beacon-cache.json

[{"seen_at": "1713646636", "ip": "18.217.214.178", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "33eafc30035b77e8643c9382fa8c89a12f87d6d4b7cdf27557291d8ea8a36270", "x86_sha256": "0cbe1a62e9524c54f7f600c21ccd8bb81cbc15a6ed81e318b2cc7e3572377821", "x64_sha1": "d3065b67785092d6802959f18078da73928caa91", "x86_sha1": "30b9b4657c60512ecdff36da399ea4e672b410c3", "x64_uri_queried": "/BQvT", "x86_uri_queried": "/x9Ib", "x64_md5": "644c1d80e75378b5ec5e51c0ce44e5e8", "x86_md5": "c1f6c7aa076e5b5c49df24e3c14e4c02", "x64_time": 1713646614793.5, "x86_time": 1713646609284.4, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "18.119.137.185,/__utm.gif", "x86_c2_server": "18.119.137.185,/cx", "x64_c2_host": "18.119.137.185", "x86_c2_host": "18.119.137.185", "x64_c2_path": "/__utm.gif", "x86_c2_path": "/cx", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1236301411, "x86_watermark": 1236301411, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646684", "ip": "162.14.107.218", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "4b60280b34ca6d90d7840dab5beea0d3c7f7b27ad54b99dfe925af0dd5af445d", "x86_sha256": "d71460fe7c508b2a8befc98e00f67aa553d1e58f992422d8a281a742ab04bdce", "x64_sha1": "4ac9ce8ee6760ee35c76aad627d00dcb4b075ce2", "x86_sha1": "d7734222c5c26243900983d81d1dc94de9c9dab0", "x64_uri_queried": "/PpKR", "x86_uri_queried": "/doW2", "x64_md5": "b1220813fe14e8f606289d8891463a18", "x86_md5": "222e2687c4e6af939376e78021c960c2", "x64_time": 1713646666752.6, "x86_time": 1713646655458.9, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "162.14.107.218,/en_US/all.js", "x86_c2_server": "162.14.107.218,/visit.js", "x64_c2_host": "162.14.107.218", "x86_c2_host": "162.14.107.218", "x64_c2_path": "/en_US/all.js", "x86_c2_path": "/visit.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646727", "ip": "15.205.128.169", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "5eda6ed39a603eedd798c2fb06ad5161600781d4c96bd45c7864a741988fd6ee", "x86_sha256": "4cf196a9baf0c14651e35dccff2033df0490d1f6d8488d265b4318899393dd37", "x64_sha1": "196996aebbc3a846c1540e904f8e58ef188a3419", "x86_sha1": "3968d425d1b8f305923aa32e238760664385292f", "x64_uri_queried": "/z4bM", "x86_uri_queried": "/ep8O", "x64_md5": "a0cacc377958a6296fd1287ae847a792", "x86_md5": "82675436e68b5d78d7344c6fa69c9876", "x64_time": 1713646703749.2, "x86_time": 1713646688538.9, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "15.205.128.169,/cx", "x86_c2_server": "15.205.128.169,/activity", "x64_c2_host": "15.205.128.169", "x86_c2_host": "15.205.128.169", "x64_c2_path": "/cx", "x86_c2_path": "/activity", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1078434104, "x86_watermark": 1078434104, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646779", "ip": "47.104.232.113", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "c806c50ca9a5a1162a44c820cfd95529b3e9fdc4e21d5dfd76dbbb7945421066", "x86_sha256": "0d7478f9978e880640566cdaef84482db315baf22bcdb8a1229845dbffd2d3d1", "x64_sha1": "6d5960a0bd8e339ef89f3d306c41334965c9fd73", "x86_sha1": "7c91526771f88222110875e1eb7ed952e29119d7", "x64_uri_queried": "/lLZK", "x86_uri_queried": "/4jhV", "x64_md5": "06954339d7c4d2af869bf28287b3dee7", "x86_md5": "01a81209ec69c1bffa0a83b01408b28d", "x64_time": 1713646753518.4, "x86_time": 1713646736024.3, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.104.232.113,/visit.js", "x86_c2_server": "47.104.232.113,/pixel.gif", "x64_c2_host": "47.104.232.113", "x86_c2_host": "47.104.232.113", "x64_c2_path": "/visit.js", "x86_c2_path": "/pixel.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646819", "ip": "213.226.123.124", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "821ca5ebd2b3f16f832246c7054a93381eeac2b8e445d6dde2adce03e60cf772", "x86_sha256": "93ea57b1ba201e47ff741ddf548d549381b72835373e08086abd26caa1b1a7dd", "x64_sha1": "edac0922e585b3f40a00ec38fa5773f223cef9e3", "x86_sha1": "fe90f4535bda9ecb15cd93bb3ca118b07abdf25c", "x64_uri_queried": "/v5Gk", "x86_uri_queried": "/bv3Q", "x64_md5": "30dfefba003a81136145ee979bb66e40", "x86_md5": "d29d4f03feb8f5591e0d1b7bdd19fadd", "x64_time": 1713646796716.1, "x86_time": 1713646783910.6, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "213.226.123.124,/ga.js", "x86_c2_server": "213.226.123.124,/cm", "x64_c2_host": "213.226.123.124", "x86_c2_host": "213.226.123.124", "x64_c2_path": "/ga.js", "x86_c2_path": "/cm", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)", "x86_user_agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646864", "ip": "49.233.244.7", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "027a8504f0712f8ca941243429b6ccde92f8bc96c945b718c808c540b6706b96", "x86_sha256": "248b0570dbf92ec95ab3868e480d6657e0c98976f1ea4510bff2def41a34f988", "x64_sha1": "993e8510b6ab82d924da514227f148b03c8c8e82", "x86_sha1": "54879e40ac54508bbc23cd10ef71d74eced0c8c1", "x64_uri_queried": "/zmD2", "x86_uri_queried": "/GpWN", "x64_md5": "6f2509c806d18e560789e65c0fb2db3b", "x86_md5": "a6de1731d512d05a1412f524cb0f158d", "x64_time": 1713646840038.8, "x86_time": 1713646825664.5, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "49.233.244.7,/cx", "x86_c2_server": "49.233.244.7,/en_US/all.js", "x64_c2_host": "49.233.244.7", "x86_c2_host": "49.233.244.7", "x64_c2_path": "/cx", "x86_c2_path": "/en_US/all.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646900", "ip": "222.112.93.163", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "7789c370d2e767480ac8b2ef14ef78cafba4a1858d91ed3a4c67b0c1ed31ac18", "x86_sha256": "d4ebbc1f317cd707025441377af69d28ddea4d5f1044e62c00b48b991f831173", "x64_sha1": "81d5b448fa13bd8b60c231cbd0c683f5db56d48f", "x86_sha1": "41226be806922fd1e8a40d4560d1ff2a259fe5c3", "x64_uri_queried": "/bPs8", "x86_uri_queried": "/Ls3j", "x64_md5": "f7fec0be6b58807547c8609696312c07", "x86_md5": "f872533b7d980bb328c3838260852fdb", "x64_time": 1713646881152.3, "x86_time": 1713646870573.0, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "222.112.93.163,/pixel.gif", "x86_c2_server": "222.112.93.163,/updates.rss", "x64_c2_host": "222.112.93.163", "x86_c2_host": "222.112.93.163", "x64_c2_path": "/pixel.gif", "x86_c2_path": "/updates.rss", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646943", "ip": "52.183.224.145", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "8bb864f44f28069431a4a43fe7ef800d80470e773e3f769c9b28ff49b221597b", "x86_sha256": "e6e774839f461ee3332a957083f39fc67f77ee660922a39f0d9967f9b4241959", "x64_sha1": "e67edfc79bfd037f95da52eede0e07fe86ac5e22", "x86_sha1": "a265f718801f234c399f9163bb796bd43a4eeb2c", "x64_uri_queried": "/k3vI", "x86_uri_queried": "/WjXC", "x64_md5": "fa4768f08e7ed68f26a6455ea06fafe6", "x86_md5": "52ee6106d8897a19f148d2b1e5083eb6", "x64_time": 1713646919083.4, "x86_time": 1713646902630.1, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 45000, "x86_polling": 45000, "x64_jitter": 37, "x86_jitter": 37, "x64_c2_server": "52.183.224.145,/jquery-3.3.1.min.js", "x86_c2_server": "52.183.224.145,/jquery-3.3.1.min.js", "x64_c2_host": "52.183.224.145", "x86_c2_host": "52.183.224.145", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\notepad.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\notepad.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\notepad.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\notepad.exe", "x64_watermark": 1739732003, "x86_watermark": 1739732003, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646982", "ip": "39.98.157.4", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "254cea69bdb92bc2e258a6f2c18762cbd79a8c11f328b1b42d9480993a6395db", "x86_sha256": "c9d0d1669616b811577da92687b74b0d40774e7667618f702706221e36b48270", "x64_sha1": "1f760aa043a3655055c1ba77b7a495f019d4c37a", "x86_sha1": "0986c2c9e638beaa97b4e16b53053b55bd332000", "x64_uri_queried": "/VBnW", "x86_uri_queried": "/maZ4", "x64_md5": "04a9b91de76dd427552b7f8745fc1681", "x86_md5": "111a11ea50564239b3d1259ea44c75d9", "x64_time": 1713646964305.4, "x86_time": 1713646951391.6, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "39.98.157.4,/cx", "x86_c2_server": "39.98.157.4,/activity", "x64_c2_host": "39.98.157.4", "x86_c2_host": "39.98.157.4", "x64_c2_path": "/cx", "x86_c2_path": "/activity", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 100000, "x86_watermark": 100000, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647015", "ip": "121.199.0.54", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "62341484955a9faa392878b70d48724811fe156d21d26b5b90650f5ce2da3d33", "x86_sha256": "209d8fe5898ff76eb7707ec0fbfe004f4e06cebbb3c5aa989dda96bbd66ce0cb", "x64_sha1": "28c9b5d7a52b1c9e98a223b036e92bf63d4fd9f7", "x86_sha1": "fc6796fadafa86ff1d26d14d8044f37dc4da01a8", "x64_uri_queried": "/3kIv", "x86_uri_queried": "/MQYe", "x64_md5": "9d38a361e4f17188eebfa31f3e2e652f", "x86_md5": "955dd76395128fa88b77e24a764b5cc8", "x64_time": 1713646998650.5, "x86_time": 1713646989181.7, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 3000, "x86_polling": 3000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "121.199.0.54,/api/getit", "x86_c2_server": "121.199.0.54,/api/getit", "x64_c2_host": "121.199.0.54", "x86_c2_host": "121.199.0.54", "x64_c2_path": "/api/getit", "x86_c2_path": "/api/getit", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/api/postit", "x86_http_method_path_2": "/api/postit", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647058", "ip": "74.48.19.146", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "9e4a880630f8a2838ea2f11eeb18610a0b044d7f075e4247a95d6c920a63bc84", "x86_sha256": "2cf7c2239d9fc817346d5ad494cc1581d0a7131028044988ded4f51babf61738", "x64_sha1": "f4246ac9171a9d163085ceb94db454448f694bca", "x86_sha1": "486e1f993ab9dd0716a18b443ba9c8e1b1f22ad0", "x64_uri_queried": "/a1wT", "x86_uri_queried": "/cHcN", "x64_md5": "1e95759ac1da1859c4366342045fa592", "x86_md5": "61d3f948aa0c0a152654e0a1e079cd9f", "x64_time": 1713647034533.8, "x86_time": 1713647018679.8, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "jspassport.ssl.qhimg.com.dsa.dnsv1.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books", "x86_c2_server": "jspassport.ssl.qhimg.com.dsa.dnsv1.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books", "x64_c2_host": "jspassport.ssl.qhimg.com.dsa.dnsv1.com", "x86_c2_host": "jspassport.ssl.qhimg.com.dsa.dnsv1.com", "x64_c2_path": "/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books", "x86_c2_path": "/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 666666666, "x86_watermark": 666666666, "x64_c2_host_header": "Host: jspassport.ssl.qhimg.com\r\n", "x86_c2_host_header": "Host: jspassport.ssl.qhimg.com\r\n", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/N4215/adj/amzn.us.sr.aps", "x86_http_method_path_2": "/N4215/adj/amzn.us.sr.aps", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647098", "ip": "81.70.29.244", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "ce6a906722bdb6c9662957ffe57d0b690889706e75fd6924211b05b2b368ebc9", "x86_sha256": "33daff967514bcdf05b45fee68bccd4b719757ba85a042590b485c88f6f10ed7", "x64_sha1": "a0dd080894365f2708e3c5660b3325faaf45101b", "x86_sha1": "71f9b58b7a39983d7884ff3019dd430ce56a3104", "x64_uri_queried": "/TJTk", "x86_uri_queried": "/aLXW", "x64_md5": "7c6fa5975f31c8ee01fdc6347f986bc2", "x86_md5": "21ed204bf3842e07669124a0483d71dd", "x64_time": 1713647079209.2, "x86_time": 1713647065501.0, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 13608, "x86_polling": 13608, "x64_jitter": 50, "x86_jitter": 50, "x64_c2_server": "service-6wso9e3t-1257357125.bj.apigw.tencentcs.com,/jquery-3.3.1.min.js", "x86_c2_server": "service-6wso9e3t-1257357125.bj.apigw.tencentcs.com,/jquery-3.3.1.min.js", "x64_c2_host": "service-6wso9e3t-1257357125.bj.apigw.tencentcs.com", "x86_c2_host": "service-6wso9e3t-1257357125.bj.apigw.tencentcs.com", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\mtstocom.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\mtstocom.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\mtstocom.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\mtstocom.