Edit tour

Windows Analysis Report
UrQrIdRfCg.exe

Overview

General Information

Sample Name:	UrQrIdRfCg.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original Sample Name:	00412b1705c11120ea07162fb6d5f0b81808b0713ff04dce3a701bbc21be2a50
Analysis ID:	821602
MD5:	c6ec5ad9379fccc298bc9dbbed553d12
SHA1:	179f9bbc3a626984d5e9b38585e8546a531cc619
SHA256:	00412b1705c11120ea07162fb6d5f0b81808b0713ff04dce3a701bbc21be2a50
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Connects to many ports of the same IP (likely port scanning)

Uses known network protocols on non-standard ports

Machine Learning detection for sample

May check the online IP address of the machine

Uses 32bit PE files

Yara signature match

Adds / modifies Windows certificates

Uses a known web browser user agent for HTTP communication

May sleep (evasive loops) to hinder dynamic analysis

Detected TCP or UDP traffic on non-standard ports

Connects to several IPs in different countries

Stores large binary data to the registry

JA3 SSL client fingerprint seen in connection with other malware

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w7x64

UrQrIdRfCg.exe (PID: 1404 cmdline: C:\Users\user\Desktop\UrQrIdRfCg.exe MD5: C6EC5AD9379FCCC298BC9DBBED553D12)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
UrQrIdRfCg.exe	CN_Honker_WordpressScanner	Sample from CN Honker Pentest Toolset - file WordpressScanner.exe	Florian Roth (Nextron Systems)	0xaf5b8:$s0: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) 0xb9714:$s1: (http://www.eyuyan.com) 0xa5cfc:$s2: GetConnectString 0xb4cac:$s4: #if !defined(AFX_RESOURCE_DLL) \|\| defined(AFX_TARG_CHS)

Unpacked PEs

Source	Rule	Description	Author	Strings
1.0.UrQrIdRfCg.exe.400000.0.unpack	CN_Honker_WordpressScanner	Sample from CN Honker Pentest Toolset - file WordpressScanner.exe	Florian Roth (Nextron Systems)	0xaf5b8:$s0: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) 0xb9714:$s1: (http://www.eyuyan.com) 0xa5cfc:$s2: GetConnectString 0xb4cac:$s4: #if !defined(AFX_RESOURCE_DLL) \|\| defined(AFX_TARG_CHS)

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: UrQrIdRfCg.exe	ReversingLabs: Detection: 52%
Source: UrQrIdRfCg.exe	Virustotal: Detection: 52%			Perma Link

Machine Learning detection for sample

Source: UrQrIdRfCg.exe

Joe Sandbox ML: detected

Source: UrQrIdRfCg.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49185 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49219 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49254 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49271 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49300 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49331 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49361 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49378 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49408 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49439 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49469 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49503 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49528 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49558 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49588 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49617 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49646 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49670 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49699 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49728 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49758 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49788 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49818 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49847 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49878 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49909 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49938 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49969 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:50000 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:50046 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:50063 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:50093 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:50123 version: TLS 1.0

Source: unknown

HTTPS traffic detected: 104.18.10.5:443 -> 192.168.2.22:49171 version: TLS 1.2

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 45.114.145.108 ports 0,2,3,32650,5,6
Source: global traffic	TCP traffic: 41.77.13.186 ports 53281,1,2,3,5,8
Source: global traffic	TCP traffic: 64.225.4.17 ports 9994,9981,9976,6,7,9979,9,9969
Source: global traffic	TCP traffic: 106.14.47.96 ports 9443,21001,9401,10939,0,10800,1,10568,4,8,10000,10563,10398,11135,10210,10048,10102,10566
Source: global traffic	TCP traffic: 43.255.113.232 ports 8080,8081,8086,0,8,82,85
Source: global traffic	TCP traffic: 46.161.195.104 ports 1976,1,6,1981,7,9
Source: global traffic	TCP traffic: 94.247.241.70 ports 0,3,4,5,6,53640
Source: global traffic	TCP traffic: 117.160.250.133 ports 8080,8081,0,8,80,81,8828
Source: global traffic	TCP traffic: 117.160.250.132 ports 8080,8081,0,1,8,80,9999,82
Source: global traffic	TCP traffic: 117.160.250.163 ports 8081,2,8,82,9999,8828
Source: global traffic	TCP traffic: 65.108.230.239 ports 38573,44321,37113,0,4,40809,8,9
Source: global traffic	TCP traffic: 103.155.217.156 ports 41482,41475,41478,1,4,5,7

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49175
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49176
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49177
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49186
Source: unknown	Network traffic detected: HTTP traffic on port 999 -> 49172
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49191
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49193
Source: unknown	Network traffic detected: HTTP traffic on port 10048 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49196
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49199
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49203
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49205
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49210
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49213
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49212
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49208
Source: unknown	Network traffic detected: HTTP traffic on port 10048 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 8999 -> 49229
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49239
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49238
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 49240
Source: unknown	Network traffic detected: HTTP traffic on port 8828 -> 49243
Source: unknown	Network traffic detected: HTTP traffic on port 7890 -> 49248
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49250
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49251
Source: unknown	Network traffic detected: HTTP traffic on port 10048 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49276
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49277
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49283
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49292
Source: unknown	Network traffic detected: HTTP traffic on port 21001 -> 49293
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49294
Source: unknown	Network traffic detected: HTTP traffic on port 4007 -> 49304
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49307
Source: unknown	Network traffic detected: HTTP traffic on port 8181 -> 49317
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49328
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49329
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49324
Source: unknown	Network traffic detected: HTTP traffic on port 9090 -> 49338
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49342
Source: unknown	Network traffic detected: HTTP traffic on port 8088 -> 49345
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49351
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49353
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49358
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49362
Source: unknown	Network traffic detected: HTTP traffic on port 40809 -> 49366
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49364
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49369
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49371
Source: unknown	Network traffic detected: HTTP traffic on port 3129 -> 49350
Source: unknown	Network traffic detected: HTTP traffic on port 8282 -> 49367
Source: unknown	Network traffic detected: HTTP traffic on port 8181 -> 49376
Source: unknown	Network traffic detected: HTTP traffic on port 8282 -> 49367
Source: unknown	Network traffic detected: HTTP traffic on port 8282 -> 49367
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49395
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49397
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49396
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49398
Source: unknown	Network traffic detected: HTTP traffic on port 8083 -> 49392
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49406
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49409
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49412
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49413
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49414
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49419
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49426
Source: unknown	Network traffic detected: HTTP traffic on port 40809 -> 49433
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49434
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49438
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49442
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49430
Source: unknown	Network traffic detected: HTTP traffic on port 9090 -> 49451
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49449
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49456
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49457
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49462
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49464
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 49465
Source: unknown	Network traffic detected: HTTP traffic on port 1994 -> 49470
Source: unknown	Network traffic detected: HTTP traffic on port 10566 -> 49479
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49483
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49493
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49498
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49500
Source: unknown	Network traffic detected: HTTP traffic on port 10566 -> 49479
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49510
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49513
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49525
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49530
Source: unknown	Network traffic detected: HTTP traffic on port 10566 -> 49479
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49549
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49550
Source: unknown	Network traffic detected: HTTP traffic on port 999 -> 49541
Source: unknown	Network traffic detected: HTTP traffic on port 10048 -> 49551
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49530
Source: unknown	Network traffic detected: HTTP traffic on port 10000 -> 49552
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49567
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49566
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49560
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49575
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49569
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49580
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49582
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49587
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49591
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49596
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49603
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49602
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49604
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49606
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49605
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49610
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49619
Source: unknown	Network traffic detected: HTTP traffic on port 5443 -> 49608
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49621
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49630
Source: unknown	Network traffic detected: HTTP traffic on port 40809 -> 49634
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49641
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49640
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49650
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49664
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49665
Source: unknown	Network traffic detected: HTTP traffic on port 10515 -> 49669
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49677
Source: unknown	Network traffic detected: HTTP traffic on port 44321 -> 49679
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49685
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 8828 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 38573 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 1981 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 10515 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 8086 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 10102 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 1976 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 8083 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 37113 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 8828 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 8118 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 8899 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 999 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 8443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 10210 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50146

May check the online IP address of the machine

Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	DNS query: name: www.89ip.cn

Source: global traffic	HTTP traffic detected: GET /v2/?request=getproxies&protocol=http&timeout=10000&country=all&ssl=all&anonymity=all HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Accept: /Host: api.proxyscrape.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn

Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 45.174.87.18:999
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 46.229.73.19:8080
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 123.207.26.110:7777
Source: global traffic	TCP traffic: 192.168.2.22:49175 -> 58.57.170.154:9002
Source: global traffic	TCP traffic: 192.168.2.22:49176 -> 140.210.198.96:3128
Source: global traffic	TCP traffic: 192.168.2.22:49177 -> 120.195.150.91:9091
Source: global traffic	TCP traffic: 192.168.2.22:49180 -> 103.123.64.234:3128
Source: global traffic	TCP traffic: 192.168.2.22:49181 -> 23.99.68.187:8081
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 106.14.47.96:10048
Source: global traffic	TCP traffic: 192.168.2.22:49187 -> 70.65.108.90:3128
Source: global traffic	TCP traffic: 192.168.2.22:49188 -> 222.247.57.67:9002
Source: global traffic	TCP traffic: 192.168.2.22:49189 -> 83.243.92.154:8080
Source: global traffic	TCP traffic: 192.168.2.22:49191 -> 58.20.235.231:9002
Source: global traffic	TCP traffic: 192.168.2.22:49192 -> 41.76.156.90:36496
Source: global traffic	TCP traffic: 192.168.2.22:49193 -> 121.31.35.98:9091
Source: global traffic	TCP traffic: 192.168.2.22:49194 -> 111.225.153.17:8089
Source: global traffic	TCP traffic: 192.168.2.22:49195 -> 188.235.0.207:8282
Source: global traffic	TCP traffic: 192.168.2.22:49196 -> 123.159.126.27:8085
Source: global traffic	TCP traffic: 192.168.2.22:49197 -> 221.132.28.18:8090
Source: global traffic	TCP traffic: 192.168.2.22:49198 -> 111.8.226.108:9091
Source: global traffic	TCP traffic: 192.168.2.22:49199 -> 110.185.211.43:9999
Source: global traffic	TCP traffic: 192.168.2.22:49201 -> 103.176.96.131:8080
Source: global traffic	TCP traffic: 192.168.2.22:49202 -> 117.69.230.203:8089
Source: global traffic	TCP traffic: 192.168.2.22:49203 -> 113.195.207.249:9091
Source: global traffic	TCP traffic: 192.168.2.22:49204 -> 59.48.218.218:9091
Source: global traffic	TCP traffic: 192.168.2.22:49205 -> 183.238.32.234:9002
Source: global traffic	TCP traffic: 192.168.2.22:49207 -> 110.34.3.229:3128
Source: global traffic	TCP traffic: 192.168.2.22:49208 -> 112.26.81.142:9091
Source: global traffic	TCP traffic: 192.168.2.22:49209 -> 154.236.177.117:1976
Source: global traffic	TCP traffic: 192.168.2.22:49210 -> 42.228.61.245:9091
Source: global traffic	TCP traffic: 192.168.2.22:49212 -> 191.252.219.48:8888
Source: global traffic	TCP traffic: 192.168.2.22:49213 -> 123.130.115.217:9091
Source: global traffic	TCP traffic: 192.168.2.22:49214 -> 177.136.86.145:999
Source: global traffic	TCP traffic: 192.168.2.22:49215 -> 198.59.191.234:8080
Source: global traffic	TCP traffic: 192.168.2.22:49216 -> 123.60.139.197:6969
Source: global traffic	TCP traffic: 192.168.2.22:49218 -> 43.255.113.232:8080
Source: global traffic	TCP traffic: 192.168.2.22:49220 -> 201.187.103.18:8080
Source: global traffic	TCP traffic: 192.168.2.22:49221 -> 201.229.250.21:8080
Source: global traffic	TCP traffic: 192.168.2.22:49222 -> 154.79.245.166:32650
Source: global traffic	TCP traffic: 192.168.2.22:49223 -> 223.247.46.237:8089
Source: global traffic	TCP traffic: 192.168.2.22:49224 -> 65.108.157.52:8080
Source: global traffic	TCP traffic: 192.168.2.22:49225 -> 41.77.13.186:53281
Source: global traffic	TCP traffic: 192.168.2.22:49226 -> 117.160.250.133:8080
Source: global traffic	TCP traffic: 192.168.2.22:49229 -> 47.98.219.185:8999
Source: global traffic	TCP traffic: 192.168.2.22:49230 -> 45.188.166.52:1994
Source: global traffic	TCP traffic: 192.168.2.22:49232 -> 64.225.4.17:9976
Source: global traffic	TCP traffic: 192.168.2.22:49233 -> 178.128.219.124:8080
Source: global traffic	TCP traffic: 192.168.2.22:49234 -> 97.78.161.170:8123
Source: global traffic	TCP traffic: 192.168.2.22:49235 -> 49.232.201.174:8080
Source: global traffic	TCP traffic: 192.168.2.22:49236 -> 178.115.243.26:8080
Source: global traffic	TCP traffic: 192.168.2.22:49237 -> 103.164.151.51:3125
Source: global traffic	TCP traffic: 192.168.2.22:49238 -> 117.160.250.130:81
Source: global traffic	TCP traffic: 192.168.2.22:49239 -> 58.246.58.150:9002
Source: global traffic	TCP traffic: 192.168.2.22:49240 -> 117.160.250.132:8081
Source: global traffic	TCP traffic: 192.168.2.22:49241 -> 123.182.59.214:8089
Source: global traffic	TCP traffic: 192.168.2.22:49244 -> 38.51.232.23:8080
Source: global traffic	TCP traffic: 192.168.2.22:49247 -> 220.179.211.139:8089
Source: global traffic	TCP traffic: 192.168.2.22:49248 -> 184.168.122.103:7890
Source: global traffic	TCP traffic: 192.168.2.22:49250 -> 185.63.34.3:3128
Source: global traffic	TCP traffic: 192.168.2.22:49251 -> 211.138.6.37:9091
Source: global traffic	TCP traffic: 192.168.2.22:49252 -> 113.53.61.185:8080
Source: global traffic	TCP traffic: 192.168.2.22:49259 -> 45.229.205.191:55555
Source: global traffic	TCP traffic: 192.168.2.22:49260 -> 183.165.224.242:8089
Source: global traffic	TCP traffic: 192.168.2.22:49261 -> 120.34.253.243:8089
Source: global traffic	TCP traffic: 192.168.2.22:49262 -> 223.207.109.234:8080
Source: global traffic	TCP traffic: 192.168.2.22:49265 -> 77.238.79.111:8080
Source: global traffic	TCP traffic: 192.168.2.22:49267 -> 47.88.11.3:10
Source: global traffic	TCP traffic: 192.168.2.22:49268 -> 183.89.67.197:8080
Source: global traffic	TCP traffic: 192.168.2.22:49269 -> 49.144.17.56:8080
Source: global traffic	TCP traffic: 192.168.2.22:49270 -> 113.160.159.160:19132
Source: global traffic	TCP traffic: 192.168.2.22:49272 -> 179.190.97.135:8080
Source: global traffic	TCP traffic: 192.168.2.22:49273 -> 223.215.177.178:8089
Source: global traffic	TCP traffic: 192.168.2.22:49277 -> 117.159.37.40:9091
Source: global traffic	TCP traffic: 192.168.2.22:49278 -> 190.187.208.171:999
Source: global traffic	TCP traffic: 192.168.2.22:49279 -> 222.179.155.90:9091
Source: global traffic	TCP traffic: 192.168.2.22:49280 -> 170.244.27.242:8888
Source: global traffic	TCP traffic: 192.168.2.22:49281 -> 144.217.7.157:5566
Source: global traffic	TCP traffic: 192.168.2.22:49285 -> 121.40.115.140:1337
Source: global traffic	TCP traffic: 192.168.2.22:49286 -> 118.174.65.37:8080
Source: global traffic	TCP traffic: 192.168.2.22:49289 -> 43.138.138.164:8080
Source: global traffic	TCP traffic: 192.168.2.22:49291 -> 14.140.131.82:3128
Source: global traffic	TCP traffic: 192.168.2.22:49292 -> 116.234.209.15:9002
Source: global traffic	TCP traffic: 192.168.2.22:49294 -> 180.126.196.246:9002
Source: global traffic	TCP traffic: 192.168.2.22:49295 -> 85.117.60.133:8080
Source: global traffic	TCP traffic: 192.168.2.22:49297 -> 176.192.70.58:8004
Source: global traffic	TCP traffic: 192.168.2.22:49298 -> 119.18.158.138:8080
Source: global traffic	TCP traffic: 192.168.2.22:49301 -> 47.91.45.198:9999
Source: global traffic	TCP traffic: 192.168.2.22:49303 -> 110.185.185.228:9002
Source: global traffic	TCP traffic: 192.168.2.22:49304 -> 45.61.187.67:4007
Source: global traffic	TCP traffic: 192.168.2.22:49306 -> 160.19.232.85:3128
Source: global traffic	TCP traffic: 192.168.2.22:49307 -> 118.107.44.181:8000
Source: global traffic	TCP traffic: 192.168.2.22:49308 -> 46.209.207.146:8080
Source: global traffic	TCP traffic: 192.168.2.22:49311 -> 190.30.227.13:8080
Source: global traffic	TCP traffic: 192.168.2.22:49313 -> 92.119.71.90:8880
Source: global traffic	TCP traffic: 192.168.2.22:49314 -> 188.132.222.36:8080
Source: global traffic	TCP traffic: 192.168.2.22:49317 -> 18.179.20.228:8181
Source: global traffic	TCP traffic: 192.168.2.22:49318 -> 168.181.87.45:8080
Source: global traffic	TCP traffic: 192.168.2.22:49320 -> 31.186.239.245:8080
Source: global traffic	TCP traffic: 192.168.2.22:49322 -> 189.251.36.131:999
Source: global traffic	TCP traffic: 192.168.2.22:49325 -> 146.158.19.130:8080
Source: global traffic	TCP traffic: 192.168.2.22:49326 -> 94.247.241.70:53640
Source: global traffic	TCP traffic: 192.168.2.22:49327 -> 177.53.214.19:999
Source: global traffic	TCP traffic: 192.168.2.22:49328 -> 64.56.150.102:3128
Source: global traffic	TCP traffic: 192.168.2.22:49329 -> 159.203.61.169:3128
Source: global traffic	TCP traffic: 192.168.2.22:49330 -> 221.226.75.86:55443
Source: global traffic	TCP traffic: 192.168.2.22:49332 -> 124.221.1.180:2080
Source: global traffic	TCP traffic: 192.168.2.22:49333 -> 103.155.217.156:41475
Source: global traffic	TCP traffic: 192.168.2.22:49334 -> 186.226.185.82:666
Source: global traffic	TCP traffic: 192.168.2.22:49335 -> 200.69.67.148:999
Source: global traffic	TCP traffic: 192.168.2.22:49336 -> 156.222.45.181:8080
Source: global traffic	TCP traffic: 192.168.2.22:49337 -> 8.208.90.194:8045
Source: global traffic	TCP traffic: 192.168.2.22:49338 -> 47.90.126.138:9090
Source: global traffic	TCP traffic: 192.168.2.22:49339 -> 91.213.119.246:31551
Source: global traffic	TCP traffic: 192.168.2.22:49341 -> 47.96.16.128:3128
Source: global traffic	TCP traffic: 192.168.2.22:49342 -> 171.35.165.117:8085
Source: global traffic	TCP traffic: 192.168.2.22:49343 -> 95.214.8.128:3128
Source: global traffic	TCP traffic: 192.168.2.22:49344 -> 103.156.17.35:8181
Source: global traffic	TCP traffic: 192.168.2.22:49345 -> 120.27.18.161:8088
Source: global traffic	TCP traffic: 192.168.2.22:49346 -> 103.82.227.22:3128
Source: global traffic	TCP traffic: 192.168.2.22:49347 -> 41.242.116.150:50000
Source: global traffic	TCP traffic: 192.168.2.22:49348 -> 114.231.45.10:8089
Source: global traffic	TCP traffic: 192.168.2.22:49350 -> 105.242.158.92:3129
Source: global traffic	TCP traffic: 192.168.2.22:49351 -> 124.71.142.223:3128
Source: global traffic	TCP traffic: 192.168.2.22:49352 -> 129.154.56.212:8088
Source: global traffic	TCP traffic: 192.168.2.22:49353 -> 123.159.127.74:8085
