52.152.85,/IE9CompatViewList.xml Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
106.52.152.85 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 106.52.152.85,/push Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;NLNL) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
13.51.149.17 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 13.51.149.17,/cm /submit.php GET POST %windir%\syswow64\rundll32.exe 426352781
13.51.149.17 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 13.51.149.17,/cx /submit.php GET POST %windir%\sysnative\rundll32.exe 426352781
47.99.178.84 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 47.99.178.84,/ga.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ESES) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
47.99.178.84 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 47.99.178.84,/cx Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
101.132.149.198 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 255 101.132.149.198,/j.ad Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
101.132.149.198 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 255 101.132.149.198,/match Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
45.32.92.183 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 45.32.92.183,/j.ad /submit.php GET POST %windir%\syswow64\rundll32.exe 0
45.32.92.183 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 45.32.92.183,/dot.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 0
39.105.4.71 443 1.61988E+12 x86 8 (HTTPS) 443 50000 0 255 cnqax.herokuapp.com,/includes/googlesg/sgmodels.php Mozilla/5.0 (Linux; Android 5.0; SM-G920A) AppleWebKit (KHTML, like Gecko) Chrome Mobile Safari /includes/googlesg/searching.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
39.105.4.71 443 1.61988E+12 x64 8 (HTTPS) 443 50000 0 255 cnqax.herokuapp.com,/includes/googlesg/sgmodels.php Mozilla/5.0 (Linux; Android 5.0; SM-G920A) AppleWebKit (KHTML, like Gecko) Chrome Mobile Safari /includes/googlesg/searching.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
45.77.12.223 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 255 tscf.3322.org,/push Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
45.77.12.223 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 255 tscf.3322.org,/dot.gif Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
39.109.116.2 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 59.151.40.186,/pixel,120.132.70.253,/en_US/all.js Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
39.109.116.2 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 59.151.40.186,/g.pixel,120.132.70.253,/ga.js Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
72.45.135.213 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 72.45.135.213,/push /submit.php GET POST %windir%\syswow64\rundll32.exe 1495712096
72.45.135.213 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 72.45.135.213,/load /submit.php GET POST %windir%\sysnative\rundll32.exe 1495712096
74.121.191.2 8080 1.61988E+12 x86 0 (HTTP) 8080 60000 0 192.95.16.245,/dpixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
74.121.191.2 8080 1.61988E+12 x64 0 (HTTP) 8080 60000 0 192.95.16.245,/fwlink /submit.php GET POST %windir%\sysnative\rundll32.exe 0
62.234.130.153 443 1.61988E+12 x86 8 (HTTPS) 443 41000 35 255 service-083g6l1k-1258558004.hk.apigw.tencentcs.com,/api/x Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) /api/y 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
62.234.130.153 443 1.61988E+12 x64 8 (HTTPS) 443 41000 35 255 service-083g6l1k-1258558004.hk.apigw.tencentcs.com,/api/x Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) /api/y 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
45.153.184.167 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 45.153.184.167,/__utm.gif /___utm.gif GET POST %windir%\syswow64\rundll32.exe 1359593325
45.153.184.167 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 45.153.184.167,/__utm.gif /___utm.gif GET POST %windir%\sysnative\rundll32.exe 1359593325
62.171.142.145 80 1.61988E+12 x86 0 (HTTP) 80 3000 0 255 service-pfzr9eww-1304703456.hk.apigw.tencentcs.com,/api/getit Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) /api/postit 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
62.171.142.145 80 1.61988E+12 x64 0 (HTTP) 80 3000 0 255 service-pfzr9eww-1304703456.hk.apigw.tencentcs.com,/api/getit Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) /api/postit 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
45.76.202.78 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 45.76.202.78,/IE9CompatViewList.xml Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MDDCJS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
45.76.202.78 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 45.76.202.78,/j.ad Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
45.199.160.117 8080 1.61988E+12 x86 0 (HTTP) 8080 60000 0 255 45.199.160.117,/IE9CompatViewList.xml Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
45.199.160.117 8080 1.61988E+12 x64 0 (HTTP) 8080 60000 0 255 45.199.160.117,/en_US/all.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATP; MATP) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
39.101.135.182 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 39.101.135.182,/match Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP08; MAAU; NP08) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
39.101.135.182 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 39.101.135.182,/push Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
45.141.84.30 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 45.141.84.30,/g.pixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
45.141.84.30 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 45.141.84.30,/activity /submit.php GET POST %windir%\sysnative\rundll32.exe 0
35.224.197.52 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 35.224.197.52,/ga.js /submit.php GET POST %windir%\syswow64\rundll32.exe 384504866
35.224.197.52 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 35.224.197.52,/__utm.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 384504866
49.234.93.169 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 49.234.93.169,/dpixel Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; ASU2JS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