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647139", "ip": "121.196.235.124", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "4bfca5e6fef72858b9454839e9106de883e9f8380f0e40493bf1fd8fac4c983d", "x86_sha256": "6cfb2c78dfed35475941749cf5ce3deb3f415deb63499c38f06391301362f0c9", "x64_sha1": "92d77805647a7600808dde54723199793c768ede", "x86_sha1": "aa01e2db811891ba78175d3070a2043e9e7acdf9", "x64_uri_queried": "/v9kC", "x86_uri_queried": "/Q8ji", "x64_md5": "49e6032ec6f679de5323985c8468274d", "x86_md5": "994fb21975288416f2484abc1ccd87eb", "x64_time": 1713647120745.4, "x86_time": 1713647105580.6, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "121.196.235.124,/pixel.gif", "x86_c2_server": "121.196.235.124,/ca", "x64_c2_host": "121.196.235.124", "x86_c2_host": "121.196.235.124", "x64_c2_path": "/pixel.gif", "x86_c2_path": "/ca", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 6, "x86_watermark": 6, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647233", "ip": "165.154.131.126", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "f8e729f5fb6a48d89b7b827d38c61b3b2630fe079d8ca57e0c4de10fc75712ad", "x86_sha256": "72a6788fdac658e03ab14f4fea59354ddd7d80e63455ddac1f44bb98cacdd621", "x64_sha1": "0b1dfc457075645ee77eeec89bd77b2876871a3a", "x86_sha1": "fe95ace9f48d4e3a5cbffcfce5c5ea74171597a2", "x64_uri_queried": "/9mQf", "x86_uri_queried": "/fKv5", "x64_md5": "84a4ae2e01f70e380aecc07ebbdfbef3", "x86_md5": "60e63e224e06f4d551e16937796e0544", "x64_time": 1713647223264.5, "x86_time": 1713647211700.6, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 10, "x86_jitter": 10, "x64_c2_server": "165.154.131.126,/updates", "x86_c2_server": "165.154.131.126,/updates", "x64_c2_host": "165.154.131.126", "x86_c2_host": "165.154.131.126", "x64_c2_path": "/updates", "x86_c2_path": "/updates", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/aircanada/dark.php", "x86_http_method_path_2": "/hello/flash.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647276", "ip": "91.92.246.246", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "e257e3311518f79df1b7663b53f6ece901421165f4f9291f1127b8be98a19cf1", "x86_sha256": "ef10aeb50bd6afeb63928d7e34024599942190f52aaad2b6cb169431cd23883e", "x64_sha1": "17c3780b91b7a1a9fa79e7e86b22d84be038ce62", "x86_sha1": "48e25514cf11217964a709b14c43401f6143f5ca", "x64_uri_queried": "/xDRO", "x86_uri_queried": "/mEx2", "x64_md5": "70a0b48729ac88495cb364ffe34508b4", "x86_md5": "4073662aff0a8e6a581f447c0498b294", "x64_time": 1713647253069.9, "x86_time": 1713647235763.6, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 10, "x86_jitter": 10, "x64_c2_server": "91.92.246.246,/updates", "x86_c2_server": "91.92.246.246,/updates", "x64_c2_host": "91.92.246.246", "x86_c2_host": "91.92.246.246", "x64_c2_path": "/updates", "x86_c2_path": "/updates", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/hello/flash.php", "x86_http_method_path_2": "/aircanada/dark.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647332", "ip": "124.70.140.36", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "10d5d0874770553cd078529c05955ad3cada95f4ff38839f643da7707ae3670f", "x86_sha256": "5917131649a0e72a272ab3cff7fe88aa62395818bf540da08446c4e63a836372", "x64_sha1": "720e2b4351eb68cc1f135276e2242718d7f04413", "x86_sha1": "d4b099077507035294f00399841f31a18e50b030", "x64_uri_queried": "/Rz0a", "x86_uri_queried": "/tAUR", "x64_md5": "bc7e370919267c8b35a059451611220a", "x86_md5": "58c99243624a154f20e4196daa56002c", "x64_time": 1713647314916.8, "x86_time": 1713647299407.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "microsoftwindows.one,/api/3", "x86_c2_server": "microsoftwindows.one,/api/3", "x64_c2_host": "microsoftwindows.one", "x86_c2_host": "microsoftwindows.one", "x64_c2_path": "/api/3", "x86_c2_path": "/api/3", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "Host: microsoftwindows.one\r\n", "x86_c2_host_header": "Host: microsoftwindows.one\r\n", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/api/4", "x86_http_method_path_2": "/api/4", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647376", "ip": "167.99.112.140", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "ad02052e030eee6752298e54d8ac62da3fa06642bb8f6f2ea33867c18f9ef071", "x86_sha256": "3c9e5a9812841f07310fb3ce7650448d7a016f3b4e07eb8f6ab224c8f0dd9f56", "x64_sha1": "3b84b5801c8e1406ea55facadceaea69e39279cf", "x86_sha1": "ff38b0204a80129ae3dbbb73b4c56a80f6133c26", "x64_uri_queried": "/pXc2", "x86_uri_queried": "/7sHj", "x64_md5": "dc0200e18d4d618c1c83f1e786149dad", "x86_md5": "9f6775fc92c6dfa9640b471db91856dc", "x64_time": 1713647351181.1, "x86_time": 1713647333795.7, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "3gjanc04hk.execute-api.us-east-2.amazonaws.com,/v1/get", "x86_c2_server": "3gjanc04hk.execute-api.us-east-2.amazonaws.com,/v1/get", "x64_c2_host": "3gjanc04hk.execute-api.us-east-2.amazonaws.com", "x86_c2_host": "3gjanc04hk.execute-api.us-east-2.amazonaws.com", "x64_c2_path": "/v1/get", "x86_c2_path": "/v1/get", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 461757853, "x86_watermark": 461757853, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/v1/post", "x86_http_method_path_2": "/v1/post", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647417", "ip": "185.3.45.6", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "9133b5b03c09712066a6d0d0d969036040d2cbafa85bc58dcd698cb1cb888dee", "x86_sha256": "39e97902471f7f30fe7b56a3dac1c5f0a4fa894a6c3b4e62bcd183ace7e1cc29", "x64_sha1": "e146636799d27d4bca0533dd93f92ecd63670f12", "x86_sha1": "8361b2dc302fa504d2181f7029ce7959567956b1", "x64_uri_queried": "/RMQm", "x86_uri_queried": "/MaJd", "x64_md5": "9cb26fc9e8c562b7b19f228144d1d698", "x86_md5": "b1b952ce0576a144ff7ed2e06db248bb", "x64_time": 1713647396105.1, "x86_time": 1713647386485.6, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "3.72.68.180,/g.pixel", "x86_c2_server": "3.72.68.180,/cx", "x64_c2_host": "3.72.68.180", "x86_c2_host": "3.72.68.180", "x64_c2_path": "/g.pixel", "x86_c2_path": "/cx", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1263551644, "x86_watermark": 1263551644, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647479", "ip": "179.60.150.57", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "253127c52dacbfb8cf87f02b6d82ccc301c0e864b363b0c59689d63a09afa442", "x86_sha256": "c599e02860ad52684e25468047d54ea8c4d9c25c9175c05ddf52e02335777744", "x64_sha1": "879dec8a8c47be81a67be68b67b7811997030ba0", "x86_sha1": "feef1078cc283a6e3cc16bb64f2e750d0341792b", "x64_uri_queried": "/oaY4", "x86_uri_queried": "/SCLz", "x64_md5": "4a8bce5ef2705d7255ba3a0a926fafb2", "x86_md5": "7b9d9106372d039610725fb8ed55c778", "x64_time": 1713647462291.2, "x86_time": 1713647432600.1, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "179.60.150.57,/idle/1376547834/1,193.57.137.61,/idle/1376547834/1,95.164.35.233,/idle/1376547834/1", "x86_c2_server": "179.60.150.57,/idle/1376547834/1,193.57.137.61,/idle/1376547834/1,95.164.35.233,/idle/1376547834/1", "x64_c2_host": "179.60.150.57", "x86_c2_host": "179.60.150.57", "x64_c2_path": "/idle/1376547834/1", "x86_c2_path": "/idle/1376547834/1", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1580103824, "x86_watermark": 1580103824, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/send/1376547834/", "x86_http_method_path_2": "/send/1376547834/", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647530", "ip": "123.207.50.191", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "b02a5691925517d7a31169d542d3c8cf4b045d03350b617b46892a56de66d373", "x86_sha256": "d6ef298e14d6a54b023090b42132f6276e8c227e01b5d90c30c8f4d73c43e703", "x64_sha1": "e1744d51ebeef2ac3664df23dcf8f78dd3a97269", "x86_sha1": "3bd2b9a2738a48151d7747cc28f9604167f45f63", "x64_uri_queried": "/Gz0l", "x86_uri_queried": "/YlJM", "x64_md5": "7b7db0c9256657d348ced0e8c0707631", "x86_md5": "b5682969f81e80873845c7799e2f5ed9", "x64_time": 1713647511464.9, "x86_time": 1713647496547.4, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 3000, "x86_polling": 3000, "x64_jitter": 7, "x86_jitter": 7, "x64_c2_server": "127.0.0.1,/api/stream", "x86_c2_server": "127.0.0.1,/api/stream", "x64_c2_host": "127.0.0.1", "x86_c2_host": "127.0.0.1", "x64_c2_path": "/api/stream", "x86_c2_path": "/api/stream", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/api/streams", "x86_http_method_path_2": "/api/streams", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647596", "ip": "47.236.19.63", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "676f5da2477a32e30f5af4ba3671c681e527d35ba66bfb36233208e0b94b5d6f", "x86_sha256": "8e4a1cee0b83f76aee412c99da111e769b6a20b7583ec11dbb8243661886aa87", "x64_sha1": "3d78a8c5f1a57e655049bd969bee91e2a5a6a581", "x86_sha1": "8807212c5172c7b8e79c40b53621f171f1d1f5f2", "x64_uri_queried": "/3yFk", "x86_uri_queried": "/WVbM", "x64_md5": "75fbd5c382e385aca341cb6d3b616c37", "x86_md5": "e6bf9e7fc106de5b719ae31b4422ae08", "x64_time": 1713647577328.4, "x86_time": 1713647565809.5, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.236.19.63,/en_US/all.js", "x86_c2_server": "47.236.19.63,/ca", "x64_c2_host": "47.236.19.63", "x86_c2_host": "47.236.19.63", "x64_c2_path": "/en_US/all.js", "x86_c2_path": "/ca", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647640", "ip": "47.243.59.237", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "1d746c503e280b9d21d3219608726271fd692b77be55f3fd05629a254a585d6b", "x86_sha256": "64d5ef50285a1d5a65e1c5737dc49e88018c2c67d19a4ebaac5f7becd9dabf87", "x64_sha1": "5e76f1edea78f975879c27c15bb900cbb861d188", "x86_sha1": "19890000ebe28d288678c7d547fdc3c182b6ae1d", "x64_uri_queried": "/5liS", "x86_uri_queried": "/bjFJ", "x64_md5": "05548843e203efcad9856bf5fb5b5b80", "x86_md5": "bcd94ce45c4dfe253acd1dc2479cf58a", "x64_time": 1713647620380.5, "x86_time": 1713647606396.4, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.243.59.237,/g.pixel", "x86_c2_server": "47.243.59.237,/cx", "x64_c2_host": "47.243.59.237", "x86_c2_host": "47.243.59.237", "x64_c2_path": "/g.pixel", "x86_c2_path": "/cx", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647731", "ip": "182.92.238.31", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "34080b8eaf77df5fb25dff15aa32a1b7bc2e73504106c7237268d347ee7c0c87", "x86_sha256": "589cca9072da6ab787df6633f1f0ffdbfa8be1636f0f9c433d3ef2b02306f240", "x64_sha1": "6f512e17048a36e60aaa0a098e857c1a9370ef7d", "x86_sha1": "4e5c80433f79c12afebbada4df40dccdbced8365", "x64_uri_queried": "/Cpz0", "x86_uri_queried": "/H8rj", "x64_md5": "9b83152aa6efb5e94c2ba58c02813aaa", "x86_md5": "88debfc2c0e05193017b939e62f75168", "x64_time": 1713647711576.7, "x86_time": 1713647678359.9, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "182.92.238.31,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books", "x86_c2_server": "182.92.238.31,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books", "x64_c2_host": "182.92.238.31", "x86_c2_host": "182.92.238.31", "x64_c2_path": "/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books", "x86_c2_path": "/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/N4215/adj/amzn.us.sr.aps", "x86_http_method_path_2": "/N4215/adj/amzn.us.sr.aps", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647765", "ip": "47.108.137.190", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "0dc535ed751fa1afef4371445068019890f08612e79c2c44a7b162c45ecfcd3d", "x86_sha256": "b9be48cb598a9c35630c13b87c24849987d9d4ba08c42a6e33ca139a4d5a5592", "x64_sha1": "5e15e67a2dedfa8d7249871619997a4a91bdc9dc", "x86_sha1": "99fde5222f25e58a329ea8c6abb16d86938d2eb0", "x64_uri_queried": "/RRQh", "x86_uri_queried": "/R4nh", "x64_md5": "f65c32d3c580a47ff054a75c0c4e032e", "x86_md5": "24b862218c28f7581bdd412ada049830", "x64_time": 1713647748939.6, "x86_time": 1713647738801.6, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.108.137.190,/__utm.gif", "x86_c2_server": "47.108.137.190,/ca", "x64_c2_host": "47.108.137.190", "x86_c2_host": "47.108.137.190", "x64_c2_path": "/__utm.gif", "x86_c2_path": "/ca", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1580103824, "x86_watermark": 1580103824, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647805", "ip": "101.35.198.64", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "b535cb946a4f1604484de258c5e75b6670bee02c3b4e76487b61cf8d20c738dc", "x86_sha256": "cace862361dc1589b3df7433a32cba19749e7a25f7ba42cf7475e2fcf3802f20", "x64_sha1": "7268f39e78e0639c01f3041f9d4161bd7027489b", "x86_sha1": "c0818b6ffdb4d494a129abd0c593da893796e90b", "x64_uri_queried": "/Yl6b", "x86_uri_queried": "/jHv4", "x64_md5": "b60bbc359d71f71e86bbe5d3102bf36a", "x86_md5": "408b7d343f7c2e0e6e32c2069f34c08b", "x64_time": 1713647787366.2, "x86_time": 1713647772746.9, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "log.lihaimaoyi.com,/api/3", "x86_c2_server": "log.lihaimaoyi.com,/api/3", "x64_c2_host": "log.lihaimaoyi.com", "x86_c2_host": "log.lihaimaoyi.com", "x64_c2_path": "/api/3", "x86_c2_path": "/api/3", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/api/4", "x86_http_method_path_2": "/api/4", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647841", "ip": "123.60.57.13", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "876c6b6d397689f744f5d628ed929cd229dd81eb9b8722304f37dadf32b6e9c2", "x86_sha256": "094cc65fca89ce4f0be9afbd7059850b37c45ac338013f0e32d839cee203ec00", "x64_sha1": "fdde6ca5b302b07261662d1929279d493c33ea2f", "x86_sha1": "3537c3ebc789673cdf12138463584222ed039ca7", "x64_uri_queried": "/L8ip", "x86_uri_queried": "/yd3L", "x64_md5": "131e66a3230195ecd22f877e5ee68962", "x86_md5": "ecd0c5956ecb3a20bda78fa00caf5825", "x64_time": 1713647825273.1, "x86_time": 1713647812512.1, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "123.60.57.13,/load", "x86_c2_server": "123.60.57.13,/ga.js", "x64_c2_host": "123.60.57.13", "x86_c2_host": "123.60.57.13", "x64_c2_path": "/load", "x86_c2_path": "/ga.