Source: global traffic	TCP traffic: 192.168.2.22:49354 -> 191.102.254.27:8085
Source: global traffic	TCP traffic: 192.168.2.22:49355 -> 175.111.129.155:8080
Source: global traffic	TCP traffic: 192.168.2.22:49356 -> 200.123.27.162:999
Source: global traffic	TCP traffic: 192.168.2.22:49358 -> 111.225.152.32:8089
Source: global traffic	TCP traffic: 192.168.2.22:49359 -> 206.189.146.13:8080
Source: global traffic	TCP traffic: 192.168.2.22:49362 -> 182.106.220.252:9091
Source: global traffic	TCP traffic: 192.168.2.22:49363 -> 196.204.24.251:8080
Source: global traffic	TCP traffic: 192.168.2.22:49364 -> 120.237.57.83:9091
Source: global traffic	TCP traffic: 192.168.2.22:49366 -> 65.108.230.239:40809
Source: global traffic	TCP traffic: 192.168.2.22:49367 -> 116.63.130.30:8282
Source: global traffic	TCP traffic: 192.168.2.22:49368 -> 47.113.221.120:8085
Source: global traffic	TCP traffic: 192.168.2.22:49370 -> 191.97.15.22:999
Source: global traffic	TCP traffic: 192.168.2.22:49371 -> 117.160.250.163:82
Source: global traffic	TCP traffic: 192.168.2.22:49372 -> 197.32.228.123:8080
Source: global traffic	TCP traffic: 192.168.2.22:49374 -> 120.236.64.75:9002
Source: global traffic	TCP traffic: 192.168.2.22:49375 -> 41.128.148.77:1976
Source: global traffic	TCP traffic: 192.168.2.22:49376 -> 93.180.222.134:8181
Source: global traffic	TCP traffic: 192.168.2.22:49381 -> 154.0.155.205:8080
Source: global traffic	TCP traffic: 192.168.2.22:49382 -> 103.241.204.241:3129
Source: global traffic	TCP traffic: 192.168.2.22:49384 -> 36.6.141.45:8089
Source: global traffic	TCP traffic: 192.168.2.22:49385 -> 102.68.129.54:8080
Source: global traffic	TCP traffic: 192.168.2.22:49389 -> 103.139.126.235:8080
Source: global traffic	TCP traffic: 192.168.2.22:49390 -> 49.0.253.51:9093
Source: global traffic	TCP traffic: 192.168.2.22:49392 -> 139.224.190.222:8083
Source: global traffic	TCP traffic: 192.168.2.22:49394 -> 200.123.29.35:3128
Source: global traffic	TCP traffic: 192.168.2.22:49395 -> 112.51.96.118:9091
Source: global traffic	TCP traffic: 192.168.2.22:49396 -> 39.170.42.90:9091
Source: global traffic	TCP traffic: 192.168.2.22:49397 -> 118.212.152.82:9091
Source: global traffic	TCP traffic: 192.168.2.22:49398 -> 183.234.219.91:9002
Source: global traffic	TCP traffic: 192.168.2.22:49399 -> 186.67.192.246:8080
Source: global traffic	TCP traffic: 192.168.2.22:49400 -> 8.213.129.20:2020
Source: global traffic	TCP traffic: 192.168.2.22:49404 -> 138.204.95.166:8080
Source: global traffic	TCP traffic: 192.168.2.22:49409 -> 38.83.74.2:3128
Source: global traffic	TCP traffic: 192.168.2.22:49410 -> 178.124.170.112:3128
Source: global traffic	TCP traffic: 192.168.2.22:49411 -> 46.161.195.104:1976
Source: global traffic	TCP traffic: 192.168.2.22:49414 -> 211.161.103.139:9091
Source: global traffic	TCP traffic: 192.168.2.22:49415 -> 110.164.162.45:8080
Source: global traffic	TCP traffic: 192.168.2.22:49418 -> 103.150.40.231:8080
Source: global traffic	TCP traffic: 192.168.2.22:49419 -> 60.12.168.114:9002
Source: global traffic	TCP traffic: 192.168.2.22:49420 -> 103.167.68.83:8080
Source: global traffic	TCP traffic: 192.168.2.22:49422 -> 103.125.36.99:3125
Source: global traffic	TCP traffic: 192.168.2.22:49427 -> 121.230.210.240:8089
Source: global traffic	TCP traffic: 192.168.2.22:49428 -> 197.231.204.83:41890
Source: global traffic	TCP traffic: 192.168.2.22:49430 -> 208.109.32.60:81
Source: global traffic	TCP traffic: 192.168.2.22:49431 -> 14.241.111.38:8080
Source: global traffic	TCP traffic: 192.168.2.22:49432 -> 111.40.116.212:9091
Source: global traffic	TCP traffic: 192.168.2.22:49435 -> 31.186.239.246:8080
Source: global traffic	TCP traffic: 192.168.2.22:49436 -> 178.159.124.5:8080
Source: global traffic	TCP traffic: 192.168.2.22:49437 -> 125.17.80.226:8080
Source: global traffic	TCP traffic: 192.168.2.22:49438 -> 211.97.2.197:9002
Source: global traffic	TCP traffic: 192.168.2.22:49440 -> 38.41.0.89:999
Source: global traffic	TCP traffic: 192.168.2.22:49441 -> 27.150.85.44:8089
Source: global traffic	TCP traffic: 192.168.2.22:49442 -> 210.22.77.94:9002
Source: global traffic	TCP traffic: 192.168.2.22:49443 -> 201.184.145.59:999
Source: global traffic	TCP traffic: 192.168.2.22:49446 -> 218.65.6.150:3128
Source: global traffic	TCP traffic: 192.168.2.22:49447 -> 41.216.186.36:8080
Source: global traffic	TCP traffic: 192.168.2.22:49448 -> 189.203.10.141:999
Source: global traffic	TCP traffic: 192.168.2.22:49449 -> 220.248.238.26:9091
Source: global traffic	TCP traffic: 192.168.2.22:49450 -> 188.132.222.35:8080
Source: global traffic	TCP traffic: 192.168.2.22:49451 -> 43.157.121.159:9090
Source: global traffic	TCP traffic: 192.168.2.22:49452 -> 190.113.42.162:999
Source: global traffic	TCP traffic: 192.168.2.22:49453 -> 138.2.9.75:8080
Source: global traffic	TCP traffic: 192.168.2.22:49456 -> 135.181.15.198:3128
Source: global traffic	TCP traffic: 192.168.2.22:49462 -> 112.98.177.27:9091
Source: global traffic	TCP traffic: 192.168.2.22:49464 -> 120.236.41.185:9091
Source: global traffic	TCP traffic: 192.168.2.22:49466 -> 103.156.75.42:8080
Source: global traffic	TCP traffic: 192.168.2.22:49467 -> 94.131.130.142:8085
Source: global traffic	TCP traffic: 192.168.2.22:49468 -> 45.225.184.145:999
Source: global traffic	TCP traffic: 192.168.2.22:49470 -> 100.42.79.61:1994
Source: global traffic	TCP traffic: 192.168.2.22:49475 -> 186.250.29.225:8080
Source: global traffic	TCP traffic: 192.168.2.22:49476 -> 103.163.134.4:8181
Source: global traffic	TCP traffic: 192.168.2.22:49477 -> 103.155.54.26:83
Source: global traffic	TCP traffic: 192.168.2.22:49481 -> 223.247.47.69:8089
Source: global traffic	TCP traffic: 192.168.2.22:49483 -> 111.225.152.238:8089
Source: global traffic	TCP traffic: 192.168.2.22:49484 -> 103.237.78.102:4995
Source: global traffic	TCP traffic: 192.168.2.22:49489 -> 111.225.153.2:8089
Source: global traffic	TCP traffic: 192.168.2.22:49490 -> 103.100.234.195:8080
Source: global traffic	TCP traffic: 192.168.2.22:49491 -> 59.60.0.77:7890
Source: global traffic	TCP traffic: 192.168.2.22:49492 -> 103.6.8.20:32650
Source: global traffic	TCP traffic: 192.168.2.22:49494 -> 68.64.250.38:8080
Source: global traffic	TCP traffic: 192.168.2.22:49498 -> 183.234.85.26:9002
Source: global traffic	TCP traffic: 192.168.2.22:49500 -> 117.139.124.182:9091
Source: global traffic	TCP traffic: 192.168.2.22:49501 -> 94.75.76.3:8080
Source: global traffic	TCP traffic: 192.168.2.22:49505 -> 34.111.224.139:8080
Source: global traffic	TCP traffic: 192.168.2.22:49508 -> 113.161.59.136:8080
Source: global traffic	TCP traffic: 192.168.2.22:49509 -> 103.121.149.69:8080
Source: global traffic	TCP traffic: 192.168.2.22:49511 -> 124.71.149.10:3128
Source: global traffic	TCP traffic: 192.168.2.22:49512 -> 203.89.29.53:6060
Source: global traffic	TCP traffic: 192.168.2.22:49513 -> 221.10.250.51:9091
Source: global traffic	TCP traffic: 192.168.2.22:49516 -> 220.160.205.84:8089
Source: global traffic	TCP traffic: 192.168.2.22:49517 -> 123.171.1.49:8089
Source: global traffic	TCP traffic: 192.168.2.22:49518 -> 123.182.59.163:8089
Source: global traffic	TCP traffic: 192.168.2.22:49519 -> 180.178.103.67:8080
Source: global traffic	TCP traffic: 192.168.2.22:49521 -> 190.90.191.53:999
Source: global traffic	TCP traffic: 192.168.2.22:49522 -> 103.118.44.45:8080
Source: global traffic	TCP traffic: 192.168.2.22:49523 -> 120.37.177.50:9091
Source: global traffic	TCP traffic: 192.168.2.22:49524 -> 163.177.106.4:8001
Source: global traffic	TCP traffic: 192.168.2.22:49526 -> 212.23.217.18:8080
Source: global traffic	TCP traffic: 192.168.2.22:49527 -> 104.194.240.13:8080
Source: global traffic	TCP traffic: 192.168.2.22:49529 -> 103.157.117.8:8080
Source: global traffic	TCP traffic: 192.168.2.22:49530 -> 223.215.176.115:8089
Source: global traffic	TCP traffic: 192.168.2.22:49531 -> 180.92.145.234:8080
Source: global traffic	TCP traffic: 192.168.2.22:49534 -> 191.102.102.114:8080
Source: global traffic	TCP traffic: 192.168.2.22:49536 -> 111.225.153.97:8089
Source: global traffic	TCP traffic: 192.168.2.22:49537 -> 185.146.88.217:8080
Source: global traffic	TCP traffic: 192.168.2.22:49538 -> 168.0.239.224:8787
Source: global traffic	TCP traffic: 192.168.2.22:49539 -> 5.78.31.93:8443
Source: global traffic	TCP traffic: 192.168.2.22:49540 -> 43.230.156.237:41890
Source: global traffic	TCP traffic: 192.168.2.22:49542 -> 120.236.74.210:9002
Source: global traffic	TCP traffic: 192.168.2.22:49543 -> 183.164.244.46:8089
Source: global traffic	TCP traffic: 192.168.2.22:49547 -> 109.73.184.94:23500
Source: global traffic	TCP traffic: 192.168.2.22:49548 -> 50.201.133.122:3366
Source: global traffic	TCP traffic: 192.168.2.22:49552 -> 115.144.100.124:10000
Source: global traffic	TCP traffic: 192.168.2.22:49553 -> 212.154.82.52:9090
Source: global traffic	TCP traffic: 192.168.2.22:49557 -> 123.182.58.233:8089
Source: global traffic	TCP traffic: 192.168.2.22:49559 -> 123.245.248.16:8089
Source: global traffic	TCP traffic: 192.168.2.22:49560 -> 123.171.1.3:8089
Source: global traffic	TCP traffic: 192.168.2.22:49565 -> 201.218.144.137:999
Source: global traffic	TCP traffic: 192.168.2.22:49566 -> 183.230.198.80:9091
Source: global traffic	TCP traffic: 192.168.2.22:49567 -> 61.133.66.69:9002
Source: global traffic	TCP traffic: 192.168.2.22:49569 -> 111.225.152.46:8089
Source: global traffic	TCP traffic: 192.168.2.22:49570 -> 117.40.176.42:9091
Source: global traffic	TCP traffic: 192.168.2.22:49571 -> 190.9.109.166:999
Source: global traffic	TCP traffic: 192.168.2.22:49573 -> 176.118.50.239:53281