49.234.93.169 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 49.234.93.169,/cx Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
49.234.93.169 8080 1.61988E+12 x86 0 (HTTP) 8080 60000 0 255 oneselfers.ml,/g.pixel Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
49.234.93.169 8080 1.61988E+12 x64 0 (HTTP) 8080 60000 0 255 oneselfers.ml,/ga.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATM) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
47.92.242.153 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 255 47.92.242.153,/activity Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
47.92.242.153 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 255 47.92.242.153,/j.ad Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSSEM) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
39.105.24.37 80 1.61988E+12 x86 1 (Hybrid HTTP DNS) 1 60000 0 255 ns1.wahahatest.xyz,/cm,ns2.wahahatest.xyz,/push Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;NLNL) /submit.php \\%s\pipe\msagent_%x 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
39.105.24.37 80 1.61988E+12 x64 1 (Hybrid HTTP DNS) 1 60000 0 255 ns1.wahahatest.xyz,/en_US/all.js,ns2.wahahatest.xyz,/updates.rss Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM) /submit.php \\%s\pipe\msagent_%x 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
34.244.119.50 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 34.244.119.50,/j.ad /submit.php GET POST %windir%\syswow64\rundll32.exe 26982953
34.244.119.50 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 34.244.119.50,/pixel.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 26982953
47.242.215.222 443 1.61988E+12 x86 8 (HTTPS) 443 10000 0 47.242.215.222,/wp-content/themes/calliope/wp_data.php /jquery-3.3.2.min.js GET POST %windir%\syswow64\rundll32.exe 574247
47.242.215.222 443 1.61988E+12 x64 8 (HTTPS) 443 10000 0 47.242.215.222,/wp-content/themes/calliope/wp_data.php /jquery-3.3.2.min.js GET POST %windir%\sysnative\rundll32.exe 574247
45.112.206.13 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 45.112.206.13,/cx Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
45.112.206.13 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 45.112.206.13,/pixel Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; NP07; NP07) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
45.112.206.13 8080 1.61988E+12 x86 0 (HTTP) 8080 60000 0 255 45.112.206.13,/ga.js Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
45.112.206.13 8080 1.61988E+12 x64 0 (HTTP) 8080 60000 0 255 45.112.206.13,/fwlink Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
45.112.206.18 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 45.112.206.13,/cx Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
45.112.206.18 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 45.112.206.13,/pixel Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; NP07; NP07) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
45.112.206.18 8080 1.61988E+12 x86 0 (HTTP) 8080 60000 0 255 45.112.206.13,/ga.js Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
45.112.206.18 8080 1.61988E+12 x64 0 (HTTP) 8080 60000 0 255 45.112.206.13,/fwlink Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
45.32.75.25 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 45.32.75.25,/dot.gif Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
45.32.75.25 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 45.32.75.25,/cm Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
45.170.245.190 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 159.65.36.16,/dpixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
45.170.245.190 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 159.65.36.16,/ptj /submit.php GET POST %windir%\sysnative\rundll32.exe 0
45.170.245.190 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 159.65.36.16,/__utm.gif /submit.php GET POST %windir%\syswow64\rundll32.exe 0
45.170.245.190 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 159.65.36.16,/load /submit.php GET POST %windir%\sysnative\rundll32.exe 0
45.170.245.190 8080 1.61988E+12 x86 0 (HTTP) 8080 60000 0 192.95.16.245,/dpixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
45.170.245.190 8080 1.61988E+12 x64 0 (HTTP) 8080 60000 0 192.95.16.245,/fwlink /submit.php GET POST %windir%\sysnative\rundll32.exe 0
45.144.225.235 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 btv.hldns.ru,/ptj /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
45.144.225.235 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 btv.hldns.ru,/pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325
42.194.133.101 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 255 42.194.133.101,/en_US/all.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
42.194.133.101 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 255 42.194.133.101,/visit.js Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
42.193.220.214 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 255 42.193.220.214,/updates.rss Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 0
42.193.220.214 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 255 42.193.220.214,/updates.rss Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 0
42.193.188.187 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 255 10.10.16.2,/g.pixel Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS125526) /submit.php 0.0.0.0 0 GET POST %windir%\syswow64\rundll32.exe 305419896
42.193.188.187 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 255 10.10.16.2,/ga.js Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS) /submit.php 0.0.0.0 0 GET POST %windir%\sysnative\rundll32.exe 305419896
31.44.184.232 80 1.61988E+12 x86 0 (HTTP) 80 60000 0 31.44.184.232,/pixel /submit.php GET POST %windir%\syswow64\rundll32.exe 0
31.44.184.232 80 1.61988E+12 x64 0 (HTTP) 80 60000 0 31.44.184.232,/__utm.gif /submit.php GET POST %windir%\sysnative\rundll32.exe 0
5.154.191.140 443 1.61988E+12 x86 8 (HTTPS) 443 60000 0 5.154.191.141,/j.ad,5.154.191.140,/dpixel /submit.php GET POST %windir%\syswow64\rundll32.exe 1359593325
5.154.191.140 443 1.61988E+12 x64 8 (HTTPS) 443 60000 0 5.154.191.141,/push,5.154.191.140,/pixel /submit.php GET POST %windir%\sysnative\rundll32.exe 1359593325