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647891", "ip": "43.143.169.86", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "b068a7855781f71df1ab1e2c6ab65b965b0bf59f1e32880b88a869ee65996097", "x86_sha256": "9c2b05cb69d7a39cf0eb92f619d7c9fd82c2c672a3aa271c6fd759934e708730", "x64_sha1": "901675059ea3243e55077e7c10a54178e2f8cfd3", "x86_sha1": "dbd5dad3bcbda319b59fe6810005f85ee6dfc748", "x64_uri_queried": "/dXj7", "x86_uri_queried": "/cM5w", "x64_md5": "4fed311be3e7c345ce41e79ac70c7348", "x86_md5": "0fee45b9cc58a9e3ff957fd20c3911be", "x64_time": 1713647871406.5, "x86_time": 1713647860246.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 37, "x86_jitter": 37, "x64_c2_server": "10.13.70.244,/jquery-3.3.1.min.js", "x86_c2_server": "10.13.70.244,/jquery-3.3.1.min.js", "x64_c2_host": "10.13.70.244", "x86_c2_host": "10.13.70.244", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x64_watermark": 0, "x86_watermark": 0, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "x86_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "8.8.8.8", "x86_dns_idle": "8.8.8.8", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648095", "ip": "39.106.5.215", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "d12611197df39cbcd38c4790b68658d3d245eaba66e67856116fbeb61813b6f7", "x86_sha256": "b42140b71dac32cad643a51134ebd7255e5ff0ad509a7dce70794e2eb74a4d94", "x64_sha1": "e3864255253a2ff739bfc896a5cba651b8f3b8a8", "x86_sha1": "4e2000c60d42204bc60711ce0f0bd661518fa075", "x64_uri_queried": "/MeUV", "x86_uri_queried": "/2pnL", "x64_md5": "9560755c5ed794b0fdd63fae3e3bf794", "x86_md5": "78245878dda59f3e973294bad1522fe3", "x64_time": 1713648084814.5, "x86_time": 1713648073411.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "39.106.5.215,/pixel", "x86_c2_server": "39.106.5.215,/activity", "x64_c2_host": "39.106.5.215", "x86_c2_host": "39.106.5.215", "x64_c2_path": "/pixel", "x86_c2_path": "/activity", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648487", "ip": "43.143.168.206", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "8e5b42b2fc511bed703f40a67913aa1ebb9940b69e66b2d54fd56cd192613673", "x86_sha256": "1c27d14c6fd361007193dfaa39eb01006397e38d021abb090a7fa2271931cc75", "x64_sha1": "2013fadba6329027f8b51ef59be3e61d8ba43081", "x86_sha1": "2aa81089524ac9119a3cf9c4c51e76d5cfdfec89", "x64_uri_queried": "/f1pV", "x86_uri_queried": "/O1jr", "x64_md5": "c88a7e6a46f46ffcad79581d5fbf8776", "x86_md5": "1c93888f095acfe64abb81594a8e6a76", "x64_time": 1713648474012.8, "x86_time": 1713648459084.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 3000, "x86_polling": 3000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "service-rv8zxcr1-1259321672.bj.tencentapigw.com.cn,/jquerys-6.3.5.max.js", "x86_c2_server": "service-rv8zxcr1-1259321672.bj.tencentapigw.com.cn,/jquerys-6.3.5.max.js", "x64_c2_host": "service-rv8zxcr1-1259321672.bj.tencentapigw.com.cn", "x86_c2_host": "service-rv8zxcr1-1259321672.bj.tencentapigw.com.cn", "x64_c2_path": "/jquerys-6.3.5.max.js", "x86_c2_path": "/jquerys-6.3.5.max.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jqurry-6.3.5.max.js", "x86_http_method_path_2": "/jqurry-6.3.5.max.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648594", "ip": "175.178.160.155", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "79208f85d299064a2f19e84c921f88c422943c6361059a34cc95adc2af7f7405", "x86_sha256": "5a0dd629c52e4592549bb319d23d45717248d4f1fb421e47750bbec2b5da1332", "x64_sha1": "1b188c53d13081f33ba319d472a641b88d71ca02", "x86_sha1": "2f6b82341c868a44b5c171b80e7fa13e73ae2d0a", "x64_uri_queried": "/JxZA", "x86_uri_queried": "/9Tgh", "x64_md5": "ac14b0080c76482467a4fae17f683cde", "x86_md5": "30d4357daf71c6d9bc841a7f0f98e1c1", "x64_time": 1713648586872.9, "x86_time": 1713648577230.1, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 89674, "x86_polling": 89674, "x64_jitter": 38, "x86_jitter": 38, "x64_c2_server": "jxvtcm.cn,/Complete/pr/H6TCQRWR", "x86_c2_server": "jxvtcm.cn,/Complete/pr/H6TCQRWR", "x64_c2_host": "jxvtcm.cn", "x86_c2_host": "jxvtcm.cn", "x64_c2_path": "/Complete/pr/H6TCQRWR", "x86_c2_path": "/Complete/pr/H6TCQRWR", "x64_spawn_to_x86": "%windir%\\syswow64\\DevicePairingWizard.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\DevicePairingWizard.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\WUAUCLT.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\WUAUCLT.exe", "x64_watermark": 668899, "x86_watermark": 668899, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/doFor/device/44VHMR1H", "x86_http_method_path_2": "/doFor/device/44VHMR1H", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648664", "ip": "128.199.178.134", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "74569172774403c8f8fc956f4d706ec7d230c279062478ed207b3939ef0df9fb", "x86_sha256": "aabeda81705c16c6d634cf06c39b8fe9a3c66ee087be2672323cd280f54281ff", "x64_sha1": "88bc15da13a7e805e47f8461399de9b8c3e9a5ac", "x86_sha1": "b543eadcb9f1f5739289bf2365ff4d83a732ac8a", "x64_uri_queried": "/ZWv6", "x86_uri_queried": "/i2Qp", "x64_md5": "4c5a3c9e89afcb00bde9f496f36dc402", "x86_md5": "da47d09058388c9f7a86c134079fc0c5", "x64_time": 1713648650902.7, "x86_time": 1713648641989.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "128.199.178.134,/push", "x86_c2_server": "128.199.178.134,/j.ad", "x64_c2_host": "128.199.178.134", "x86_c2_host": "128.199.178.134", "x64_c2_path": "/push", "x86_c2_path": "/j.ad", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 100000, "x86_watermark": 100000, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646637", "ip": "47.76.78.183", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "c98fe901ca7c5ab4ab981dcd8d2ad57c404d851637922b4d775471153000c658", "x86_sha256": "6bdcd72c391865d019fa7894d2e77175b00397476fe8a824aefb12df96dd1e0d", "x64_sha1": "43b055b1cdac018afad275dce6cbdcc846c521ac", "x86_sha1": "993c2eccdb2b81b2a4a7ec0a2883cbdbd50e2299", "x64_uri_queried": "/qJq1", "x86_uri_queried": "/yQb0", "x64_md5": "71601bbed76f260ffc4046fb83ab737b", "x86_md5": "13833bed7ef5c7fa30fe4a98d524984d", "x64_time": 1713646622169.8, "x86_time": 1713646611643.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 45000, "x86_polling": 45000, "x64_jitter": 37, "x86_jitter": 37, "x64_c2_server": "files.jslibc.com,/jquery-3.3.1.min.js", "x86_c2_server": "files.jslibc.com,/jquery-3.3.1.min.js", "x64_c2_host": "files.jslibc.com", "x86_c2_host": "files.jslibc.com", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "Host: files.jslibc.com\r\n", "x86_c2_host_header": "Host: files.jslibc.com\r\n", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646694", "ip": "154.92.18.103", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "1a55a1846bf2194aafd04fb7c4ce0f229b0d424b2ce966237b0990f7986923c6", "x86_sha256": "db98354c8e3f6a3def48250edf90b9e4b3c6b239efbd5a0d1a31780833714346", "x64_sha1": "a99f6cd24eef78fac18721cda3cd96e02deace77", "x86_sha1": "5a0dbca10a78ec223358ca6c343fca3c3d2b26f8", "x64_uri_queried": "/wdK7", "x86_uri_queried": "/8Ato", "x64_md5": "7bc82de05ea070574833b38ce5b09f47", "x86_md5": "318d23ad7cd78ebd0aaf3ecdac2b2188", "x64_time": 1713646675478.3, "x86_time": 1713646662176.5, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "154.92.18.103,/visit.js", "x86_c2_server": "154.92.18.103,/IE9CompatViewList.xml", "x64_c2_host": "154.92.18.103", "x86_c2_host": "154.92.18.103", "x64_c2_path": "/visit.js", "x86_c2_path": "/IE9CompatViewList.xml", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 666666, "x86_watermark": 666666, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646734", "ip": "118.25.182.25", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "e12a43d1f27c230e85fdf93a2b4acff092037496ffd2d0c47f4c3e47137c36eb", "x86_sha256": "5595bbc1d482481cc39347769b126f1965e4f18532e1c00daaa09819effa9a29", "x64_sha1": "3abf39a2b01aec53e7b5d8a8666cf410122e7e2e", "x86_sha1": "55cae080724c69b90eb03a012e73dd93152bf21b", "x64_uri_queried": "/tUOE", "x86_uri_queried": "/qs2F", "x64_md5": "7f3ebc3580a4cb6d4967edf188cd7ee3", "x86_md5": "1bbe628552a085886eae86c3c62aa05e", "x64_time": 1713646715176.0, "x86_time": 1713646697903.3, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "118.25.182.25,/push", "x86_c2_server": "118.25.182.25,/dot.gif", "x64_c2_host": "118.25.182.25", "x86_c2_host": "118.25.182.25", "x64_c2_path": "/push", "x86_c2_path": "/dot.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646773", "ip": "120.55.65.99", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "51ea614511fa6b69f85b481c4eaaafb3cb49c418ce232c63d6930dc0f31007ce", "x86_sha256": "33a4780365103b59d46f359c0dc816fda0ffd3bb46d01adae8f61a64adce6ddd", "x64_sha1": "766d553979458d8389029e3673896aa1b13766c0", "x86_sha1": "316e7491bd33275c227e61ca4ac36d353940623c", "x64_uri_queried": "/qHMW", "x86_uri_queried": "/oCDf", "x64_md5": "fd33425a2eb26ac7b388fe633a45b023", "x86_md5": "1f6a0654a2416f520bf61247e84e6f94", "x64_time": 1713646755374.5, "x86_time": 1713646738111.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "120.55.65.99,/dpixel", "x86_c2_server": "120.55.65.99,/dpixel", "x64_c2_host": "120.55.65.99", "x86_c2_host": "120.55.65.99", "x64_c2_path": "/dpixel", "x86_c2_path": "/dpixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 666666666, "x86_watermark": 666666666, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646817", "ip": "20.5.43.62", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "1f628f62e73ad6f606e624266ee14e19b2e12188cae0ecf4405084bc49ecf06a", "x86_sha256": "f284a70919a33641d9a029495c6d8f8567bcdd3218a8558916621bdfae9b7a3e", "x64_sha1": "cea2513b40999c67b7567b7f4066ed2a64b8e3c3", "x86_sha1": "8a0a452147ec3d424e514ce01edf0d30fab60c3b", "x64_uri_queried": "/LQPp", "x86_uri_queried": "/B6pt", "x64_md5": "6963f97ad066e5ea5b227d0891e7d448", "x86_md5": "3066799b50d6d5ef0c5d6124eb20ffae", "x64_time": 1713646790327.7, "x86_time": 1713646776685.5, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "20.5.43.62,/dot.gif", "x86_c2_server": "20.5.43.62,/pixel", "x64_c2_host": "20.5.43.62", "x86_c2_host": "20.5.43.62", "x64_c2_path": "/dot.gif", "x86_c2_path": "/pixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 157235884, "x86_watermark": 157235884, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646860", "ip": "116.62.242.109", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "bb86d572efe8671c657fe02b34114a3c507335e73c5e5fc65f09c080aa1611cb", "x86_sha256": "2b99f04fce4f36eaf6feb624d1e17e84e04d9f1e665381dc78cf6668d6818131", "x64_sha1": "44f4f4d476b626a21a4e74b28c244931e21630bc", "x86_sha1": "246f65494a28e368dbfdb361da9923301d81b263", "x64_uri_queried": "/wk8C", "x86_uri_queried": "/LUoL", "x64_md5": "dee9f3f556e9b3f2fa0d2c83ebabbd86", "x86_md5": "fe9105075dbaad177bf3f33f5665ed52", "x64_time": 1713646838700.6, "x86_time": 1713646823767.4, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "116.62.242.109,/dpixel", "x86_c2_server": "116.62.242.109,/pixel.gif", "x64_c2_host": "116.62.242.109", "x86_c2_host": "116.62.242.109", "x64_c2_path": "/dpixel", "x86_c2_path": "/pixel.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646896", "ip": "5.188.86.28", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "047b9dad5f27c79713bdb5b1c3318187c053b315d39d6c8eb7587711d7b21499", "x86_sha256": "a9a9f1094b337650b04d533c0ee8c1482c7e1370008212ae0ff4c164fbaf6e60", "x64_sha1": "04278811cb09389a1e52adc8f7a64f990fc0f95b", "x86_sha1": "52a2bed045ac0741ae9e32c7f069beb8b8ce1a5f", "x64_uri_queried": "/bJJg", "x86_uri_queried": "/pJ9i", "x64_md5": "e63ad8b82d6263f3d3260976548ef913", "x86_md5": "b5c7f7e14360748a3ed2194d2ef15b5a", "x64_time": 1713646875132.2, "x86_time": 1713646863028.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 64979, "x86_polling": 64979, "x64_jitter": 41, "x86_jitter": 41, "x64_c2_server": "qw.scsvcreg.com,/lu,as.scsvcreg.com,/eo,zx.scsvcreg.com,/tab_shop_active", "x86_c2_server": "qw.scsvcreg.com,/tab_shop_active,as.scsvcreg.com,/eo,zx.scsvcreg.com,/tab_shop_active", "x64_c2_host": "qw.scsvcreg.com", "x86_c2_host": "qw.scsvcreg.com", "x64_c2_path": "/lu", "x86_c2_path": "/tab_shop_active", "x64_spawn_to_x86": "%windir%\\syswow64\\runonce.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\runonce.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\runonce.