Source: global traffic	TCP traffic: 192.168.2.22:49574 -> 167.250.50.14:999
Source: global traffic	TCP traffic: 192.168.2.22:49575 -> 223.100.178.167:9091
Source: global traffic	TCP traffic: 192.168.2.22:49577 -> 80.98.44.23:8080
Source: global traffic	TCP traffic: 192.168.2.22:49583 -> 223.215.177.246:8089
Source: global traffic	TCP traffic: 192.168.2.22:49586 -> 103.118.46.12:32650
Source: global traffic	TCP traffic: 192.168.2.22:49587 -> 171.34.53.2:9091
Source: global traffic	TCP traffic: 192.168.2.22:49591 -> 112.16.127.69:9002
Source: global traffic	TCP traffic: 192.168.2.22:49592 -> 101.51.55.153:8080
Source: global traffic	TCP traffic: 192.168.2.22:49596 -> 112.250.110.172:9091
Source: global traffic	TCP traffic: 192.168.2.22:49598 -> 216.74.255.182:8080
Source: global traffic	TCP traffic: 192.168.2.22:49599 -> 45.234.2.250:9898
Source: global traffic	TCP traffic: 192.168.2.22:49602 -> 184.105.182.254:3128
Source: global traffic	TCP traffic: 192.168.2.22:49603 -> 220.248.70.237:9002
Source: global traffic	TCP traffic: 192.168.2.22:49605 -> 120.236.67.189:9002
Source: global traffic	TCP traffic: 192.168.2.22:49607 -> 125.17.80.228:8080
Source: global traffic	TCP traffic: 192.168.2.22:49608 -> 120.194.4.155:5443
Source: global traffic	TCP traffic: 192.168.2.22:49609 -> 47.92.248.197:20002
Source: global traffic	TCP traffic: 192.168.2.22:49613 -> 43.136.86.48:8080
Source: global traffic	TCP traffic: 192.168.2.22:49615 -> 65.0.160.35:8080
Source: global traffic	TCP traffic: 192.168.2.22:49618 -> 27.147.209.215:8080
Source: global traffic	TCP traffic: 192.168.2.22:49620 -> 103.4.94.2:8080
Source: global traffic	TCP traffic: 192.168.2.22:49621 -> 117.160.250.138:81
Source: global traffic	TCP traffic: 192.168.2.22:49622 -> 170.244.25.194:8888
Source: global traffic	TCP traffic: 192.168.2.22:49624 -> 182.253.246.249:8080
Source: global traffic	TCP traffic: 192.168.2.22:49628 -> 62.33.207.201:3128
Source: global traffic	TCP traffic: 192.168.2.22:49630 -> 183.239.62.59:9091
Source: global traffic	TCP traffic: 192.168.2.22:49633 -> 191.97.9.186:999
Source: global traffic	TCP traffic: 192.168.2.22:49635 -> 190.119.122.131:999
Source: global traffic	TCP traffic: 192.168.2.22:49636 -> 45.70.85.79:8080
Source: global traffic	TCP traffic: 192.168.2.22:49637 -> 118.100.180.50:8080
Source: global traffic	TCP traffic: 192.168.2.22:49638 -> 150.230.11.81:8080
Source: global traffic	TCP traffic: 192.168.2.22:49639 -> 118.99.96.173:8080
Source: global traffic	TCP traffic: 192.168.2.22:49640 -> 35.230.42.148:3128
Source: global traffic	TCP traffic: 192.168.2.22:49641 -> 223.112.174.62:9091
Source: global traffic	TCP traffic: 192.168.2.22:49644 -> 45.6.201.255:8080
Source: global traffic	TCP traffic: 192.168.2.22:49647 -> 167.235.154.203:8080
Source: global traffic	TCP traffic: 192.168.2.22:49650 -> 120.237.144.200:9091
Source: global traffic	TCP traffic: 192.168.2.22:49651 -> 121.42.233.132:81
Source: global traffic	TCP traffic: 192.168.2.22:49652 -> 45.174.172.201:999
Source: global traffic	TCP traffic: 192.168.2.22:49653 -> 170.83.242.249:999
Source: global traffic	TCP traffic: 192.168.2.22:49654 -> 103.154.120.107:8080
Source: global traffic	TCP traffic: 192.168.2.22:49656 -> 183.234.218.205:9002
Source: global traffic	TCP traffic: 192.168.2.22:49658 -> 202.154.18.13:8080
Source: global traffic	TCP traffic: 192.168.2.22:49662 -> 94.231.192.97:8080
Source: global traffic	TCP traffic: 192.168.2.22:49664 -> 113.57.84.39:9091
Source: global traffic	TCP traffic: 192.168.2.22:49665 -> 117.160.250.137:82
Source: global traffic	TCP traffic: 192.168.2.22:49666 -> 195.182.152.238:38178
Source: global traffic	TCP traffic: 192.168.2.22:49669 -> 165.225.210.219:10515
Source: global traffic	TCP traffic: 192.168.2.22:49671 -> 103.175.156.142:8080
Source: global traffic	TCP traffic: 192.168.2.22:49673 -> 183.173.130.22:4780
Source: global traffic	TCP traffic: 192.168.2.22:49674 -> 89.239.149.51:8080
Source: global traffic	TCP traffic: 192.168.2.22:49677 -> 193.175.196.212:3128
Source: global traffic	TCP traffic: 192.168.2.22:49687 -> 27.157.228.49:8089
Source: global traffic	TCP traffic: 192.168.2.22:49688 -> 118.186.17.243:39665
Source: global traffic	TCP traffic: 192.168.2.22:49689 -> 152.69.197.238:8080
Source: global traffic	TCP traffic: 192.168.2.22:49692 -> 123.159.126.14:8085
Source: global traffic	TCP traffic: 192.168.2.22:49693 -> 103.169.42.250:8080
Source: global traffic	TCP traffic: 192.168.2.22:49694 -> 54.90.133.46:9999
Source: global traffic	TCP traffic: 192.168.2.22:49696 -> 120.236.79.139:9002
Source: global traffic	TCP traffic: 192.168.2.22:49697 -> 111.21.183.58:9091
Source: global traffic	TCP traffic: 192.168.2.22:49700 -> 103.118.44.148:8080
Source: global traffic	TCP traffic: 192.168.2.22:49704 -> 103.175.46.53:3125
Source: global traffic	TCP traffic: 192.168.2.22:49705 -> 111.225.152.2:8089
Source: global traffic	TCP traffic: 192.168.2.22:49713 -> 117.160.250.134:8828
Source: global traffic	TCP traffic: 192.168.2.22:49717 -> 39.101.65.228:3128
Source: global traffic	TCP traffic: 192.168.2.22:49718 -> 123.182.58.127:8089
Source: global traffic	TCP traffic: 192.168.2.22:49721 -> 46.161.195.105:1976
Source: global traffic	TCP traffic: 192.168.2.22:49724 -> 183.220.6.198:9091
Source: global traffic	TCP traffic: 192.168.2.22:49729 -> 152.70.137.111:8080
Source: global traffic	TCP traffic: 192.168.2.22:49730 -> 114.99.2.7:8089
Source: global traffic	TCP traffic: 192.168.2.22:49734 -> 120.24.33.141:8000
Source: global traffic	TCP traffic: 192.168.2.22:49735 -> 123.171.1.27:8089
Source: global traffic	TCP traffic: 192.168.2.22:49740 -> 114.7.124.130:3128
Source: global traffic	TCP traffic: 192.168.2.22:49741 -> 81.16.245.179:53281
Source: global traffic	TCP traffic: 192.168.2.22:49749 -> 143.0.67.18:8080
Source: global traffic	TCP traffic: 192.168.2.22:49750 -> 8.134.139.219:8080
Source: global traffic	TCP traffic: 192.168.2.22:49751 -> 221.6.215.202:9091
Source: global traffic	TCP traffic: 192.168.2.22:49752 -> 110.16.77.101:8082
Source: global traffic	TCP traffic: 192.168.2.22:49753 -> 121.89.218.157:3128
Source: global traffic	TCP traffic: 192.168.2.22:49754 -> 111.40.124.221:9091
Source: global traffic	TCP traffic: 192.168.2.22:49761 -> 200.123.29.36:3128
Source: global traffic	TCP traffic: 192.168.2.22:49762 -> 124.90.14.209:8085
Source: global traffic	TCP traffic: 192.168.2.22:49763 -> 58.18.223.211:9002
Source: global traffic	TCP traffic: 192.168.2.22:49767 -> 37.58.4.38:8080
Source: global traffic	TCP traffic: 192.168.2.22:49768 -> 139.162.78.109:3128
Source: global traffic	TCP traffic: 192.168.2.22:49771 -> 138.2.46.155:8080
Source: global traffic	TCP traffic: 192.168.2.22:49772 -> 201.20.110.54:55443
Source: global traffic	TCP traffic: 192.168.2.22:49773 -> 117.54.106.241:8080
Source: global traffic	TCP traffic: 192.168.2.22:49777 -> 43.129.223.147:38080
Source: global traffic	TCP traffic: 192.168.2.22:49779 -> 45.7.177.204:34234
Source: global traffic	TCP traffic: 192.168.2.22:49780 -> 27.115.36.154:9002
Source: global traffic	TCP traffic: 192.168.2.22:49781 -> 103.25.167.130:3129
Source: global traffic	TCP traffic: 192.168.2.22:49782 -> 123.60.175.183:8888
Source: global traffic	TCP traffic: 192.168.2.22:49783 -> 123.171.1.75:8089
Source: global traffic	TCP traffic: 192.168.2.22:49785 -> 138.117.84.123:999
Source: global traffic	TCP traffic: 192.168.2.22:49786 -> 123.182.58.16:8089
Source: global traffic	TCP traffic: 192.168.2.22:49787 -> 154.236.168.179:1981
Source: global traffic	TCP traffic: 192.168.2.22:49789 -> 45.233.67.226:999
Source: global traffic	TCP traffic: 192.168.2.22:49790 -> 5.160.121.142:8080
Source: global traffic	TCP traffic: 192.168.2.22:49791 -> 222.211.65.193:9090
Source: global traffic	TCP traffic: 192.168.2.22:49793 -> 123.171.1.224:8089
Source: global traffic	TCP traffic: 192.168.2.22:49794 -> 116.196.124.149:6666
Source: global traffic	TCP traffic: 192.168.2.22:49798 -> 103.11.106.48:8080
Source: global traffic	TCP traffic: 192.168.2.22:49800 -> 93.1.195.28:8080
Source: global traffic	TCP traffic: 192.168.2.22:49802 -> 103.118.46.176:8080
Source: global traffic	TCP traffic: 192.168.2.22:49803 -> 123.54.16.53:9002
Source: global traffic	TCP traffic: 192.168.2.22:49804 -> 103.145.149.62:8080
Source: global traffic	TCP traffic: 192.168.2.22:49807 -> 111.225.152.193:8089
Source: global traffic	TCP traffic: 192.168.2.22:49812 -> 179.43.8.16:8088
Source: global traffic	TCP traffic: 192.168.2.22:49813 -> 111.225.152.71:8089
Source: global traffic	TCP traffic: 192.168.2.22:49814 -> 120.224.145.187:9091
Source: global traffic	TCP traffic: 192.168.2.22:49816 -> 222.190.208.239:8089
Source: global traffic	TCP traffic: 192.168.2.22:49817 -> 109.86.215.149:8080
Source: global traffic	TCP traffic: 192.168.2.22:49819 -> 103.125.117.50:8080
Source: global traffic	TCP traffic: 192.168.2.22:49822 -> 47.107.61.215:8000
Source: global traffic	TCP traffic: 192.168.2.22:49824 -> 186.248.77.172:8080
Source: global traffic	TCP traffic: 192.168.2.22:49826 -> 114.113.116.67:9091
Source: global traffic	TCP traffic: 192.168.2.22:49827 -> 116.203.201.82:8443
Source: global traffic	TCP traffic: 192.168.2.22:49831 -> 103.171.83.174:3125
Source: global traffic	TCP traffic: 192.168.2.22:49832 -> 191.102.107.234:999
Source: global traffic	TCP traffic: 192.168.2.22:49833 -> 161.35.214.127:35473
Source: global traffic	TCP traffic: 192.168.2.22:49834 -> 181.129.43.3:8080
Source: global traffic	TCP traffic: 192.168.2.22:49835 -> 125.25.33.232:8080
Source: global traffic	TCP traffic: 192.168.2.22:49836 -> 223.84.240.36:9091
Source: global traffic	TCP traffic: 192.168.2.22:49837 -> 45.174.92.112:999