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\runonce.exe", "x64_watermark": 1580103824, "x86_watermark": 1580103824, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/Content", "x86_http_method_path_2": "/FAQ", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646953", "ip": "117.50.188.167", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "7ac49ee50614def01bc0a3a7a499c8e537dcb33f52d2d7e35736b5bd9b9f2561", "x86_sha256": "d82ea883c07a50d4045d8850a022651e0fda97adcaeda52db215863c543989b5", "x64_sha1": "d87307ca01b8deb8f71fee1851a19659fed3a769", "x86_sha1": "d036df83c666b0ac5629ae4b520a56d87822f94b", "x64_uri_queried": "/WnES", "x86_uri_queried": "/0Yen", "x64_md5": "f8c3d79dc189df4bcd87aaa69d07d984", "x86_md5": "55f9b0b50178381677bf8b98173f3f4f", "x64_time": 1713646925324.2, "x86_time": 1713646906669.9, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "117.50.188.167,/load", "x86_c2_server": "117.50.188.167,/ga.js", "x64_c2_host": "117.50.188.167", "x86_c2_host": "117.50.188.167", "x64_c2_path": "/load", "x86_c2_path": "/ga.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "Host: 117.50.188.167\r\n", "x86_c2_host_header": "Host: 117.50.188.167\r\n", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646994", "ip": "43.138.150.136", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "9366c2a7cf47da626386c9476ef528cfa962b798d136ad702d3cf77bf1d56c09", "x86_sha256": "61e9f69b6c4d30dd9607e2db35faf8dd5881835bee82fc79181e6e352c13e944", "x64_sha1": "3f5ad47929bf4e9113d775d5c4b0127c75a01820", "x86_sha1": "6ad178c4b29e7cca8172e6f2fd164dd312e8c047", "x64_uri_queried": "/Kq1p", "x86_uri_queried": "/iMZL", "x64_md5": "410e75975d97e88df1968fb549d13bc0", "x86_md5": "84d2c3125089d58e93eae391ac666b2d", "x64_time": 1713646977580.4, "x86_time": 1713646964620.3, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "192.168.0.104,/fwlink", "x86_c2_server": "192.168.0.104,/IE9CompatViewList.xml", "x64_c2_host": "192.168.0.104", "x86_c2_host": "192.168.0.104", "x64_c2_path": "/fwlink", "x86_c2_path": "/IE9CompatViewList.xml", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647032", "ip": "49.232.208.22", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "7f40b5a253d0dedd81faf668771ffe8d5ec737d45e645e4301ac378269fe45f3", "x86_sha256": "6721f98352d7650bfd2ec2135e253f711e58a8a2ddb3cc37b67fb0947765c97a", "x64_sha1": "4797af8b3cf47f22023cf46d46291fb42c095865", "x86_sha1": "5524a36a0f1c6c4c00d19cc93bfee43b723ded8e", "x64_uri_queried": "/pGPV", "x86_uri_queried": "/KifB", "x64_md5": "1e27a7a4a9dc1dca0f6fbfcaf4103bb8", "x86_md5": "c25d33bcba17d91555cd94e602d0d587", "x64_time": 1713647015830.0, "x86_time": 1713647001230.8, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "49.232.208.22,/fwlink", "x86_c2_server": "49.232.208.22,/cx", "x64_c2_host": "49.232.208.22", "x86_c2_host": "49.232.208.22", "x64_c2_path": "/fwlink", "x86_c2_path": "/cx", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)", "x86_user_agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647108", "ip": "175.27.162.205", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "c42506313fd0d899e3756202e855b8c157017232ddc8e84440da8e8666e42c42", "x86_sha256": "30a0e2e5a37070ef327f41551eaff0e6e21d81dfe02a55843bec145547f342f0", "x64_sha1": "30a6c3683d5b9130eef701d93786f7d9dc5a84a8", "x86_sha1": "0ee0d64d4bb05fa1acbed57e4b0b1d48f0e5bfbb", "x64_uri_queried": "/ZILn", "x86_uri_queried": "/DFjh", "x64_md5": "f5e9eba91f8bb95d230a265332fe029f", "x86_md5": "1d88d09a1f7763729f2c85ef10df70d2", "x64_time": 1713647087827.2, "x86_time": 1713647051446.5, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "175.27.162.205,/activity", "x86_c2_server": "175.27.162.205,/ca", "x64_c2_host": "175.27.162.205", "x86_c2_host": "175.27.162.205", "x64_c2_path": "/activity", "x86_c2_path": "/ca", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647180", "ip": "194.165.16.55", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "86f5f431e2b8a675e612e3f8f23773dcc254420db928aff020508b754392cb4c", "x86_sha256": "45f8901cc6fa4665395554e023657a5dee51911baede2452d59ce18346b4883a", "x64_sha1": "6f0aa3b710977712e07e4d5b305fbb1d851afc9a", "x86_sha1": "a0fb96f6738f2a223d0754ae49fea4f7a0c92e47", "x64_uri_queried": "/wI8e", "x86_uri_queried": "/8sAp", "x64_md5": "3f334e2b83e6f29b5d12a7ce6fbc9057", "x86_md5": "3d91e7acb95085321bc1bae50159ee9d", "x64_time": 1713647166388.0, "x86_time": 1713647125598.6, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 5, "x86_jitter": 5, "x64_c2_server": "194.165.16.55,/Understand/v2.61/RYLQUPM8LL,security-socks777.com,/Understand/v2.61/RYLQUPM8LL,security-socks.expert,/Understand/v2.61/RYLQUPM8LL", "x86_c2_server": "194.165.16.55,/Understand/v2.61/RYLQUPM8LL,security-socks777.com,/Understand/v2.61/RYLQUPM8LL,security-socks.expert,/Understand/v2.61/RYLQUPM8LL", "x64_c2_host": "194.165.16.55", "x86_c2_host": "194.165.16.55", "x64_c2_path": "/Understand/v2.61/RYLQUPM8LL", "x86_c2_path": "/Understand/v2.61/RYLQUPM8LL", "x64_spawn_to_x86": "%windir%\\syswow64\\grpconv.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\grpconv.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\Locator.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\Locator.exe", "x64_watermark": 674054486, "x86_watermark": 674054486, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/compare/r/OIH86DWX3N", "x86_http_method_path_2": "/compare/r/OIH86DWX3N", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 2, "x86_year": 2, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647223", "ip": "8.220.200.34", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "446b3a674ed932d4e835290c0dcddae47f05cba8570735051e22f3e7429d94e1", "x86_sha256": "9ed475095132e32e2dec117dc61008d525a46499fa5b3efbc74343d0f8d91ca8", "x64_sha1": "fc6b9ef321c651781976811d08d28a8e09bcc842", "x86_sha1": "eeeab6adcdb5b82244d72dc9c5a4286c8783ebc4", "x64_uri_queried": "/nXd3", "x86_uri_queried": "/98tw", "x64_md5": "380878c6332719a7c3759a197a7da557", "x86_md5": "349eb95f3a571e749c1a3e961000296f", "x64_time": 1713647203145.8, "x86_time": 1713647186838.0, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 35000, "x86_polling": 35000, "x64_jitter": 37, "x86_jitter": 37, "x64_c2_server": "8.220.200.34,/jquery-3.3.1.min.js", "x86_c2_server": "8.220.200.34,/jquery-3.3.1.min.js", "x64_c2_host": "8.220.200.34", "x86_c2_host": "8.220.200.34", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647273", "ip": "121.36.255.43", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "fe71e5492e8582863477ea0c3c8ea4819320ece74e933a78c33366b0d14ab825", "x86_sha256": "84dc2244ad4e542da872e41878f9badca851f86bff666a466f85aef99818e751", "x64_sha1": "496af291e6f996dbcb3e9fb4d40e06988aaede8b", "x86_sha1": "a130550e6403f150f35230461b86fd474b7c99d7", "x64_uri_queried": "/PgdB", "x86_uri_queried": "/2Oqj", "x64_md5": "cc50f6898ceb1def5c4bd913940ca17a", "x86_md5": "d2bc718db9845df9a6e24df7a062f8db", "x64_time": 1713647248175.9, "x86_time": 1713647232967.9, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 3000, "x86_polling": 3000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "121.36.255.43,/www/handle/doc", "x86_c2_server": "121.36.255.43,/www/handle/doc", "x64_c2_host": "121.36.255.43", "x86_c2_host": "121.36.255.43", "x64_c2_path": "/www/handle/doc", "x86_c2_path": "/www/handle/doc", "x64_spawn_to_x86": "c:\\windows\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "c:\\windows\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "c:\\windows\\system32\\rundll32.exe", "x86_spawn_to_x64": "c:\\windows\\system32\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/IMXo", "x86_http_method_path_2": "/IMXo", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647302", "ip": "38.34.166.53", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "565bfd0de41edc52611d60fcb9739c9ef6116f4ddf9e01535cbd7dffc5221652", "x86_sha256": "f71af2694bdc0bb388e2494d983b0e356eeaf6e6a2114644ed1c1b85fbdea573", "x64_sha1": "cb4c45914e870b17b15028c9cb5040bfadcbe479", "x86_sha1": "0bb1c8b06e7a9613d4ea56a433eda3b9abbd5412", "x64_uri_queried": "/yf5I", "x86_uri_queried": "/3ydL", "x64_md5": "940aad0b52e8c2b91b64a4e7dcf0fecc", "x86_md5": "7f81451ca32d07ee1dcc855449a5d4fa", "x64_time": 1713647285430.2, "x86_time": 1713647276485.5, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 45000, "x86_polling": 45000, "x64_jitter": 37, "x86_jitter": 37, "x64_c2_server": "38.34.166.53,/jquery-3.3.1.min.js", "x86_c2_server": "38.34.166.53,/jquery-3.3.1.min.js", "x64_c2_host": "38.34.166.53", "x86_c2_host": "38.34.166.53", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647348", "ip": "43.153.222.28", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "7df3d10f2599eb47bf5bac720ccfb5505cdb93fc061b2ae40f1f6450dfd7e992", "x86_sha256": "5cf91aeb8a0670be2740b405bca559a59aca1e84bd3dec7b6c54afb717518dab", "x64_sha1": "2a3673586648c8cbbff12c0a23cc13526c1d8ed7", "x86_sha1": "64ff4ee73dd970b945779f45ffda1710e1bae84a", "x64_uri_queried": "/oj7M", "x86_uri_queried": "/YQJh", "x64_md5": "11cf3623a4a0a4d188d2b0b8391cde9f", "x86_md5": "d17ab93a6850be7ff582d1260351b5a4", "x64_time": 1713647326235.9, "x86_time": 1713647314864.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "43.153.222.28,/ca", "x86_c2_server": "43.153.222.28,/match", "x64_c2_host": "43.153.222.28", "x86_c2_host": "43.153.222.28", "x64_c2_path": "/ca", "x86_c2_path": "/match", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 100000, "x86_watermark": 100000, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647393", "ip": "80.66.75.53", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "56cd992870e82cdcec697bcb55569bc45b70bd9cb8de3b4e3ca95f5154b2aaf9", "x86_sha256": "37682ce4a17dd0ffb9f95598f18e79b0b89eaa2419c0d2e9c8a472297711be0f", "x64_sha1": "43e712999eb2f975f3e267f0ee9a2cbbbdaa29c1", "x86_sha1": "174a03233c9830fa26b5900e87c0f9c4a2c4328f", "x64_uri_queried": "/FDbq", "x86_uri_queried": "/ye1M", "x64_md5": "85534467cf6f6e64a7dc3bd1ecb60f35", "x86_md5": "5dd9c8b52af1a10f0d6a54e8685ec4ef", "x64_time": 1713647375416.5, "x86_time": 1713647361052.2, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 56000, "x86_polling": 56000, "x64_jitter": 36, "x86_jitter": 36, "x64_c2_server": "facelove.life,/functionalStatus/0CMp4E8sk1rGRjHC2NcNQf2u", "x86_c2_server": "facelove.life,/functionalStatus/0CMp4E8sk1rGRjHC2NcNQf2u", "x64_c2_host": "facelove.life", "x86_c2_host": "facelove.life", "x64_c2_path": "/functionalStatus/0CMp4E8sk1rGRjHC2NcNQf2u", "x86_c2_path": "/functionalStatus/0CMp4E8sk1rGRjHC2NcNQf2u", "x64_spawn_to_x86": "%windir%\\syswow64\\choice.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\choice.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\choice.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\choice.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/rest/2/meetings0CMp4E8sk1rGRjHC2NcNQf2u", "x86_http_method_path_2": "/rest/2/meetings0CMp4E8sk1rGRjHC2NcNQf2u", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "GET", "x86_method_2": "GET", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647439", "ip": "111.230.30.197", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "889b71beeb13e7d4f98554527953da161f061d86b2fd8d4617bb6949539c2eeb", "x86_sha256": "855d016b183d3183cea42f3a402c5942d140216844d1b7926717e782b10a91b9", "x64_sha1": "cdde49f5174610fc5f670b2ff81af6f5ccb9e8fa", "x86_sha1": "5ab5a7f709b08a1a954b8fc3f56a0ddd0c0ec990", "x64_uri_queried": "/uKTI", "x86_uri_queried": "/ZEXe", "x64_md5": "c5b357178e6b496e922d20e7bac1553d", "x86_md5": "e597d22ecbf8168347901db87eac0e7e", "x64_time": 1713647417268.6, "x86_time": 1713647399749.5, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 1000, "x86_polling": 1000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "service-1scv7ngm-1318428097.gz.apigw.tencentcs.com,/api/user", "x86_c2_server": "service-1scv7ngm-1318428097.gz.apigw.tencentcs.com,/api/user", "x64_c2_host": "service-1scv7ngm-1318428097.gz.apigw.tencentcs.com", "x86_c2_host": "service-1scv7ngm-1318428097.gz.apigw.tencentcs.com", "x64_c2_path": "/api/user", "x86_c2_path": "/api/user", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/api/login", "x86_http_method_path_2": "/api/login", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647472", "ip": "8.212.44.149", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "7d64ca0621a659619c0467b17f106cc26b6349db85433a92106870d54d16e9af", "x86_sha256": "5223020b4c8545fa675b229153ffcc647e91b43796e2e8c4a759a4dc0fd623a6", "x64_sha1": "1f94fc17a4896be19989142813380d11fb79a285", "x86_sha1": "62a5851fb08fd6fb7d7527d1ca93135e07833ed7", "x64_uri_queried": "/MLNv", "x86_uri_queried": "/yk7A", "x64_md5": "e5b8d1b21412aaa968a9f06319e234a3", "x86_md5": "eeb45ee1d18e6e67b22d4b2cc44dc5f3", "x64_time": 1713647454483.3, "x86_time": 1713647442674.2, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 100, "x86_polling": 100, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "js.msedgeupdate.com,/cm", "x86_c2_server": "js.msedgeupdate.com,/visit.js", "x64_c2_host": "js.msedgeupdate.com", "x86_c2_host": "js.msedgeupdate.com", "x64_c2_path": "/cm", "x86_c2_path": "/visit.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 0, "x86_watermark": 0, "x64_c2_host_header": null, "x86_c2_host_header": null, "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MALC)", "x86_user_agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647534", "ip": "118.25.173.86", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "47eab1b6b9f8e0b6afa667c1ed0e99576b26882f1910cdc4f4719d178fd071b2", "x86_sha256": "f6706343c35c7485646aa1785eae4afaec4deb12294ffc2ad5ce587f91cf4e1b", "x64_sha1": "5ae4df1b1430f4710eaffa45aed842478e8275d4", "x86_sha1": "c34a4d8f517d02af141ff9f67436e84031d44588", "x64_uri_queried": "/PSgS", "x86_uri_queried": "/H0uo", "x64_md5": "cfd0163f0e739aff4ca874419ccf432b", "x86_md5": "5232c1e682651a93d03d41b8dd67c968", "x64_time": 1713647513290.3, "x86_time": 1713647495008.2, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 14372, "x86_polling": 14372, "x64_jitter": 50, "x86_jitter": 50, "x64_c2_server": "118.25.173.86,/jquery-3.3.1.min.js", "x86_c2_server": "118.25.173.86,/jquery-3.3.1.min.js", "x64_c2_host": "118.25.173.86", "x86_c2_host": "118.25.173.86", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dtdump.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dtdump.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dtdump.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dtdump.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647586", "ip": "42.51.45.241", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "9a32a1920f1938f5e1a8df2777bceceba8a3fb99b1e478cdea388d77875dcdde", "x86_sha256": "16f4bc3966feb9d54a35cf675814b3361989772075bebbebaba25668b8028dac", "x64_sha1": "965c15754f7f1f19df1c54823d523427a75a73f0", "x86_sha1": "ad4d1e403662ef9f91dbf23606d2f41a34c03ccb", "x64_uri_queried": "/waDA", "x86_uri_queried": "/hBqA", "x64_md5": "468b5c1eace72f9f6ad304a457192528", "x86_md5": "10937eeebd1c8a3a2bf6e6b8bf351428", "x64_time": 1713647570569.3, "x86_time": 1713647561956.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "42.51.45.241,/ca", "x86_c2_server": "42.51.45.241,/pixel", "x64_c2_host": "42.51.45.241", "x86_c2_host": "42.51.45.241", "x64_c2_path": "/ca", "x86_c2_path": "/pixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647617", "ip": "88.214.27.80", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "8397fd077026b1196b97e3fa70fe7c8600f640a872de682ea382ab397d57d32b", "x86_sha256": "067633910fe1fcb639d396bf080a366d6fd361337b67bb3a2751138779299d09", "x64_sha1": "bcc6baa560eeffa6384426694278e89fc73e9557", "x86_sha1": "ee77fd8b255e55f4cb2f8a8eb3e26e3118b08854", "x64_uri_queried": "/PfWP", "x86_uri_queried": "/eaIM", "x64_md5": "7b8da7b97b17cbaa35892bd8751001d3", "x86_md5": "c85b656b5cfc7c195c3aa0fabebfe16b", "x64_time": 1713647602423.2, "x86_time": 1713647591362.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 20, "x86_jitter": 20, "x64_c2_server": "88.214.27.80,/preload", "x86_c2_server": "88.214.27.80,/preload", "x64_c2_host": "88.214.27.80", "x86_c2_host": "88.214.27.80", "x64_c2_path": "/preload", "x86_c2_path": "/preload", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1580103824, "x86_watermark": 1580103824, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/sa", "x86_http_method_path_2": "/sa", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "GET", "x86_method_2": "GET", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647657", "ip": "59.110.239.104", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "d952d77cca5569776515385df7b081ebbb2f53fd890c27251a2c3b91395121b0", "x86_sha256": "9828fec9087f9ec82afb4903dc9cbfff26b188fd506f9f08a13fb7a8792c608b", "x64_sha1": "e25f35e7311f2534da781de78ad757c0768b683d", "x86_sha1": "0381645ba553bd2bc0d0836cb750b5373fa04700", "x64_uri_queried": "/Yq9Z", "x86_uri_queried": "/mgU3", "x64_md5": "1b0d274ed6e886724973bf17b1fa3d00", "x86_md5": "e693ab98554778c6fbc77abb59f00fae", "x64_time": 1713647636017.9, "x86_time": 1713647620642.7, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "59.110.239.104,/j.ad", "x86_c2_server": "59.110.239.104,/cx", "x64_c2_host": "59.110.239.104", "x86_c2_host": "59.110.239.104", "x64_c2_path": "/j.ad", "x86_c2_path": "/cx", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647695", "ip": "119.91.20.97", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "9181ba0997814ad36f38a8c853cbae064b33c74ffdc60429e3ef0cbf86b29107", "x86_sha256": "7a557b2604e69e45fe190ab6e2d070b9338af7799a85f4a74ae7a31c28306b87", "x64_sha1": "f9748bcfcc7a09350dc7948c1e2feb75d8183a3b", "x86_sha1": "93d2d7d752ec3d5e6909c03c930b770ddb1a54ae", "x64_uri_queried": "/Ur2d", "x86_uri_queried": "/AatF", "x64_md5": "0b0467b828ef7a8a70ff5a4120ad09e3", "x86_md5": "abcccc09b2f8625b20f0bcc4d3e03800", "x64_time": 1713647680110.3, "x86_time": 1713647668452.5, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "119.91.20.97,/ga.js", "x86_c2_server": "119.91.20.97,/ca", "x64_c2_host": "119.91.20.97", "x86_c2_host": "119.91.20.97", "x64_c2_path": "/ga.js", "x86_c2_path": "/ca", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647738", "ip": "47.206.167.222", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "5ce5f8cc3a85447263533597d3f2f3aaebc55b71cc5b67d607dd0cdbd98903de", "x86_sha256": "4f5ea4d0df65c6aa089a3973c339b97dffb7c5d88ba6581829851022c40301e2", "x64_sha1": "261abcf744c8144fcd6b2bbb2a346bd28b9762bc", "x86_sha1": "38ad4956a88b5fa52598f2a4a14864a7aac52577", "x64_uri_queried": "/If4z", "x86_uri_queried": "/YWs9", "x64_md5": "b3f41f9cce4d52902eb577f0057b494b", "x86_md5": "080002b6af340a70928b9e46a79138cb", "x64_time": 1713647718211.2, "x86_time": 1713647703819.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.206.167.222,/visit.js", "x86_c2_server": "47.206.167.222,/g.pixel", "x64_c2_host": "47.206.167.222", "x86_c2_host": "47.206.167.222", "x64_c2_path": "/visit.js", "x86_c2_path": "/g.pixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 813052375, "x86_watermark": 813052375, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647796", "ip": "47.94.120.34", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "d1f53b68508f7c1dfd41cc97cd3b916fc6be309159993be07dff30dda65eeef5", "x86_sha256": "762edf3da494ebc04748e58d243820d86ab77d8683ce62890c8a5d0ddaac500a", "x64_sha1": "38241c9e2e0037a2056d9a0296d0112490a5255f", "x86_sha1": "371b1785537209e4b4d4d11b11f8a2d4cd13b357", "x64_uri_queried": "/gHmA", "x86_uri_queried": "/Xeg8", "x64_md5": "ee7ce1087847ebd12034fc261ae92c92", "x86_md5": "c8a151bdcd66596db79c949000436dea", "x64_time": 1713647773116.1, "x86_time": 1713647756398.9, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.94.120.34,/dot.gif", "x86_c2_server": "47.94.120.34,/pixel", "x64_c2_host": "47.94.120.34", "x86_c2_host": "47.94.120.34", "x64_c2_path": "/dot.gif", "x86_c2_path": "/pixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647895", "ip": "1.15.248.225", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "d495da8df0dceba4abad49368fb27a3bacc20da477e7a3fcb1a225be1d9e364b", "x86_sha256": "deecc221489bda9579e613e017c84602cfa1b0e1b27bdd6ea43a00b752ede974", "x64_sha1": "136c16b792db861ef014092e78e49c34d18f95bf", "x86_sha1": "6fd44ae5bd2a07b8d20872b50e026d008a4f740b", "x64_uri_queried": "/Rm3k", "x86_uri_queried": "/nMj7", "x64_md5": "77af83dac89faa0bcaee94c1a908de10", "x86_md5": "006761bfa163d7f656a4ac4c2e0f35c9", "x64_time": 1713647881510.5, "x86_time": 1713647863539.2, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "1.15.248.225,/updates.rss", "x86_c2_server": "1.15.248.225,/__utm.gif", "x64_c2_host": "1.15.248.225", "x86_c2_host": "1.15.248.225", "x64_c2_path": "/updates.rss", "x86_c2_path": "/__utm.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647923", "ip": "4.158.105.167", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "6ba2aea7920ff3d9dceb0d9140983da939145da3d74a4b49407b105396a6d4a6", "x86_sha256": "b917be8aa1055e84673a654a0fbb5264ae323f48f0f6e491b7bd8e77a8e1bc1d", "x64_sha1": "6b485249ab23fb16dbe6cdf261ced2917626eac2", "x86_sha1": "162a04753d7494097f916d8f7ed521a64f0192fe", "x64_uri_queried": "/acVC", "x86_uri_queried": "/rhAA", "x64_md5": "309fe878426172b2e2052b306af85cc4", "x86_md5": "787f14349f13c739787fbf5552685c9c", "x64_time": 1713647907647.4, "x86_time": 1713647896714.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 31520, "x86_polling": 31520, "x64_jitter": 25, "x86_jitter": 25, "x64_c2_server": "d9msk9dy9tbnk.cloudfront.net,/jquery-2.8.4.min.js", "x86_c2_server": "d9msk9dy9tbnk.cloudfront.net,/jquery-2.8.4.min.js", "x64_c2_host": "d9msk9dy9tbnk.cloudfront.net", "x86_c2_host": "d9msk9dy9tbnk.cloudfront.net", "x64_c2_path": "/jquery-2.8.4.min.js", "x86_c2_path": "/jquery-2.8.4.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x64_watermark": 1629378311, "x86_watermark": 1629378311, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.4.min.js", "x86_http_method_path_2": "/jquery-3.3.4.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648352", "ip": "172.234.250.226", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "365dc99e50836ea128bf09c0190dab2d0834cb872e6356a7d0cbc1dfc5bf2d8a", "x86_sha256": "b32a7bc79786cae80e6d7f0d164bfe1a1ee780c0fc297b20ca7f1d4e3eec3900", "x64_sha1": "8dd4bb2684cefd4df5e639dd84272d2e7e5cadad", "x86_sha1": "76dbbbfed69dcc45da2d9a47545e8c2d553d3a27", "x64_uri_queried": "/KJwQ", "x86_uri_queried": "/UBZk", "x64_md5": "f31efe963227a84f05d6869d40542f63", "x86_md5": "79600330742cf7b6e021b6bd05aa71e7", "x64_time": 1713648343360.2, "x86_time": 1713648336682.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "172.234.250.226,/j.ad", "x86_c2_server": "172.234.250.226,/g.pixel", "x64_c2_host": "172.234.250.226", "x86_c2_host": "172.234.250.226", "x64_c2_path": "/j.ad", "x86_c2_path": "/g.pixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648386", "ip": "35.229.251.245", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "572660624e36564dea1103e36bd8e457c55d0b80b5633d54ce62a15b3907af69", "x86_sha256": "15f752d413f99001280c1085d4e1a8187c4cf6dfa58ff8dab8134af2d9d61528", "x64_sha1": "023a204016b284db426fa98861460a9ea1a23d6c", "x86_sha1": "65f8bb3281feab3b57d558ff867796bfcdc1380a", "x64_uri_queried": "/eVVL", "x86_uri_queried": "/NWQf", "x64_md5": "6b36159a17f83974f98d8961f0afa361", "x86_md5": "d23cbad6a6aeb4b0a13d8144a664129c", "x64_time": 1713648376585.4, "x86_time": 1713648370078.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "35.229.251.245,/cx", "x86_c2_server": "35.229.251.245,/match", "x64_c2_host": "35.229.251.245", "x86_c2_host": "35.229.251.245", "x64_c2_path": "/cx", "x86_c2_path": "/match", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648406", "ip": "47.92.200.141", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "8c6f0e0bb50e0906fa4bf7ec08e5be3bbcabdd47b2ed3e9a50df90d7bb0b0554", "x86_sha256": "30f092c30362343be5f37ab247d83155ac16347f59cf75d523a8926321bea5dd", "x64_sha1": "10563fa0fb6b653c6106d7505004a2b62fa1ef15", "x86_sha1": "2cfb070d20fd462e347c075875ff23364ad966c2", "x64_uri_queried": "/5tcQ", "x86_uri_queried": "/lCy4", "x64_md5": "aa5eda8842f2b0fb82990eaf3eadfb38", "x86_md5": "a91d567a8e806c49a644fa0fcb8959ca", "x64_time": 1713648397564.8, "x86_time": 1713648389373.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.92.200.141,/fwlink", "x86_c2_server": "47.92.200.141,/pixel.gif", "x64_c2_host": "47.92.200.141", "x86_c2_host": "47.92.200.141", "x64_c2_path": "/fwlink", "x86_c2_path": "/pixel.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648436", "ip": "172.247.44.182", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "3ce4b8a2665227e9ccd63570c8770608c4ded36c3e5f95f6b06685c86ddf80d6", "x86_sha256": "b88dcbcbab4157f2c96b9d36be6dd8267850ff15ac6a386f296ade24e469fd18", "x64_sha1": "8513381352afeeb429c2ec0330ad87ad7f7e3a12", "x86_sha1": "ab5e9b821d8e3719ed26be1a874950d01d056015", "x64_uri_queried": "/IRiY", "x86_uri_queried": "/Wl0i", "x64_md5": "31c9f298a855fb2a00d23b342c790cb9", "x86_md5": "e3b48acf05bcad442fbeb46095aa6154", "x64_time": 1713648420851.6, "x86_time": 1713648408107.8, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "172.247.44.182,/j.ad", "x86_c2_server": "172.247.44.182,/updates.rss", "x64_c2_host": "172.247.44.182", "x86_c2_host": "172.247.44.182", "x64_c2_path": "/j.ad", "x86_c2_path": "/updates.rss", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648463", "ip": "8.130.30.60", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "aa7b8955ad314170f1c794311aae5bc39635c278131e5ed00bd07ca9e8cdaf83", "x86_sha256": "53c36e5892327157cb24ebd71cc82f8eb86258017794e33b30b1bfc22c473fc6", "x64_sha1": "c341aee034fc6e5f7c44d4f797bcbe64974da90f", "x86_sha1": "91571458abe89be345ce03cfdf674ae8bb6674ca", "x64_uri_queried": "/GWxG", "x86_uri_queried": "/gWSK", "x64_md5": "3dac27749bd8e16266fbce6152a4ca5a", "x86_md5": "fe273c88b8f703a5925068e94f21bb75", "x64_time": 1713648451710.5, "x86_time": 1713648444709.3, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "8.130.30.60,/pixel", "x86_c2_server": "8.130.30.60,/cx", "x64_c2_host": "8.130.30.60", "x86_c2_host": "8.130.30.60", "x64_c2_path": "/pixel", "x86_c2_path": "/cx", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648704", "ip": "106.54.209.36", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "c3c6afe86d907f17eb8a03c55b3136709ebf68a63bb6302867682d68e38c285c", "x86_sha256": "61990102c758afc62d896e36099f9b1fe579d43f6b8a001bee1543874026481f", "x64_sha1": "277017a4ff224f0811f9961a7562da7268e8e2ea", "x86_sha1": "517d4f89f014e4ab7249898ae9907bce5a23bcc0", "x64_uri_queried": "/6Oio", "x86_uri_queried": "/euN4", "x64_md5": "d53c89fda6edd94869e9ff945cdff1e9", "x86_md5": "9f2cfea6338a9bfc0f3ba6a4d7ba094f", "x64_time": 1713648688402.3, "x86_time": 1713648678221.