Source: global traffic	TCP traffic: 192.168.2.22:49838 -> 123.245.250.35:8089
Source: global traffic	TCP traffic: 192.168.2.22:49840 -> 117.158.173.216:9091
Source: global traffic	TCP traffic: 192.168.2.22:49841 -> 158.58.187.27:3128
Source: global traffic	TCP traffic: 192.168.2.22:49842 -> 64.119.29.22:8080
Source: global traffic	TCP traffic: 192.168.2.22:49843 -> 120.234.203.171:9002
Source: global traffic	TCP traffic: 192.168.2.22:49844 -> 101.255.85.122:8080
Source: global traffic	TCP traffic: 192.168.2.22:49849 -> 111.225.153.43:8089
Source: global traffic	TCP traffic: 192.168.2.22:49851 -> 190.60.37.243:999
Source: global traffic	TCP traffic: 192.168.2.22:49852 -> 112.6.178.53:8085
Source: global traffic	TCP traffic: 192.168.2.22:49854 -> 76.169.129.241:8080
Source: global traffic	TCP traffic: 192.168.2.22:49856 -> 110.232.66.209:808
Source: global traffic	TCP traffic: 192.168.2.22:49857 -> 45.114.145.108:32650
Source: global traffic	TCP traffic: 192.168.2.22:49860 -> 170.231.55.114:999
Source: global traffic	TCP traffic: 192.168.2.22:49864 -> 120.40.213.199:8089
Source: global traffic	TCP traffic: 192.168.2.22:49874 -> 181.205.2.122:8080
Source: global traffic	TCP traffic: 192.168.2.22:49876 -> 103.168.247.1:8080
Source: global traffic	TCP traffic: 192.168.2.22:49877 -> 103.78.54.18:8080
Source: global traffic	TCP traffic: 192.168.2.22:49880 -> 191.97.61.115:999
Source: global traffic	TCP traffic: 192.168.2.22:49881 -> 130.41.109.158:8080
Source: global traffic	TCP traffic: 192.168.2.22:49883 -> 120.236.74.212:9002
Source: global traffic	TCP traffic: 192.168.2.22:49884 -> 185.194.11.180:8080
Source: global traffic	TCP traffic: 192.168.2.22:49888 -> 183.164.245.190:8089
Source: global traffic	TCP traffic: 192.168.2.22:49893 -> 183.164.244.227:8089
Source: global traffic	TCP traffic: 192.168.2.22:49896 -> 183.238.165.170:9002
Source: global traffic	TCP traffic: 192.168.2.22:49898 -> 147.78.169.80:800
Source: global traffic	TCP traffic: 192.168.2.22:49900 -> 202.110.67.141:9091
Source: global traffic	TCP traffic: 192.168.2.22:49902 -> 41.57.154.35:6060
Source: global traffic	TCP traffic: 192.168.2.22:49904 -> 181.209.124.10:999
Source: global traffic	TCP traffic: 192.168.2.22:49907 -> 139.159.176.147:8090
Source: global traffic	TCP traffic: 192.168.2.22:49915 -> 178.236.223.250:8080
Source: global traffic	TCP traffic: 192.168.2.22:49916 -> 210.22.161.86:9002
Source: global traffic	TCP traffic: 192.168.2.22:49922 -> 212.42.103.178:8080
Source: global traffic	TCP traffic: 192.168.2.22:49923 -> 124.90.208.246:8085
Source: global traffic	TCP traffic: 192.168.2.22:49925 -> 111.40.11.204:9091
Source: global traffic	TCP traffic: 192.168.2.22:49928 -> 111.225.153.77:8089
Source: global traffic	TCP traffic: 192.168.2.22:49929 -> 200.24.147.66:999
Source: global traffic	TCP traffic: 192.168.2.22:49930 -> 91.196.148.56:10000
Source: global traffic	TCP traffic: 192.168.2.22:49936 -> 185.71.233.113:8080
Source: global traffic	TCP traffic: 192.168.2.22:49940 -> 112.17.173.55:9091
Source: global traffic	TCP traffic: 192.168.2.22:49941 -> 41.60.235.79:8080
Source: global traffic	TCP traffic: 192.168.2.22:49942 -> 150.242.108.202:3128
Source: global traffic	TCP traffic: 192.168.2.22:49943 -> 191.102.107.235:999
Source: global traffic	TCP traffic: 192.168.2.22:49944 -> 187.102.236.209:999
Source: global traffic	TCP traffic: 192.168.2.22:49947 -> 223.94.85.131:9091
Source: global traffic	TCP traffic: 192.168.2.22:49952 -> 136.243.19.90:3128
Source: global traffic	TCP traffic: 192.168.2.22:49954 -> 111.40.62.176:9091
Source: global traffic	TCP traffic: 192.168.2.22:49957 -> 103.153.66.1:8080
Source: global traffic	TCP traffic: 192.168.2.22:49958 -> 45.224.119.10:999
Source: global traffic	TCP traffic: 192.168.2.22:49961 -> 180.247.132.122:8080
Source: global traffic	TCP traffic: 192.168.2.22:49963 -> 217.21.214.139:8080
Source: global traffic	TCP traffic: 192.168.2.22:49965 -> 111.225.153.56:8089
Source: global traffic	TCP traffic: 192.168.2.22:49970 -> 60.214.154.2:59220
Source: global traffic	TCP traffic: 192.168.2.22:49971 -> 218.7.171.91:3128
Source: global traffic	TCP traffic: 192.168.2.22:49972 -> 79.106.165.246:8989
Source: global traffic	TCP traffic: 192.168.2.22:49974 -> 176.112.157.19:8080
Source: global traffic	TCP traffic: 192.168.2.22:49977 -> 154.236.177.123:1981
Source: global traffic	TCP traffic: 192.168.2.22:49980 -> 117.160.250.131:8081
Source: global traffic	TCP traffic: 192.168.2.22:49981 -> 91.205.196.188:8080
Source: global traffic	TCP traffic: 192.168.2.22:49982 -> 121.204.165.184:9002
Source: global traffic	TCP traffic: 192.168.2.22:49983 -> 38.56.70.59:999
Source: global traffic	TCP traffic: 192.168.2.22:49985 -> 112.245.48.74:9002
Source: global traffic	TCP traffic: 192.168.2.22:49990 -> 117.149.0.14:9091
Source: global traffic	TCP traffic: 192.168.2.22:49992 -> 41.33.254.186:1976
Source: global traffic	TCP traffic: 192.168.2.22:49993 -> 112.103.198.145:9002
Source: global traffic	TCP traffic: 192.168.2.22:49995 -> 117.146.231.40:9002
Source: global traffic	TCP traffic: 192.168.2.22:49997 -> 200.106.187.246:999
Source: global traffic	TCP traffic: 192.168.2.22:49998 -> 102.68.128.211:8080
Source: global traffic	TCP traffic: 192.168.2.22:50001 -> 183.164.244.18:8089
Source: global traffic	TCP traffic: 192.168.2.22:50004 -> 5.75.253.146:8080
Source: global traffic	TCP traffic: 192.168.2.22:50005 -> 109.111.251.158:6666
Source: global traffic	TCP traffic: 192.168.2.22:50008 -> 23.94.182.204:64646
Source: global traffic	TCP traffic: 192.168.2.22:50010 -> 113.143.37.82:9002
Source: global traffic	TCP traffic: 192.168.2.22:50012 -> 120.34.231.87:8089
Source: global traffic	TCP traffic: 192.168.2.22:50013 -> 222.190.208.207:8089
Source: global traffic	TCP traffic: 192.168.2.22:50016 -> 36.6.158.128:8089
Source: global traffic	TCP traffic: 192.168.2.22:50019 -> 110.78.164.224:8080
Source: global traffic	TCP traffic: 192.168.2.22:50022 -> 194.1.250.56:8080
Source: global traffic	TCP traffic: 192.168.2.22:50025 -> 103.92.26.190:4002
Source: global traffic	TCP traffic: 192.168.2.22:50026 -> 60.6.237.112:9002
Source: global traffic	TCP traffic: 192.168.2.22:50027 -> 124.90.208.45:8085
Source: global traffic	TCP traffic: 192.168.2.22:50028 -> 154.16.180.182:3128
Source: global traffic	TCP traffic: 192.168.2.22:50032 -> 103.155.217.105:41416
Source: global traffic	TCP traffic: 192.168.2.22:50033 -> 41.65.236.44:1976
Source: global traffic	TCP traffic: 192.168.2.22:50035 -> 115.127.122.100:8080
Source: global traffic	TCP traffic: 192.168.2.22:50036 -> 38.10.69.102:9090
Source: global traffic	TCP traffic: 192.168.2.22:50041 -> 203.189.142.168:53281
Source: global traffic	TCP traffic: 192.168.2.22:50047 -> 138.2.51.152:8080
Source: global traffic	TCP traffic: 192.168.2.22:50051 -> 120.236.66.134:9002
Source: global traffic	TCP traffic: 192.168.2.22:50052 -> 116.111.133.135:4005
Source: global traffic	TCP traffic: 192.168.2.22:50056 -> 103.36.11.134:8181
Source: global traffic	TCP traffic: 192.168.2.22:50058 -> 178.253.241.43:8080
Source: global traffic	TCP traffic: 192.168.2.22:50059 -> 45.184.155.3:999
Source: global traffic	TCP traffic: 192.168.2.22:50060 -> 62.201.212.214:8080
Source: global traffic	TCP traffic: 192.168.2.22:50066 -> 124.122.2.61:8080
Source: global traffic	TCP traffic: 192.168.2.22:50069 -> 125.66.100.112:9091
Source: global traffic	TCP traffic: 192.168.2.22:50070 -> 183.238.163.8:9002
Source: global traffic	TCP traffic: 192.168.2.22:50072 -> 171.244.10.75:1911
Source: global traffic	TCP traffic: 192.168.2.22:50073 -> 112.53.167.29:9091
Source: global traffic	TCP traffic: 192.168.2.22:50074 -> 144.91.75.133:3128
Source: global traffic	TCP traffic: 192.168.2.22:50075 -> 146.70.81.248:8080
Source: global traffic	TCP traffic: 192.168.2.22:50080 -> 223.113.80.158:9091
Source: global traffic	TCP traffic: 192.168.2.22:50082 -> 202.8.74.10:8080
Source: global traffic	TCP traffic: 192.168.2.22:50083 -> 37.53.103.4:3128
Source: global traffic	TCP traffic: 192.168.2.22:50084 -> 180.119.94.135:8089
Source: global traffic	TCP traffic: 192.168.2.22:50085 -> 202.180.54.212:8080
Source: global traffic	TCP traffic: 192.168.2.22:50090 -> 46.246.86.12:8118
Source: global traffic	TCP traffic: 192.168.2.22:50091 -> 114.237.209.2:8089
Source: global traffic	TCP traffic: 192.168.2.22:50092 -> 123.182.58.217:8089
Source: global traffic	TCP traffic: 192.168.2.22:50095 -> 93.94.178.70:8080
Source: global traffic	TCP traffic: 192.168.2.22:50102 -> 208.180.105.70:8080
Source: global traffic	TCP traffic: 192.168.2.22:50109 -> 121.230.211.182:8089
Source: global traffic	TCP traffic: 192.168.2.22:50110 -> 119.8.27.129:3128
Source: global traffic	TCP traffic: 192.168.2.22:50111 -> 45.113.64.29:3129
Source: global traffic	TCP traffic: 192.168.2.22:50114 -> 170.244.26.206:8888
Source: global traffic	TCP traffic: 192.168.2.22:50118 -> 119.7.135.19:9091
Source: global traffic	TCP traffic: 192.168.2.22:50124 -> 27.157.230.166:8089
Source: global traffic	TCP traffic: 192.168.2.22:50126 -> 69.94.136.71:8443
Source: global traffic	TCP traffic: 192.168.2.22:50127 -> 111.8.226.107:9091
Source: global traffic	TCP traffic: 192.168.2.22:50128 -> 112.54.47.55:9091
Source: global traffic	TCP traffic: 192.168.2.22:50132 -> 103.105.76.183:8080
Source: global traffic	TCP traffic: 192.168.2.22:50134 -> 61.183.234.226:9091
Source: global traffic	TCP traffic: 192.168.2.22:50135 -> 183.221.242.102:9443
Source: global traffic	TCP traffic: 192.168.2.22:50137 -> 1.0.170.50:8080
Source: global traffic	UDP traffic: 192.168.2.22:19730 -> 43.143.201.4:23333