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "106.54.209.36,/__utm.gif", "x86_c2_server": "106.54.209.36,/cx", "x64_c2_host": "106.54.209.36", "x86_c2_host": "106.54.209.36", "x64_c2_path": "/__utm.gif", "x86_c2_path": "/cx", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648749", "ip": "43.138.208.188", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "579de71139c38e23ab2323dbf7a6d0e8f07d0b1583fa5f7c094e3d3af28b155e", "x86_sha256": "466e4087f71e210a134dea32edb53938ede0347045db381f2e63f691c297b6c2", "x64_sha1": "0c7b851e617f2b16f1f0699cdefa28c39668afba", "x86_sha1": "4e1ff656bb0040df29c01432fe8f4e5750d06fb4", "x64_uri_queried": "/8YRz", "x86_uri_queried": "/vHj4", "x64_md5": "dc0fd85f6b58ee51fcc35d1a97e6622f", "x86_md5": "855945014650630899a4e6f3db582001", "x64_time": 1713648734075.1, "x86_time": 1713648723623.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 115358, "x86_polling": 115358, "x64_jitter": 39, "x86_jitter": 39, "x64_c2_server": "43.138.208.188,/Fabricate/state/RH3KW9XU", "x86_c2_server": "43.138.208.188,/Fabricate/state/RH3KW9XU", "x64_c2_host": "43.138.208.188", "x86_c2_host": "43.138.208.188", "x64_c2_path": "/Fabricate/state/RH3KW9XU", "x86_c2_path": "/Fabricate/state/RH3KW9XU", "x64_spawn_to_x86": "%windir%\\syswow64\\dns-sd.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dns-sd.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\Locator.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\Locator.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/explode/v6.82/4P15FQP3EYW3", "x86_http_method_path_2": "/explode/v6.82/4P15FQP3EYW3", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646649", "ip": "103.191.15.10", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "db1a9d5e501e7d347c467d0a52cc228a2db27595ac5d83c30364d4f9db25f760", "x86_sha256": "02e44dc8ec07863ae53e366c44c6aa3786180dc6d17cdb48c5eb1a0815465290", "x64_sha1": "f4feace7a6c11085e75eaba8414b348f477fd033", "x86_sha1": "254a620231111ecf7effc294ed83f1a655776625", "x64_uri_queried": "/4oyA", "x86_uri_queried": "/fvK5", "x64_md5": "32157cc44e7d27a31b7dcaf3922a855a", "x86_md5": "0743f0a814443ae35181f09791de753c", "x64_time": 1713646637825.7, "x86_time": 1713646636110.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": null, "x64_port": 80, "x86_port": null, "x64_polling": 60000, "x86_polling": null, "x64_jitter": 0, "x86_jitter": null, "x64_c2_server": "103.191.15.10,/en_US/all.js", "x86_c2_server": null, "x64_c2_host": "103.191.15.10", "x86_c2_host": null, "x64_c2_path": "/en_US/all.js", "x86_c2_path": null, "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": null, "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": null, "x64_watermark": 1537469529, "x86_watermark": null, "x64_c2_host_header": "", "x86_c2_host_header": null, "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": null, "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": null, "x64_method_2": "POST", "x86_method_2": null, "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646699", "ip": "82.157.154.247", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "97a70da480230c8fa713ef84b128dd554bc17fe3884e48881590e09d14320423", "x86_sha256": "8e55a04cdc0204ba66d7fdd46bf4545158f29b941e04c23db8d5919987f7754b", "x64_sha1": "65fc28c605275dfeca29ba212e32e3163d9b4366", "x86_sha1": "8917f07c1bb9da70af3dc890502ffbac7b25fa5c", "x64_uri_queried": "/ro0L", "x86_uri_queried": "/Hd6z", "x64_md5": "9532ab2499ca972e143c4c0cdf7bf06b", "x86_md5": "9b42f0876614c72a40d6389563b2951f", "x64_time": 1713646676404.3, "x86_time": 1713646659568.5, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "82.157.154.247,/pixel", "x86_c2_server": "82.157.154.247,/updates.rss", "x64_c2_host": "82.157.154.247", "x86_c2_host": "82.157.154.247", "x64_c2_path": "/pixel", "x86_c2_path": "/updates.rss", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646742", "ip": "101.43.103.253", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "6a9727f07cab35f279880b0e19fe83fc1c837c3efc96d2ebc20a3eae938562d9", "x86_sha256": "73036c1b6ab87de8ad950ce7586b42d05556fa7d8d5f2e1122ab993905971509", "x64_sha1": "2223b92752706874ae843d198fd055b2bc4e2e16", "x86_sha1": "c2dbcf53711dc85db6aab1251cb2992524985e6c", "x64_uri_queried": "/l1tL", "x86_uri_queried": "/ArSV", "x64_md5": "a2852fe65c2dfde9ebd08cf8a9d0e4d8", "x86_md5": "6df83f383b05c2d948d70a15f82afa06", "x64_time": 1713646723396.0, "x86_time": 1713646706172.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "10.0.16.15,/activity", "x86_c2_server": "10.0.16.15,/push", "x64_c2_host": "10.0.16.15", "x86_c2_host": "10.0.16.15", "x64_c2_path": "/activity", "x86_c2_path": "/push", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646830", "ip": "5.188.86.215", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "eb02833725c19fd3cf36bf678c6c3cb2cc56ed74e25899615dc0a7bce0baadfa", "x86_sha256": "63c201338ab5b57b2e1faa350addc0029a531fc1f6cc927d49a95f554f074d81", "x64_sha1": "c231166722960a7c5d3037dc5519a2e7865b9217", "x86_sha1": "59d5819daeccd9225a677aaf1cd8bb605f4a109e", "x64_uri_queried": "/VLlO", "x86_uri_queried": "/OhBc", "x64_md5": "86518b532089a808ea446183fc2573c6", "x86_md5": "f376bd6f83af1794b44d5f1e8c7121b5", "x64_time": 1713646808362.2, "x86_time": 1713646762796.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 43, "x86_jitter": 43, "x64_c2_server": "86.106.20.179,/ab.html", "x86_c2_server": "86.106.20.179,/ab.html", "x64_c2_host": "86.106.20.179", "x86_c2_host": "86.106.20.179", "x64_c2_path": "/ab.html", "x86_c2_path": "/ab.html", "x64_spawn_to_x86": "%windir%\\syswow64\\runonce.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\runonce.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\runonce.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\runonce.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/ki", "x86_http_method_path_2": "/ki", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646875", "ip": "124.222.220.126", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "064d5b9c1faa9ad88866103df22c8af3659bb2fd7b33704cbc0ec798fbc3b794", "x86_sha256": "dfaf52e98cd8f61804da778dbbfc8b2526c1900be42d57fdc5b1518a4d820710", "x64_sha1": "207ec0db750ffeaba7397c738ee9aa9c55ab6414", "x86_sha1": "f5b9671a433007c3886a234c09156f10258d03fa", "x64_uri_queried": "/5zcK", "x86_uri_queried": "/s6fM", "x64_md5": "04d4605557045f8e57de1407a8aa4a1b", "x86_md5": "d1cbf79965c0414c2044d7a190757b67", "x64_time": 1713646852425.5, "x86_time": 1713646840861.5, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "124.222.220.126,/admin/login", "x86_c2_server": "124.222.220.126,/admin/login", "x64_c2_host": "124.222.220.126", "x86_c2_host": "124.222.220.126", "x64_c2_path": "/admin/login", "x86_c2_path": "/admin/login", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "x86_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "x64_http_method_path_2": "/admin/user", "x86_http_method_path_2": "/admin/user", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646912", "ip": "106.55.181.95", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "8cbf9b8aff435d82d1b4518e632ce4f41f2ac8391f91e9b9958bcc881c28adb2", "x86_sha256": "9c09dad3d78547713d5f9b258a4de8d424bc348f948c601502270776d173cc9d", "x64_sha1": "1aa587c1ae654e34950b7c485045b29384fb9bb6", "x86_sha1": "a4f747409c606fc4aacc8c7b337692c94cdd9d1d", "x64_uri_queried": "/MecH", "x86_uri_queried": "/7zBi", "x64_md5": "c0ec8d7678218d589787c0dba7e79f8f", "x86_md5": "fa2caa9e175c0372a12dc3e95297227e", "x64_time": 1713646892478.1, "x86_time": 1713646881844.3, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "106.55.181.95,/visit.js", "x86_c2_server": "106.55.181.95,/cm", "x64_c2_host": "106.55.181.95", "x86_c2_host": "106.55.181.95", "x64_c2_path": "/visit.js", "x86_c2_path": "/cm", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646949", "ip": "62.234.180.148", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "ce01a9f8b6fb164e9d1a9017418d55bdc3390198cd8c7e16c7c9501d4389ab94", "x86_sha256": "d26908eaecd540d2c28666b891d209298375921e9002ee47da481c0efc0201d4", "x64_sha1": "2aa1de14a13108538487bc011349e871a07875df", "x86_sha1": "8e89168b8d68d145822c5e8315592b1c42697e2e", "x64_uri_queried": "/m5By", "x86_uri_queried": "/s9Cm", "x64_md5": "1eb7265c27113f054a926d64d4739bc3", "x86_md5": "4d60476ed46b5906097e6fbede1569e4", "x64_time": 1713646931113.1, "x86_time": 1713646918200.1, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "62.234.180.148,/ca", "x86_c2_server": "62.234.180.148,/ca", "x64_c2_host": "62.234.180.148", "x86_c2_host": "62.234.180.148", "x64_c2_path": "/ca", "x86_c2_path": "/ca", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)", "x86_user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646992", "ip": "62.204.41.11", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "f314db778baa6479b825e25c23e56153376a305749619b80b47f06006ef65cbd", "x86_sha256": "c1b112c8daeeacb7d676272985dff3ae3ef8ee616f2fb4c7e55c92be3b8e5c76", "x64_sha1": "6e8806b39e1ee7f71177cd3dd7b0c7bb8a9b938a", "x86_sha1": "4f3b8ee8646ebd002577ddf8734f19edb62be64c", "x64_uri_queried": "/4Ven", "x86_uri_queried": "/CHap", "x64_md5": "6c5d144a17d0966317451eaaf3c305d4", "x86_md5": "251f8b9d399bed0921ded6bcbf0581ff", "x64_time": 1713646972049.2, "x86_time": 1713646960758.0, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "62.204.41.11,/pixel", "x86_c2_server": "62.204.41.11,/ga.js", "x64_c2_host": "62.204.41.11", "x86_c2_host": "62.204.41.11", "x64_c2_path": "/pixel", "x86_c2_path": "/ga.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1580103824, "x86_watermark": 1580103824, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647072", "ip": "182.92.79.194", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "69cfa5512efb2e68f7e81f4faf7fa2b24f8419d6b2041beac939d7455e10201f", "x86_sha256": "be5804b67f563773c35c0c89d5099509409fe0fc662e7c0e8b022af04954bd41", "x64_sha1": "6e4251853d4d00396baed3c4dd680eeed53fc61c", "x86_sha1": "f246ead8250f59b2c23f29b162a5a5401b3378a8", "x64_uri_queried": "/TkWG", "x86_uri_queried": "/sNLO", "x64_md5": "b1453ea00a5838dbb7d45aa7d234ef7d", "x86_md5": "1e5e918c26680af78cb0d1f77ae95515", "x64_time": 1713647054222.8, "x86_time": 1713647013805.2, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "182.92.79.194,/dpixel", "x86_c2_server": "182.92.79.194,/match", "x64_c2_host": "182.92.79.194", "x86_c2_host": "182.92.79.194", "x64_c2_path": "/dpixel", "x86_c2_path": "/match", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 666666666, "x86_watermark": 666666666, "x64_c2_host_header": "Host: 182.92.79.194\r\n", "x86_c2_host_header": "Host: 182.92.79.194\r\n", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647151", "ip": "194.165.16.59", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "71133d59762565074fa857e82716589846d1ed1fc3375c4b0739218f2318b21e", "x86_sha256": "65e0b0807996d5e18e0af11c32320dfc8f63f42ee8e3a7c8fc4441b239930772", "x64_sha1": "cac494fee3ec9c181efe7071a53387ba55987c81", "x86_sha1": "6f2ddd8ae5a323bf67b1e4043c0b7a1635591f40", "x64_uri_queried": "/zf6G", "x86_uri_queried": "/UtAR", "x64_md5": "1df1a21fd0d7595083c9bbef9d845fb8", "x86_md5": "d75688dfe3beaa8f9e157b0ba51c80a5", "x64_time": 1713647130927.2, "x86_time": 1713647091917.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 5, "x86_jitter": 5, "x64_c2_server": "Jango-pulse.com,/Validate/v8.18/84LE6PSOHS,blm-wiki.com,/Validate/v8.18/84LE6PSOHS,194.165.16.59,/Validate/v8.18/84LE6PSOHS", "x86_c2_server": "Jango-pulse.com,/Validate/v8.18/84LE6PSOHS,blm-wiki.com,/Validate/v8.18/84LE6PSOHS,194.165.16.59,/Validate/v8.18/84LE6PSOHS", "x64_c2_host": "Jango-pulse.com", "x86_c2_host": "Jango-pulse.com", "x64_c2_path": "/Validate/v8.18/84LE6PSOHS", "x86_c2_path": "/Validate/v8.18/84LE6PSOHS", "x64_spawn_to_x86": "%windir%\\syswow64\\EhStorAuthn.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\EhStorAuthn.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\svchost.exe -k netsvc", "x86_spawn_to_x64": "%windir%\\sysnative\\svchost.exe -k netsvc", "x64_watermark": 674054486, "x86_watermark": 674054486, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/deliver/v10.66/HSMQGGN2O", "x86_http_method_path_2": "/deliver/v10.66/HSMQGGN2O", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 2, "x86_year": 2, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647185", "ip": "112.124.34.225", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "8f87fb627dd6a009d567f37026ff3a0120c2a5e910a5caed1d0f2b7822d24b38", "x86_sha256": "5cecc3cb4f4cc005f5373d52c977d5c485b3a07bc228809e8b6620a2ac68ae29", "x64_sha1": "ebb02c0ac8718519fdaeab5a9f96cad7845da6a4", "x86_sha1": "fb856f3bb38d6d30174b35079387be9411769db6", "x64_uri_queried": "/yLJN", "x86_uri_queried": "/T0vb", "x64_md5": "76df6712c482823c4ffd24a7bf4d0eb9", "x86_md5": "cd4ceae70912f517d82aba97f022d570", "x64_time": 1713647168244.4, "x86_time": 1713647157627.