Source: unknown

Network traffic detected: IP country count 29

Source: Joe Sandbox View

JA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d

Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49185 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49219 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49254 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49271 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49300 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49331 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49361 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49378 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49408 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49439 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49469 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49503 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49528 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49558 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49588 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49617 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49646 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49670 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49699 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49728 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49758 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49788 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49818 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49847 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49878 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49909 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49938 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:49969 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:50000 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:50046 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:50063 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:50093 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.234.22.159:443 -> 192.168.2.22:50123 version: TLS 1.0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49469
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49588
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 49246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49528 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49558 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49617
Source: unknown	Network traffic detected: HTTP traffic on port 49271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49219
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49378
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49254
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49597 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 49503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49408
Source: unknown	Network traffic detected: HTTP traffic on port 49439 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49528
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49646
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49246
Source: unknown	Network traffic detected: HTTP traffic on port 49588 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49361
Source: unknown	Network traffic detected: HTTP traffic on port 49670 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49646 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49439
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49558
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49631
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49597
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49670
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49271
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 49469 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49617 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49631 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49503

Source: unknown	TCP traffic detected without corresponding DNS query: 45.174.87.18
Source: unknown	TCP traffic detected without corresponding DNS query: 46.229.73.19
Source: unknown	TCP traffic detected without corresponding DNS query: 45.174.87.18
Source: unknown	TCP traffic detected without corresponding DNS query: 45.174.87.18
Source: unknown	TCP traffic detected without corresponding DNS query: 123.207.26.110
Source: unknown	TCP traffic detected without corresponding DNS query: 58.57.170.154
Source: unknown	TCP traffic detected without corresponding DNS query: 120.195.150.91
Source: unknown	TCP traffic detected without corresponding DNS query: 58.57.170.154
Source: unknown	TCP traffic detected without corresponding DNS query: 58.57.170.154
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.124.241
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.124.241
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.124.241
Source: unknown	TCP traffic detected without corresponding DNS query: 167.99.236.14
Source: unknown	TCP traffic detected without corresponding DNS query: 58.57.170.154
Source: unknown	TCP traffic detected without corresponding DNS query: 58.57.170.154
Source: unknown	TCP traffic detected without corresponding DNS query: 167.99.236.14
Source: unknown	TCP traffic detected without corresponding DNS query: 167.99.236.14
Source: unknown	TCP traffic detected without corresponding DNS query: 120.195.150.91
Source: unknown	TCP traffic detected without corresponding DNS query: 120.195.150.91
Source: unknown	TCP traffic detected without corresponding DNS query: 103.123.64.234
Source: unknown	TCP traffic detected without corresponding DNS query: 23.99.68.187
Source: unknown	TCP traffic detected without corresponding DNS query: 74.208.177.198
Source: unknown	TCP traffic detected without corresponding DNS query: 23.99.68.187
Source: unknown	TCP traffic detected without corresponding DNS query: 23.99.68.187
Source: unknown	TCP traffic detected without corresponding DNS query: 120.195.150.91
Source: unknown	TCP traffic detected without corresponding DNS query: 120.195.150.91
Source: unknown	TCP traffic detected without corresponding DNS query: 106.14.47.96
Source: unknown	TCP traffic detected without corresponding DNS query: 74.208.177.198
Source: unknown	TCP traffic detected without corresponding DNS query: 74.208.177.198
Source: unknown	TCP traffic detected without corresponding DNS query: 195.190.144.6
Source: unknown	TCP traffic detected without corresponding DNS query: 195.190.144.6
Source: unknown	TCP traffic detected without corresponding DNS query: 195.190.144.6
Source: unknown	TCP traffic detected without corresponding DNS query: 70.65.108.90
Source: unknown	TCP traffic detected without corresponding DNS query: 106.14.47.96
Source: unknown	TCP traffic detected without corresponding DNS query: 106.14.47.96
Source: unknown	TCP traffic detected without corresponding DNS query: 222.247.57.67
Source: unknown	TCP traffic detected without corresponding DNS query: 83.243.92.154
Source: unknown	TCP traffic detected without corresponding DNS query: 83.243.92.154
Source: unknown	TCP traffic detected without corresponding DNS query: 83.243.92.154
Source: unknown	TCP traffic detected without corresponding DNS query: 83.243.92.154
Source: unknown	TCP traffic detected without corresponding DNS query: 83.243.92.154
Source: unknown	TCP traffic detected without corresponding DNS query: 106.14.47.96
Source: unknown	TCP traffic detected without corresponding DNS query: 195.190.144.6
Source: unknown	TCP traffic detected without corresponding DNS query: 58.20.235.231
Source: unknown	TCP traffic detected without corresponding DNS query: 41.76.156.90
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.124.241
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.124.241
Source: unknown	TCP traffic detected without corresponding DNS query: 58.20.235.231
Source: unknown	TCP traffic detected without corresponding DNS query: 167.99.236.14
Source: unknown	TCP traffic detected without corresponding DNS query: 45.174.87.18

Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:00:33 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: 61b735be1fdc92ea56cc33176332fb12Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:00:40 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: 335198f5eb7cfbbca2de82a6171ba532Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:00:45 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: ca226ac152f5bf9581e47c8e6cefb92bServer: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:00:52 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: 93a0556ff18989163eb996526e40595dServer: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:00:59 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: de6e58d107eed8a3f8c59addb451b739Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:01:05 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: 446a24dc57b1785d66294e6dc5846e1bServer: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:01:12 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: c61deef5ab3103ac2eb84d613a74e5c3Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:01:19 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: 659b8ebdbae33c8f34717e884938d534Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:01:26 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: dfe5422c9e0b253378f2338f3ec6bc73Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:01:32 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: e98737b5e5c0a0046c378d07c1683777Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:01:39 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: 1d753bfb0097a1d1d3754dcb9ba6adb5Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:01:45 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: 831879ee5afd79cfbafeb7b9204788faServer: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:01:52 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: c10593331a2f092f6480ac3a6c6fd199Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:01:58 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: be6449a7442a96ad180038afb2937385Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:02:04 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: c1afc69711e97ad60c2ecae07d011b45Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:02:11 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: e1e8e511f84a2a29f3c54dcf89177b12Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:02:20 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: 3e2955b20e73768d29c0660bbcf43ceaServer: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:02:27 GMTContent-Type: text/htmlContent-Length: 562Connection: closeX-Request-Id: 8103ab3197e1ce9c62b18af5e28af289Server: WAF
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=3e0c9eda-bd01-11ed-9100-0200170e6498; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:00:55 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Tue, 07 Mar 2023 16:00:56 GMTContent-Type: text/html;charset=utf-8Content-Length: 948X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 69 64 75 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 69 64 75 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 54 75 65 2c 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Tue, 07 Mar 2023 16:00:56 GMTContent-Type: text/html;charset=utf-8Content-Length: 948X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 69 64 75 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 69 64 75 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 54 75 65 2c 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: MyWebServer/3.8.40 Unicode (By TGY)Date: Tue, 07 Mar 2023 16:00:59 GMTContent-Type: text/html; Charset=GB2312Content-Length: 154Connection: Keep-AliveData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 3e 3c 68 33 3e 4d 79 57 65 62 53 65 72 76 65 72 2f 33 2e 38 2e 34 30 20 55 6e 69 63 6f 64 65 20 28 42 79 20 54 47 59 29 3c 2f 68 33 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1><hr><h3>MyWebServer/3.8.40 Unicode (By TGY)</h3></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=475fb970-bd01-11ed-8a89-02001702d424; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:01:10 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=497c2316-bd01-11ed-97d7-020017005143; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:01:14 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Tue, 07 Mar 2023 16:01:29 GMTContent-Type: text/html;charset=utf-8Content-Length: 948X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 69 64 75 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 69 64 75 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 54 75 65 2c 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=52a24667-bd01-11ed-8a89-02001702d424; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:01:29 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=53f64e54-bd01-11ed-9869-02001700027b; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:01:31 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlServer: Zscaler/6.2Cache-Control: no-cacheAccess-Control-Allow-Origin: *Content-length: 13604Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 61 6c 65 72 74 68 72 65 65 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Tue, 07 Mar 2023 16:01:37 GMTContent-Type: text/html;charset=utf-8Content-Length: 948X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 69 64 75 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 69 64 75 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 54 75 65 2c 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=5a900ca1-bd01-11ed-81f1-0200170b49c6; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:01:43 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=5d8aa353-bd01-11ed-bf2a-020017007e78; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:01:48 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=5ebfe8eb-bd01-11ed-a804-0242ac110003; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:01:50 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=5ebfe8eb-bd01-11ed-a804-0242ac110003; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:01:50 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlServer: Zscaler/6.2Cache-Control: no-cacheAccess-Control-Allow-Origin: *Content-length: 13604Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 61 6c 65 72 74 68 72 65 65 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=5ebfe8eb-bd01-11ed-a804-0242ac110003; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:01:50 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.20Mime-Version: 1.0Date: Tue, 07 Mar 2023 16:01:55 GMTContent-Type: text/html;charset=utf-8Content-Length: 3707X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>E
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.20Mime-Version: 1.0Date: Tue, 07 Mar 2023 16:01:58 GMTContent-Type: text/html;charset=utf-8Content-Length: 3707X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=64c74d9c-bd01-11ed-81f1-0200170b49c6; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:02:00 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.20Mime-Version: 1.0Date: Tue, 07 Mar 2023 16:02:01 GMTContent-Type: text/html;charset=utf-8Content-Length: 3707X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=6d0f8c7a-bd01-11ed-a804-0242ac110003; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:02:14 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=6fa166d4-bd01-11ed-9100-0200170e6498; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:02:18 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=6ed31379-bd01-11ed-a576-020017003c9b; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Tue, 07 Mar 2023 16:02:17 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Mar 2023 16:02:24 GMTServer: ApacheContent-Length: 199Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>

Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://38.51.232.23:8080
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1123707532.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125938877.0000000004666000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125814726.00000000059AC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125401506.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.00000000045A6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsrsaovsslca2018.crl0
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045A6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1123707532.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125938877.0000000004666000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125401506.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.00000000045A6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045A6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1123707532.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125938877.0000000004666000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125401506.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.00000000045A6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root.crl0G
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://e.baidu.com/ebaidu/home?refer=887
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fanyi.baidu.com/
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943768238.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944212713.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hi.baidu.com/
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://image.baidu.com/
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://image.baidu.com/i?tn=baiduimage&ps=1&ct=201326592&lm=-1&cl=2&nc=1&ie=
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ir.baidu.com
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://map.baidu.com
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://music.taihe.com
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://news.baidu.com
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0%
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0-
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0/
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com05
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net0D
Source: UrQrIdRfCg.exe, 00000001.00000003.1123707532.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125938877.0000000004666000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125814726.00000000059AC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125401506.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.00000000045A6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsrsaovsslca20180V
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045A6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1123707532.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125938877.0000000004666000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125401506.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.00000000045A6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.global
Source: UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1123707532.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125938877.0000000004666000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125401506.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.00000000045A6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943768238.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944212713.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://passport.baidu.com/?login&tpl=super&u=
Source: UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://passport.baidu.com/ubr
Source: UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://passport.baidu.com/ubrwsb
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943768238.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944212713.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://passport.baidu.com/ubrwsbas
Source: UrQrIdRfCg.exe, 00000001.00000003.1123707532.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125938877.0000000004666000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125814726.00000000059AC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125401506.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.00000000045A6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt07
Source: UrQrIdRfCg.exe, 00000001.00000003.944212713.0000000004810000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suggestion.baidu.com/su
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com/
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com/f?fr=wwwt
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v.baidu.com/v?ct=301989888&rn=20&pn=0&db=0&s=25&ie=utf-8
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wenku.baidu.com/search?lm=0&od=0&ie=utf-8
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935809257.0000000004D20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/baidu.html?from=noscript
Source: UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/more/
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11000002000001
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: UrQrIdRfCg.exe, 00000001.00000000.898262416.00000000004D0000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.eyuyan.com)DVarFileInfo$
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xueshu.baidu.com/
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhidao.baidu.com/q?ct=17&pn=0&tn=ikaslist&rn=10&fr=wwwt
Source: UrQrIdRfCg.exe, 00000001.00000000.898234427.000000000048D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://api.proxyscrape.com/v2/?request=getproxies&protocol=http&timeout=10000&country=all&ssl=all&a
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2b.baidu.com/s?fr=wwwt
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://beian.miit.gov.cn
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odC
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943768238.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944212713.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/css/ubase_sync-d600f57804.css?v=md5
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/font/iconfont-4530e108b6.ttf
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/font/iconfont-74fcdd51ab.svg#iconfont
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/font/iconfont-840387fb42.woff
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935809257.0000000004D20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/font/iconfont-cdfecb8456.eot
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935809257.0000000004D20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/font/iconfont-cdfecb8456.eot?#iefix
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935809257.0000000004D20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/font/iconfont-fa013548a9.woff2
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/guide_new/arrow-left-a7b272965a.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/guide_new/arrow-right-69f7969669.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/guide_new/arrow-top-d81f5f8843.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/hot_search/pop_tri
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/hot_search/pop_tri-a656a7d535.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/icons-441e82fb11.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/icons-d5b04cc545.gif
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/logos/bdbri_icons.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/logos/fengyunbang-1986a40079.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/logos/image-55b5909a30.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/logos/qqjt-9809ca806e.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/logos/wenku-aaf198d89f.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/logos/yingxiao-b585c1ec7d.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/logos/zhidao-cbf2affcac.png
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/qrcode/qrcode
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/qrcode/qrcode-hover
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/searchbox/nicon-10750f3f7d.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/searchbox/nicon-2x-6258e1cf13.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/spis7-d578e7ff4b.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/sugbg-1762fe7cb1.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/sugbg-90fc9cf8c8.gif
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/sx
Source: UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newba
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newbaike-889054f349.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newfanyi-da0cea8f7e.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newjiankang-f03b804b4b.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newwenku-d8c9b7b0fb.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newxueshuicon-a5314d5c83.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newyinyue-03ecd1e9b9.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newzhibo-a6a0831ecd.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newzhidao-da1cf444b0.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/yingxiaoicon-612169cc36.png
Source: UrQrIdRfCg.exe, 00000001.00000003.949208130.0000000005A9C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/js/components/hotsearch-5af0f864cf.js
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944212713.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/js/lib/esl-d776bfb1aa.js
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944212713.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/js/lib/jquery-1-edb203c114.10.2.js
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1123707532.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125938877.0000000004666000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125401506.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.0000000005A9C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/js/min_super-aad56eb874.js
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/js/polyfill-ie8-30f98ab294.js
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1123707532.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125938877.0000000004666000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125401506.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.0000000005A9C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/js/s_super_index-3fffae8d60.js
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/js/sbase-829e78c5bb.js
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://e.baidu.com/?refer=1271
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://haokan.baidu.com/?sfrom=baidu-top
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jiankang.baidu.com/widescreen/home
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://live.baidu.com/
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://map.baidu.com/?newmap=1&ie=utf-8&s=s
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pan.baidu.com?from=1026962h
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943768238.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944212713.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passport.baidu.com/?logout&u=
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938858375.0000000004310000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passport.baidu.com/v2/?login&tpl=mn&u=http%3A
Source: UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941384264.0000000004430000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passport.baidu.com/v2/?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2F&sms=5
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/bundles/es6-polyfill_5645e88.js
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/bundles/polyfill_9354efa.js
Source: UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/global/img/feedback_add_photo_69ff822.png
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/global/img/icons_441e82f.png);_background
Source: UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/global/img/pc_direct_42d6311.png)
Source: UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/global/img/winlogo_e925689.png)
Source: UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/global/js/all_async_search_7000885.js
Source: UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924674222.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934196920.0000000004566000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/home/img/icons_809ae65.gif)
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/home/img/sugbg_1762fe7.png)
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/home/img/sugbg_90fc9cf.gif)
Source: UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/plugins/every_cookie_4644b13.js
Source: UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/plugins/every_cookie_mac_82990d4.js
Source: UrQrIdRfCg.exe, 00000001.00000003.928820081.0000000004648000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/protocol/https/tipbox/img/close-btn_364ba48.png);backgro
Source: UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://psstatic.c
Source: UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://psstatic.cdn.bce
Source: UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://psstatic.cdn.bcebos.com/vide
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935809257.0000000004D20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://psstatic.cdn.bcebos.com/video/wiseindex/aa6eef91f8b5b1a33b454c401_1660835115000.png
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.comodo.com/CPS0
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935809257.0000000004D20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sp1.baidu.com/5b1ZeDe5KgQFm2e88IuM_a/mwb2.gif
Source: UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941228965.0000000004350000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://top.baidu.com/board?platform=pc&sa=pcindex_entry
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wenku.baidu.com
Source: UrQrIdRfCg.exe, 00000001.00000000.898234427.000000000048D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.89ip.cn/tqdl.html?num=6000
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000000.898234427.000000000048D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.baidu.com/
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/1b
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/2
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/4
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/8
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/81
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/91):
Source: UrQrIdRfCg.exe, 00000001.00000000.898234427.000000000048D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.baidu.com/baidu43.143.201.4
Source: UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/l
Source: UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?rtt=1&bsst=1&cl=2&tn=news
Source: UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941228965.0000000004350000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943768238.0000000005510000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?wd=%E4%B8%8D%E5%86%8D%E4%BF%9D%E7%95%99%E4%B8%AD%E5%9B%BD%E4%BA%BA%E6%B0%91%
Source: UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941228965.0000000004350000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?wd=%E4%B8%96%E7%95%8C%E7%9C%8B%E5%A5%BD%E4%B8%AD%E5%9B%BD%E7%BB%8F%E6%B5%8E%
Source: UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941228965.0000000004350000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?wd=%E4%B8%AD%E5%A4%AE%E5%9B%BD%E5%AE%B6%E6%9C%BA%E5%85%B3%E4%BA%BA%E5%91%98%
Source: UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941228965.0000000004350000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?wd=%E6%9C%80%E9%AB%98%E6%A3%80%E4%B8%A4%E4%BC%9A%E5%B7%A5%E4%BD%9C%E6%8A%A5%
Source: UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941228965.0000000004350000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943768238.0000000005510000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?wd=%E6%B8%85%E5%8D%8E%E4%BF%9D%E6%B4%81%E9%98%BF%E5%A7%A8%E8%BA%AB%E7%A9%BF%
Source: UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941228965.0000000004350000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?wd=%E8%BF%99%E4%BD%8D%E4%B8%AD%E5%A4%AE%E5%86%9B%E5%A7%94%E5%A7%94%E5%91%98%
Source: UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045A6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1123707532.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125938877.0000000004666000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125814726.00000000059AC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125401506.000000000460B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.00000000045A6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.hao123.com?src=from_pc
Source: UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zhidao.baidu.com

Source: unknown

DNS traffic detected: queries for: www.89ip.cn

Source: global traffic	HTTP traffic detected: GET /v2/?request=getproxies&protocol=http&timeout=10000&country=all&ssl=all&anonymity=all HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Accept: /Host: api.proxyscrape.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn
Source: global traffic	HTTP traffic detected: GET /tqdl.html?num=6000 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: zh-cnReferer: https://www.89ip.cn/tqdl.html?num=6000User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: www.89ip.cn

Source: unknown

HTTPS traffic detected: 104.18.10.5:443 -> 192.168.2.22:49171 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: UrQrIdRfCg.exe, type: SAMPLE	Matched rule: Sample from CN Honker Pentest Toolset - file WordpressScanner.exe Author: Florian Roth (Nextron Systems)
Source: 1.0.UrQrIdRfCg.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Sample from CN Honker Pentest Toolset - file WordpressScanner.exe Author: Florian Roth (Nextron Systems)

Source: UrQrIdRfCg.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: UrQrIdRfCg.exe, type: SAMPLE	Matched rule: CN_Honker_WordpressScanner date = 2015-06-23, author = Florian Roth (Nextron Systems), description = Sample from CN Honker Pentest Toolset - file WordpressScanner.exe, score = 0b3c5015ba3616cbc616fc9ba805fea73e98bc83, reference = Disclosed CN Honker Pentest Toolset, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.0.UrQrIdRfCg.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: CN_Honker_WordpressScanner date = 2015-06-23, author = Florian Roth (Nextron Systems), description = Sample from CN Honker Pentest Toolset - file WordpressScanner.exe, score = 0b3c5015ba3616cbc616fc9ba805fea73e98bc83, reference = Disclosed CN Honker Pentest Toolset, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE

Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	Memory allocated: 77620000 page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	Memory allocated: 77740000 page execute and read and write			Jump to behavior

Source: UrQrIdRfCg.exe	ReversingLabs: Detection: 52%
Source: UrQrIdRfCg.exe	Virustotal: Detection: 52%

Source: UrQrIdRfCg.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\UrQrIdRfCg.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\UrQrIdRfCg.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2087C2F4-2CEF-4953-A8AB-66779B670495}\InProcServer32