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "112.124.34.225,/dot.gif", "x86_c2_server": "112.124.34.225,/match", "x64_c2_host": "112.124.34.225", "x86_c2_host": "112.124.34.225", "x64_c2_path": "/dot.gif", "x86_c2_path": "/match", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 426352781, "x86_watermark": 426352781, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647229", "ip": "121.43.55.149", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "b67a96afc03469d91c91507f5c59644661ae3504fc31fa38054416553ab6fb5d", "x86_sha256": "6c4aec67b3aa478eeba408c496f1cbf060e7ecc4168c83b111dd7db0066c795a", "x64_sha1": "5fe8cba23f39a8f32bd6e44cb8eb998c80afa2ac", "x86_sha1": "26584408a7cf1fab45f5e274618ac0e2e2cdecda", "x64_uri_queried": "/SpRH", "x86_uri_queried": "/Vfl4", "x64_md5": "83a3c6b10aa6e5ead385d2d6cc4ef980", "x86_md5": "80b9b049c53c93d14c760ca69a84fe70", "x64_time": 1713647209353.3, "x86_time": 1713647195422.3, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 5987, "x86_polling": 5987, "x64_jitter": 50, "x86_jitter": 50, "x64_c2_server": "120.39.197.231,/jquery-3.3.1.min.js,112.28.231.110,/jquery-3.3.1.min.js,61.159.80.241,/jquery-3.3.1.min.js,223.68.136.206,/jquery-3.3.1.min.js,116.211.153.240,/jquery-3.3.1.min.js,121.17.123.105,/jquery-3.3.1.min.js,218.94.206.222,/jquery-3.3.1.min.js", "x86_c2_server": "120.39.197.231,/jquery-3.3.1.min.js,112.28.231.110,/jquery-3.3.1.min.js,61.159.80.241,/jquery-3.3.1.min.js,223.68.136.206,/jquery-3.3.1.min.js,116.211.153.240,/jquery-3.3.1.min.js,121.17.123.105,/jquery-3.3.1.min.js,218.94.206.222,/jquery-3.3.1.min.js", "x64_c2_host": "120.39.197.231", "x86_c2_host": "120.39.197.231", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\svchost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\svchost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\svchost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\svchost.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "Host: takiot.com\r\n", "x86_c2_host_header": "Host: takiot.com\r\n", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647275", "ip": "185.196.10.121", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "a46ce37850d9c750c24a4b43d5b6e41269b9eb861a6b3e74bb10b3227379a74b", "x86_sha256": "1d0aba7fa090f0d39e9f6a5145806bb641c55fa823c4efd010503f70c7a4a741", "x64_sha1": "36ad7bf5589ef9a0a65d06d40ae9af8ebdba1107", "x86_sha1": "e55d80315aba37860497990d1bf3fc16006f4a6a", "x64_uri_queried": "/LccK", "x86_uri_queried": "/vPDR", "x64_md5": "01250fad0460161597cb8077e9658a00", "x86_md5": "4c10af8b4439e402570bfad1fa5590e7", "x64_time": 1713647254161.1, "x86_time": 1713647237547.4, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 37000, "x86_polling": 37000, "x64_jitter": 25, "x86_jitter": 25, "x64_c2_server": "185.196.10.121,/category/research-2/", "x86_c2_server": "185.196.10.121,/discussion/mayo-clinic-radio-als/", "x64_c2_host": "185.196.10.121", "x86_c2_host": "185.196.10.121", "x64_c2_path": "/category/research-2/", "x86_c2_path": "/discussion/mayo-clinic-radio-als/", "x64_spawn_to_x86": "%windir%\\syswow64\\gpupdate.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\gpupdate.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\gpupdate.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\gpupdate.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/secondary-archive/", "x86_http_method_path_2": "/archive/", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "GET", "x86_method_2": "GET", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647317", "ip": "60.204.187.184", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "9a84a2b417493da34caf7dbf33f61960260ac4bc3504874200fdaad926ef47d3", "x86_sha256": "93818296a48196aaefef05b510f9ea39f26e75a0ff10457e2a934d660fa878c6", "x64_sha1": "6d9c4264b6fc09028f4372cb2a7de117bd9e4b1a", "x86_sha1": "9d5241a6344ae2f1c5be506c38ee8e2cf4373730", "x64_uri_queried": "/rC9o", "x86_uri_queried": "/aj8Y", "x64_md5": "0ab32503a520458490db269f737455dc", "x86_md5": "7ea4e68d36f99e3d5fa24376abe8ff5a", "x64_time": 1713647300822.7, "x86_time": 1713647287664.5, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 45000, "x86_polling": 45000, "x64_jitter": 37, "x86_jitter": 37, "x64_c2_server": "60.204.187.184,/jquery-3.3.1.min.js", "x86_c2_server": "60.204.187.184,/jquery-3.3.1.min.js", "x64_c2_host": "60.204.187.184", "x86_c2_host": "60.204.187.184", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x64_watermark": 426352781, "x86_watermark": 426352781, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647357", "ip": "111.92.243.236", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "c5364355938e6665da17d9d2496560f97fdaceaea0504d0bb69757ca381c222a", "x86_sha256": "a167808c42e5e810b304ad9c58d26ee5202659aeba67bc3b372c00b465db60ae", "x64_sha1": "985a2a6efabefbd9ee1af54ca85f33d9fff68055", "x86_sha1": "c13ddf05926b5f02e22d78c06a8d094ac8c292b4", "x64_uri_queried": "/JwYC", "x86_uri_queried": "/e3Wm", "x64_md5": "c9374cd5cb93fced018908060710b091", "x86_md5": "9f114a315b3683577b0fc68cb0c92a10", "x64_time": 1713647332327.3, "x86_time": 1713647319793.3, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 66502, "x86_polling": 66502, "x64_jitter": 36, "x86_jitter": 36, "x64_c2_server": "111.92.243.236,/claim/servlets-examples/I2I52XQKQQZF", "x86_c2_server": "111.92.243.236,/claim/servlets-examples/I2I52XQKQQZF", "x64_c2_host": "111.92.243.236", "x86_c2_host": "111.92.243.236", "x64_c2_path": "/claim/servlets-examples/I2I52XQKQQZF", "x86_c2_path": "/claim/servlets-examples/I2I52XQKQQZF", "x64_spawn_to_x86": "%windir%\\syswow64\\WUAUCLT.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\WUAUCLT.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\systray.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\systray.exe", "x64_watermark": 666666666, "x86_watermark": 666666666, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/inquiry/unix/0LTC61HZBWX9", "x86_http_method_path_2": "/inquiry/unix/0LTC61HZBWX9", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647419", "ip": "80.66.75.9", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "56cd992870e82cdcec697bcb55569bc45b70bd9cb8de3b4e3ca95f5154b2aaf9", "x86_sha256": "37682ce4a17dd0ffb9f95598f18e79b0b89eaa2419c0d2e9c8a472297711be0f", "x64_sha1": "43e712999eb2f975f3e267f0ee9a2cbbbdaa29c1", "x86_sha1": "174a03233c9830fa26b5900e87c0f9c4a2c4328f", "x64_uri_queried": "/r3Qg", "x86_uri_queried": "/qrC6", "x64_md5": "85534467cf6f6e64a7dc3bd1ecb60f35", "x86_md5": "5dd9c8b52af1a10f0d6a54e8685ec4ef", "x64_time": 1713647390255.9, "x86_time": 1713647372151.9, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 56000, "x86_polling": 56000, "x64_jitter": 36, "x86_jitter": 36, "x64_c2_server": "facelove.life,/functionalStatus/0CMp4E8sk1rGRjHC2NcNQf2u", "x86_c2_server": "facelove.life,/functionalStatus/0CMp4E8sk1rGRjHC2NcNQf2u", "x64_c2_host": "facelove.life", "x86_c2_host": "facelove.life", "x64_c2_path": "/functionalStatus/0CMp4E8sk1rGRjHC2NcNQf2u", "x86_c2_path": "/functionalStatus/0CMp4E8sk1rGRjHC2NcNQf2u", "x64_spawn_to_x86": "%windir%\\syswow64\\choice.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\choice.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\choice.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\choice.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/rest/2/meetings0CMp4E8sk1rGRjHC2NcNQf2u", "x86_http_method_path_2": "/rest/2/meetings0CMp4E8sk1rGRjHC2NcNQf2u", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "GET", "x86_method_2": "GET", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647483", "ip": "101.201.54.74", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "e2e8d58a5c78fa8d4fe05c5260e7fe9398c49ae04e3605b135a8f2d108d0b3cd", "x86_sha256": "579e25525bae0b638c1c48751c929ee96ce12cf716a80359f5b506b47e192e90", "x64_sha1": "e4880436eebb764fe165ebbd4d1f2bbbf19fc990", "x86_sha1": "25b6b94c2b10bc34ec2e53735abcda4f405afd5d", "x64_uri_queried": "/0ruF", "x86_uri_queried": "/ByOR", "x64_md5": "731703df543342d63a4a0e8af3a109aa", "x86_md5": "6aeb7357a4ca830f3ea9977318b2249b", "x64_time": 1713647462742.1, "x86_time": 1713647445178.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "101.201.54.74,/cm", "x86_c2_server": "101.201.54.74,/j.ad", "x64_c2_host": "101.201.54.74", "x86_c2_host": "101.201.54.74", "x64_c2_path": "/cm", "x86_c2_path": "/j.ad", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647523", "ip": "104.168.145.228", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "247aee9cef5b2fee57b63ae92fa7b50cfae5fdd5884a2dc2e7cf264badb1d4c1", "x86_sha256": "4891d8e87306a41152570549028882116e71c74f4018419eaadefeca74a2931c", "x64_sha1": "9c37701e973111f71afc4b421f00d23329e8f4ff", "x86_sha1": "ba18e7cbf1b4c3ea075cee089f1471ea7d8abab7", "x64_uri_queried": "/BuOW", "x86_uri_queried": "/TLkQ", "x64_md5": "e47c678029468685e9f69f8499fec48f", "x86_md5": "3c4178e516631d4ed6b3b93c39eb0e0a", "x64_time": 1713647499010.4, "x86_time": 1713647486296.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 45000, "x86_polling": 45000, "x64_jitter": 37, "x86_jitter": 37, "x64_c2_server": "ipv6.beijing-qax.top,/jquery-3.3.1.min.js", "x86_c2_server": "ipv6.beijing-qax.top,/jquery-3.3.1.min.js", "x64_c2_host": "ipv6.beijing-qax.top", "x86_c2_host": "ipv6.beijing-qax.top", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "Host: ipv6.beijing-qax.top\r\n", "x86_c2_host_header": "Host: ipv6.beijing-qax.top\r\n", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647551", "ip": "124.222.98.112", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "27bb3f7591ac0e00338fc278c5e82c554bdab0948ae27b12db549509ab793c46", "x86_sha256": "110b27ef1fbe2b0097384ee47615447c9336346dcacf07b6da0f01ec11cd8046", "x64_sha1": "8e9a17e4835676be883173f05bf43e396597746b", "x86_sha1": "d4ed075bd7f66806af36c6ae52afbf98c2195cf3", "x64_uri_queried": "/WX7w", "x86_uri_queried": "/vTAQ", "x64_md5": "389c59203fdd1b569b4d86783baf125a", "x86_md5": "4eef43123c982ad69a515d10f3af8d6e", "x64_time": 1713647543913.9, "x86_time": 1713647534634.7, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 3000, "x86_polling": 3000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "service-ku7vp6lj-1253504731.sh.tencentapigw.com,/api/x", "x86_c2_server": "service-ku7vp6lj-1253504731.sh.tencentapigw.com,/api/x", "x64_c2_host": "service-ku7vp6lj-1253504731.sh.tencentapigw.com", "x86_c2_host": "service-ku7vp6lj-1253504731.sh.tencentapigw.com", "x64_c2_path": "/api/x", "x86_c2_path": "/api/x", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/api/y", "x86_http_method_path_2": "/api/y", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647615", "ip": "175.178.103.238", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "bef0be8c6649eeacb382797fa284107742f47c9b8b308a00973a3589017e94f8", "x86_sha256": "0689d38ee6419cdd3d0725d81f90a158588a8ef4324a04e5ed2324d8ebfad0d0", "x64_sha1": "d9d0cc0f43b660bc8752e7a2c11acf93206f93d3", "x86_sha1": "e615f91b9efd2b3856d9d45dba0ae96a02697f27", "x64_uri_queried": "/WyID", "x86_uri_queried": "/9poD", "x64_md5": "43124f5950a11b2fa5bd5711dba2b04a", "x86_md5": "0140260c61e4e9b3fed1672d1018e8e1", "x64_time": 1713647591895.2, "x86_time": 1713647577889.9, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "175.178.103.238,/cm", "x86_c2_server": "175.178.103.238,/visit.js", "x64_c2_host": "175.178.103.238", "x86_c2_host": "175.178.103.238", "x64_c2_path": "/cm", "x86_c2_path": "/visit.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647659", "ip": "124.71.84.65", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "a813e5f753186723d3db7d048a1172f04ea9454f8e903bc10be928fb5dbd2cd8", "x86_sha256": "3625da52e7a1e59599c653a102c0e80da7b14e57a1c1e1655e04bbd2dbf807ba", "x64_sha1": "f4984d2f3cd4865bafdc9b6d5e82e7fc2a9a2848", "x86_sha1": "afb710e9f7e9ae9e331c789703759261552d5890", "x64_uri_queried": "/LXfS", "x86_uri_queried": "/pBz0", "x64_md5": "e54779d6a328fb2b8180a6851a90d813", "x86_md5": "5b92cefd2e41d857cc710d16799a5662", "x64_time": 1713647641227.4, "x86_time": 1713647625056.2, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "124.71.84.65,/activity", "x86_c2_server": "124.71.84.65,/dot.gif", "x64_c2_host": "124.71.84.65", "x86_c2_host": "124.71.84.65", "x64_c2_path": "/activity", "x86_c2_path": "/dot.