Jump to behavior

Source: classification engine

Classification label: mal72.troj.winEXE@1/0@71/100

Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UrQrIdRfCg.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49175
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49176
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49177
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49186
Source: unknown	Network traffic detected: HTTP traffic on port 999 -> 49172
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49191
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49193
Source: unknown	Network traffic detected: HTTP traffic on port 10048 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49196
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49199
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49203
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49205
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49210
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49213
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49212
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49208
Source: unknown	Network traffic detected: HTTP traffic on port 10048 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 8999 -> 49229
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49239
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49238
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 49240
Source: unknown	Network traffic detected: HTTP traffic on port 8828 -> 49243
Source: unknown	Network traffic detected: HTTP traffic on port 7890 -> 49248
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49250
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49251
Source: unknown	Network traffic detected: HTTP traffic on port 10048 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49276
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49277
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49283
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49292
Source: unknown	Network traffic detected: HTTP traffic on port 21001 -> 49293
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49294
Source: unknown	Network traffic detected: HTTP traffic on port 4007 -> 49304
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49307
Source: unknown	Network traffic detected: HTTP traffic on port 8181 -> 49317
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49328
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49329
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49324
Source: unknown	Network traffic detected: HTTP traffic on port 9090 -> 49338
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49342
Source: unknown	Network traffic detected: HTTP traffic on port 8088 -> 49345
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49351
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49353
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49358
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49362
Source: unknown	Network traffic detected: HTTP traffic on port 40809 -> 49366
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49364
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49369
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49371
Source: unknown	Network traffic detected: HTTP traffic on port 3129 -> 49350
Source: unknown	Network traffic detected: HTTP traffic on port 8282 -> 49367
Source: unknown	Network traffic detected: HTTP traffic on port 8181 -> 49376
Source: unknown	Network traffic detected: HTTP traffic on port 8282 -> 49367
Source: unknown	Network traffic detected: HTTP traffic on port 8282 -> 49367
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49395
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49397
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49396
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49398
Source: unknown	Network traffic detected: HTTP traffic on port 8083 -> 49392
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49406
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49409
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49412
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49413
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49414
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49419
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49426
Source: unknown	Network traffic detected: HTTP traffic on port 40809 -> 49433
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49434
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49438
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49442
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49430
Source: unknown	Network traffic detected: HTTP traffic on port 9090 -> 49451
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49449
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49456
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49457
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49462
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49464
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 49465
Source: unknown	Network traffic detected: HTTP traffic on port 1994 -> 49470
Source: unknown	Network traffic detected: HTTP traffic on port 10566 -> 49479
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49483
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49493
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49498
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49500
Source: unknown	Network traffic detected: HTTP traffic on port 10566 -> 49479
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49510
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49513
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49525
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49530
Source: unknown	Network traffic detected: HTTP traffic on port 10566 -> 49479
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49549
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49550
Source: unknown	Network traffic detected: HTTP traffic on port 999 -> 49541
Source: unknown	Network traffic detected: HTTP traffic on port 10048 -> 49551
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49530
Source: unknown	Network traffic detected: HTTP traffic on port 10000 -> 49552
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49567
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49566
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49560
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49575
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49569
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49580
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49582
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49587
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49591
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49596
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49603
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49602
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49604
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49606
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49605
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49610
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49619
Source: unknown	Network traffic detected: HTTP traffic on port 5443 -> 49608
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49621
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49630
Source: unknown	Network traffic detected: HTTP traffic on port 40809 -> 49634
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49641
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49640
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49650
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49664
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49665
Source: unknown	Network traffic detected: HTTP traffic on port 10515 -> 49669
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49677
Source: unknown	Network traffic detected: HTTP traffic on port 44321 -> 49679
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49685
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 8828 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 38573 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 1981 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 10515 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 8086 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 10102 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 8085 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 1976 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 8083 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 82 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 37113 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 8828 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 8118 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 8899 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 999 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 8443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 10210 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50146

Source: C:\Users\user\Desktop\UrQrIdRfCg.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Jump to behavior

Source: C:\Users\user\Desktop\UrQrIdRfCg.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Users\user\Desktop\UrQrIdRfCg.exe TID: 2080

Thread sleep time: -180000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\UrQrIdRfCg.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD Blob

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Modify Registry	OS Credential Dumping	1 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Virtualization/Sandbox Evasion	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	11 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	1 Remote System Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	1 System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	14 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	3 Ingress Tool Transfer	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
UrQrIdRfCg.exe	52%	ReversingLabs	Win32.Trojan.Generic
UrQrIdRfCg.exe	52%	Virustotal		Browse
UrQrIdRfCg.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
https://psstatic.cdn.bce	0%	Avira URL Cloud	safe
http://www.eyuyan.com)DVarFileInfo$	0%	Avira URL Cloud	safe
https://psstatic.c	0%	Avira URL Cloud	safe
https://beian.miit.gov.cn	0%	Avira URL Cloud	safe
http://music.taihe.com	0%	Avira URL Cloud	safe
http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11000002000001	0%	Avira URL Cloud	safe
http://ocsp2.global	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
f7be4e1e.89ip.cn.cname.hcnamecdns.com	185.234.22.159	true	false	unknown
api.proxyscrape.com	104.18.10.5	true	false	unknown
www.89ip.cn	unknown	unknown	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.baidu.com/s?wd=%E6%B8%85%E5%8D%8E%E4%BF%9D%E6%B4%81%E9%98%BF%E5%A7%A8%E8%BA%AB%E7%A9%BF%	UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941228965.0000000004350000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943768238.0000000005510000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.eyuyan.com)DVarFileInfo$	UrQrIdRfCg.exe, 00000001.00000000.898262416.00000000004D0000.00000002.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	low
https://psstatic.cdn.bce	UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/logos/yingxiao-b585c1ec7d.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp	false		high
https://passport.baidu.com/v2/?login&tpl=mn&u=http%3A	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938858375.0000000004310000.00000004.00000020.00020000.00000000.sdmp	false		high
http://wenku.baidu.com/search?lm=0&od=0&ie=utf-8	UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://beian.miit.gov.cn	UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/js/lib/esl-d776bfb1aa.js	UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944212713.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.baidu.com/8	UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/qrcode/qrcode	UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/js/polyfill-ie8-30f98ab294.js	UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp	false		high
http://zhidao.baidu.com/q?ct=17&pn=0&tn=ikaslist&rn=10&fr=wwwt	UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://baike.baidu.com	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/qrcode/qrcode-hover	UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.baidu.com/2	UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.baidu.com/baidu43.143.201.4	UrQrIdRfCg.exe, 00000001.00000000.898234427.000000000048D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11000002000001	UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.diginotar.nl/cps/pkioverheid0	UrQrIdRfCg.exe, 00000001.00000003.924411759.000000000069E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/font/iconfont-fa013548a9.woff2	UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935809257.0000000004D20000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/sugbg-90fc9cf8c8.gif	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.baidu.com/4	UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://image.baidu.com/	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://wenku.baidu.com	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tieba.baidu.com/	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://top.baidu.com/board?platform=pc&sa=pcindex_entry	UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941228965.0000000004350000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.baidu.com/baidu.html?from=noscript	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935809257.0000000004D20000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newbaike-889054f349.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://passport.baidu.com/ubrwsb	UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odC	UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/sx	UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://e.baidu.com/ebaidu/home?refer=887	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.baidu.com/81	UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://passport.baidu.com/?logout&u=	UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943768238.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944212713.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ir.baidu.com	UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/font/iconfont-cdfecb8456.eot?#iefix	UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935809257.0000000004D20000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newxueshuicon-a5314d5c83.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://image.baidu.com/i?tn=baiduimage&ps=1&ct=201326592&lm=-1&cl=2&nc=1&ie=	UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943022981.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://passport.baidu.com/ubr	UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/guide_new/arrow-left-a7b272965a.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp	false		high
https://passport.baidu.com/v2/?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2F&sms=5	UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941384264.0000000004430000.00000004.00000020.00020000.00000000.sdmp	false		high
https://pss.bdstatic.com/r/www/cache/static/protocol/https/tipbox/img/close-btn_364ba48.png);backgro	UrQrIdRfCg.exe, 00000001.00000003.928820081.0000000004648000.00000004.00000020.00020000.00000000.sdmp	false		high
http://passport.baidu.com/ubrwsbas	UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943768238.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946142279.00000000048D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944212713.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945626954.0000000004F20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/guide_new/arrow-right-69f7969669.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp	false		high
https://pss.bdstatic.com/r/www/cache/static/protocol/https/global/img/feedback_add_photo_69ff822.png	UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/searchbox/nicon-10750f3f7d.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newzhidao-da1cf444b0.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://psstatic.c	UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/icons-441e82fb11.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/guide_new/arrow-top-d81f5f8843.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newyinyue-03ecd1e9b9.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/yingxiaoicon-612169cc36.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://haokan.baidu.com/?sfrom=baidu-top	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.938629536.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://b2b.baidu.com/s?fr=wwwt	UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://psstatic.cdn.bcebos.com/vide	UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/sugbg-1762fe7cb1.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007488524.000000000465B000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.baidu.com/91):	UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.baidu.com/s?wd=%E4%B8%AD%E5%A4%AE%E5%9B%BD%E5%AE%B6%E6%9C%BA%E5%85%B3%E4%BA%BA%E5%91%98%	UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941228965.0000000004350000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.baidu.com/s?wd=%E6%9C%80%E9%AB%98%E6%A3%80%E4%B8%A4%E4%BC%9A%E5%B7%A5%E4%BD%9C%E6%8A%A5%	UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947305613.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941228965.0000000004350000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949208130.00000000059E5000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934908481.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946815018.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.947480409.00000000049D0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://music.taihe.com	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.940774373.0000000004450000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944452713.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942101894.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948188370.0000000004B21000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934960716.00000000059E6000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939134721.00000000043B0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126053097.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946627723.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934286835.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.941721606.0000000004470000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1132732999.0000000003120000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1133144066.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126273963.000000000463C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.baidu.com/l	UrQrIdRfCg.exe, 00000001.00000003.924411759.00000000006B8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/font/iconfont-74fcdd51ab.svg#iconfont	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045BF000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.929011303.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.923985729.00000000045C2000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp2.global	UrQrIdRfCg.exe, 00000001.00000003.1033682878.00000000045A6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://psstatic.cdn.bcebos.com/video/wiseindex/aa6eef91f8b5b1a33b454c401_1660835115000.png	UrQrIdRfCg.exe, 00000001.00000003.1132286009.0000000004950000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135566723.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.948239332.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.942189479.0000000005160000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936478770.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.946889463.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943237807.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135249151.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1135099843.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1125677567.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936234949.0000000004D20000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007125939.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.936076294.0000000004A50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935289007.0000000004850000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.924049077.000000000456E000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.926066504.000000000457F000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1126965922.0000000004990000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.939997612.0000000004310000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1127261934.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.1007379764.0000000004567000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.935809257.0000000004D20000.00000004.00000020.00020000.00000000.sdmp	false		high
https://pss.bdstatic.com/r/www/cache/static/protocol/https/global/img/pc_direct_42d6311.png)	UrQrIdRfCg.exe, 00000001.00000003.1124614551.000000000465D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://map.baidu.com/?newmap=1&ie=utf-8&s=s	UrQrIdRfCg.exe, 00000001.00000003.948731384.0000000005891000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949023110.0000000004B24000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.944709913.0000000004810000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.943318304.0000000005510000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934445323.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.949405207.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.934718737.0000000005934000.00000004.00000020.00020000.00000000.sdmp, UrQrIdRfCg.exe, 00000001.00000003.945153976.00000000048C0000.00000004.00

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report UrQrIdRfCg.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Windows Analysis Report
UrQrIdRfCg.exe