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647694", "ip": "60.204.208.32", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "8ab2ceb891391113484d02420a972a65bf0c2d8b93a32c92882fa7439c3a5735", "x86_sha256": "260ff27fa87adf2ef5e5ffeb87daf375bdf19266aaa5c563f8539aebc697b15c", "x64_sha1": "7f77fc7605ce2ff1a06ec0496996785a885253dc", "x86_sha1": "263f18ad372c58b70f799183eb1b9b45ab5721b1", "x64_uri_queried": "/AtXP", "x86_uri_queried": "/KUmO", "x64_md5": "53c82c80784d9de40ea64e26ef4bdaf5", "x86_md5": "f35cc573d673be9d5f2e1a17de676a11", "x64_time": 1713647678754.8, "x86_time": 1713647665690.7, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "60.204.208.32,/updates.rss", "x86_c2_server": "60.204.208.32,/cm", "x64_c2_host": "60.204.208.32", "x86_c2_host": "60.204.208.32", "x64_c2_path": "/updates.rss", "x86_c2_path": "/cm", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647744", "ip": "147.139.212.210", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "a7b99878bd46bfeeab2bd0025f93b293f2396bcf77d83de765505a1c08df38b6", "x86_sha256": "44b3ed53aefb66bbe3d95ff6a3e1c9092141aeef4ea71f26eb745b5264ed2562", "x64_sha1": "989f9f48601193f8994c7d147e0c0da4809e4c5b", "x86_sha1": "8cb7e83ad1198ba5bd74f5edcf3be5268a30bf5c", "x64_uri_queried": "/GyQL", "x86_uri_queried": "/oPm0", "x64_md5": "df3220121a8e459a5fc8303ee42958ac", "x86_md5": "7d02d04651d0d9d2ee910b3533820a9f", "x64_time": 1713647723472.0, "x86_time": 1713647705742.5, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "147.139.212.210,/push", "x86_c2_server": "147.139.212.210,/cx", "x64_c2_host": "147.139.212.210", "x86_c2_host": "147.139.212.210", "x64_c2_path": "/push", "x86_c2_path": "/cx", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 666666666, "x86_watermark": 666666666, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647781", "ip": "51.250.16.184", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "c88c491dcddd3319d824947d9147ebc390f8cb3be1b7b56c765eaabe2f718566", "x86_sha256": "6e4b9c201d578276b53ad5ca10a0cad27ab005eb204466075e3453ea69bf2fd5", "x64_sha1": "f051285c964247b65a6649e0f7be9c6fd96cabe5", "x86_sha1": "3224de9cc1a8dd1b6a473410ba6ddb2af255cab8", "x64_uri_queried": "/HgfH", "x86_uri_queried": "/Dm2y", "x64_md5": "c007114da8c6e8a23cb0701fc65df18e", "x86_md5": "279684c60126cbe94f680ea4990ef49e", "x64_time": 1713647762702.5, "x86_time": 1713647749294.2, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "51.250.16.184,/ptj", "x86_c2_server": "51.250.16.184,/pixel.gif", "x64_c2_host": "51.250.16.184", "x86_c2_host": "51.250.16.184", "x64_c2_path": "/ptj", "x86_c2_path": "/pixel.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647821", "ip": "101.43.147.69", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "6c4f7bbdd1718c859368a7b671631255e1a3200be573bfb0ae22e190965e8696", "x86_sha256": "29fe789bb1d2f10eb7722d65eee61834b61ded59b405ea08abe241f304c9212c", "x64_sha1": "290a99ee28f388057b35be04c1fb55b6335626de", "x86_sha1": "35496eded90f0c33f81fde7d69aefaf83337c437", "x64_uri_queried": "/6Tcp", "x86_uri_queried": "/jRl4", "x64_md5": "a2a58a0a7f7083c454c270fe3bab2d11", "x86_md5": "62c9261107982466c4dfc1461f26c54b", "x64_time": 1713647802068.9, "x86_time": 1713647787683.7, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "101.43.147.69,/ga.js", "x86_c2_server": "101.43.147.69,/cm", "x64_c2_host": "101.43.147.69", "x86_c2_host": "101.43.147.69", "x64_c2_path": "/ga.js", "x86_c2_path": "/cm", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647845", "ip": "81.19.138.60", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "9995ed6d46e9c3ae4ca6200addf452b17ce3a02b192cf4bd596613c4858c42aa", "x86_sha256": "37cc4a2be80e109306e72067eed9f172905f0b486ed34241791f2381d26a230e", "x64_sha1": "7e3f474a9967456426b264072fe38fad7a22304c", "x86_sha1": "b2b05639ba80a9740de4d4f9a046aaa4861ab9a9", "x64_uri_queried": "/LSXf", "x86_uri_queried": "/zh3G", "x64_md5": "04a35e3343c28a0b1d2dccdb9a6f151d", "x86_md5": "9f76e0c29d70667f8014b4b8ff598a97", "x64_time": 1713647837482.6, "x86_time": 1713647825988.9, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "81.19.138.60,/ga.js", "x86_c2_server": "81.19.138.60,/dot.gif", "x64_c2_host": "81.19.138.60", "x86_c2_host": "81.19.138.60", "x64_c2_path": "/ga.js", "x86_c2_path": "/dot.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1580103824, "x86_watermark": 1580103824, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647886", "ip": "123.207.51.53", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "ee64a95f924b607f449693a4a128bcc16c0c4e4d9737e82b8c388b1fc1749350", "x86_sha256": "1d1178cec57a4f28a3565086ff276f515c680a3dc7c55d0ed14dc3d41279c5e0", "x64_sha1": "c22be2e62310e1d2a920d3c652161252062209b8", "x86_sha1": "7772ea4140b0a0bc2faf35170d2308d4400b035a", "x64_uri_queried": "/KhZP", "x86_uri_queried": "/VdIY", "x64_md5": "e1c06cc3643d86d82032710723b73601", "x86_md5": "f012afa3c4beb3255a5b99cd1a5aff34", "x64_time": 1713647868298.1, "x86_time": 1713647857220.6, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 4193, "x86_polling": 4193, "x64_jitter": 38, "x86_jitter": 38, "x64_c2_server": "service-hzdzk12c-1318485841.gz.apigw.tencentcs.com,/Test/protect/JZJ8DALCUB", "x86_c2_server": "service-hzdzk12c-1318485841.gz.apigw.tencentcs.com,/Test/protect/JZJ8DALCUB", "x64_c2_host": "service-hzdzk12c-1318485841.gz.apigw.tencentcs.com", "x86_c2_host": "service-hzdzk12c-1318485841.gz.apigw.tencentcs.com", "x64_c2_path": "/Test/protect/JZJ8DALCUB", "x86_c2_path": "/Test/protect/JZJ8DALCUB", "x64_spawn_to_x86": "%windir%\\syswow64\\svchost.exe -k wksvc", "x86_spawn_to_x86": "%windir%\\syswow64\\svchost.exe -k wksvc", "x64_spawn_to_x64": "%windir%\\sysnative\\EhStorAuthn.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\EhStorAuthn.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/Add/v3.48/WFL0L9G1F", "x86_http_method_path_2": "/Add/v3.48/WFL0L9G1F", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647916", "ip": "8.134.165.196", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "c926234c8f7514a5afc2b6fde489953bfdc3af14e3e3c3259b92a8f2b0155f43", "x86_sha256": "34dd99ad5d837c27a09c8f9ba15433fcc765c07bfa885b5f8274486f917bbbbe", "x64_sha1": "a627119188b9585f06cc32a26d2458b6f20f3f06", "x86_sha1": "7791c7dcc9f911002d7532baeb4db23c2fb28bac", "x64_uri_queried": "/4Zcl", "x86_uri_queried": "/oEBf", "x64_md5": "3944b0aec2013b826903de56c8a63c04", "x86_md5": "6cda277ae5423598dc689658aef16dca", "x64_time": 1713647905303.4, "x86_time": 1713647895369.6, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "8.134.165.196,/pixel.gif", "x86_c2_server": "8.134.165.196,/dpixel", "x64_c2_host": "8.134.165.196", "x86_c2_host": "8.134.165.196", "x64_c2_path": "/pixel.gif", "x86_c2_path": "/dpixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 6, "x86_watermark": 6, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648396", "ip": "94.156.69.121", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "aff828b63ec35fec942f7d932ea6034e6e4748a097f374f8cf783956991144f5", "x86_sha256": "189b4960c9ad57b90588b42c6f19666b0dce073806f606aee7f8b0d03039aae0", "x64_sha1": "a7088693e2b754013097e9465d6961475ed5c342", "x86_sha1": "ee59d2b231a8e1417c66ab35d930ce0f82606e11", "x64_uri_queried": "/QQcX", "x86_uri_queried": "/9Uam", "x64_md5": "6f3c2d6db52db35a13b7a954334234a5", "x86_md5": "c5e600ab175b64e1da8670fc53875e61", "x64_time": 1713648387239.0, "x86_time": 1713648377380.8, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "94.156.69.121,/IE9CompatViewList.xml", "x86_c2_server": "94.156.69.121,/visit.js", "x64_c2_host": "94.156.69.121", "x86_c2_host": "94.156.69.121", "x64_c2_path": "/IE9CompatViewList.xml", "x86_c2_path": "/visit.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648432", "ip": "162.14.73.154", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "9bc4ed7f8177c6e58373402b8a46bf01d034434f9a7a97329cac31401d4ba738", "x86_sha256": "be03d66d2e788bdd1e5828d095f449bcb90f7ea243e649dda9830a460da48852", "x64_sha1": "64904fb95a1c80ef853489b5618935210e617e94", "x86_sha1": "161642e1e87297e7c8e1a9bbf086912b86a18a76", "x64_uri_queried": "/MTXd", "x86_uri_queried": "/ku2J", "x64_md5": "66a5ec127ee137dc72f21c5369409592", "x86_md5": "59cde85c0d73b4ebca691ea13f122eae", "x64_time": 1713648414902.5, "x86_time": 1713648402882.7, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "162.14.73.154,/cx", "x86_c2_server": "162.14.73.154,/ca", "x64_c2_host": "162.14.73.154", "x86_c2_host": "162.14.73.154", "x64_c2_path": "/cx", "x86_c2_path": "/ca", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648549", "ip": "54.37.226.59", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "caf53a0065cfecf8ba169af06477a3e80113bfd18cea00dda4fbe34b07cb75bb", "x86_sha256": "a14c6d02941aa1ce235dc23e67abde21e218821f1f09e1ba57ba692dfecc2e7a", "x64_sha1": "17898727619447028592d00863702551e489defb", "x86_sha1": "86d86d66897b7018f1bde06d3d3235d9868846c9", "x64_uri_queried": "/SIWj", "x86_uri_queried": "/si5K", "x64_md5": "2e44a8d57ee59e603995d22d04eecc0c", "x86_md5": "62a70fdd7f2c07a77afc05e93413ff95", "x64_time": 1713648544099.0, "x86_time": 1713648539931.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "54.37.226.59,/cm", "x86_c2_server": "54.37.226.59,/__utm.gif", "x64_c2_host": "54.37.226.59", "x86_c2_host": "54.37.226.59", "x64_c2_path": "/cm", "x86_c2_path": "/__utm.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)", "x86_user_agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648593", "ip": "47.120.63.211", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "557f582ae0dc49e12ce6e6ec62fdbbfe08f0143044088a4101a6c531ca9811a0", "x86_sha256": "7172ca8cd0c88d5ebc8b7f187494a6600e8c53e82f090f40785698d95710e5e9", "x64_sha1": "75ec9db79838360218fd8904ed44ed2d23d83d20", "x86_sha1": "7de45c809f462e1a563d9a603b86c8cd921af9e9", "x64_uri_queried": "/vLOL", "x86_uri_queried": "/CYWi", "x64_md5": "194cd05fb23440bbebd1adc7ece1e141", "x86_md5": "03134c427c0d1670333708372381005f", "x64_time": 1713648576555.3, "x86_time": 1713648564039.5, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.120.63.211,/ca", "x86_c2_server": "47.120.63.211,/ptj", "x64_c2_host": "47.120.63.211", "x86_c2_host": "47.120.63.211", "x64_c2_path": "/ca", "x86_c2_path": "/ptj", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648639", "ip": "23.94.66.43", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "e5a18099238456a8f827cc2675b652657c991a52e48b1a48fcafec2568b1f7fc", "x86_sha256": "6a390a4f6791947faa1e6362244f6af53d615451f88ebb208e3ecf7cfc123b33", "x64_sha1": "c83f0e6369cc0c58c548db906d5fc991caffb0b2", "x86_sha1": "9148611861b097b85e423b38e5532c6a9ea5bb67", "x64_uri_queried": "/wOBU", "x86_uri_queried": "/1Dur", "x64_md5": "d2b6e6677e9c769e13b1e2ce657ecb8d", "x86_md5": "38ba09fe48f689025349840ddc555bab", "x64_time": 1713648628489.2, "x86_time": 1713648621096.2, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "23.94.66.43,/ca", "x86_c2_server": "23.94.66.43,/pixel.gif", "x64_c2_host": "23.94.66.43", "x86_c2_host": "23.94.66.43", "x64_c2_path": "/ca", "x86_c2_path": "/pixel.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648674", "ip": "148.135.72.115", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "9a95a831a9c29009fc7c0802d42fb4a7ae0f2dd0958780a9cf9707df408db310", "x86_sha256": "72bab5318c2efa9ebd3530f11a76e29c06f3a94ed1e3e8c8d74227aa3c83c266", "x64_sha1": "b893e1f194e712423f5377da52cc2ad56b1277f0", "x86_sha1": "2afa038909fd2cb959058f61a3ef62a2eb66c459", "x64_uri_queried": "/rP8c", "x86_uri_queried": "/uh8G", "x64_md5": "fa94b7b0ffa46240fb34b5380a51ca39", "x86_md5": "48d4923a500319a27f5f7455599c057d", "x64_time": 1713648665562.6, "x86_time": 1713648651572.4, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 15, "x86_jitter": 15, "x64_c2_server": "148.135.72.115,/_/scs/mail-static/_/js/", "x86_c2_server": "148.135.72.115,/_/scs/mail-static/_/js/", "x64_c2_host": "148.135.72.115", "x86_c2_host": "148.135.72.115", "x64_c2_path": "/_/scs/mail-static/_/js/", "x86_c2_path": "/_/scs/mail-static/_/js/", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/mail/u/0/", "x86_http_method_path_2": "/mail/u/0/", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648712", "ip": "159.75.104.8", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "58430036c96214aa9d78f65606f7ab293cf977d9c04a00cfd0955effbd4dcb14", "x86_sha256": "7859d020e4d13656694a4fd1743a122376e174063256da7194727c0451bbd34e", "x64_sha1": "b5ae1c461ee5359e076549e52d73ffd434bc23f1", "x86_sha1": "0f2bd5736646c43aecedb283f32783edc5c6c599", "x64_uri_queried": "/QgVO", "x86_uri_queried": "/aLVY", "x64_md5": "41957517b275edaac35ee84d0c69eadf", "x86_md5": "af9003ec070b29ae65d5a674c6b63ea7", "x64_time": 1713648704632.2, "x86_time": 1713648687435.8, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "159.75.104.8,/dot.gif", "x86_c2_server": "159.75.104.8,/cx", "x64_c2_host": "159.75.104.8", "x86_c2_host": "159.75.104.8", "x64_c2_path": "/dot.gif", "x86_c2_path": "/cx", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648745", "ip": "47.92.213.31", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "c9c1ae346aaa44a86a9b288f89687d919e0c487882548e6c32d2c6cb899c5833", "x86_sha256": "6093377daf1af91f405c35d063e29a484f7d042241593de490b8050e09a1686a", "x64_sha1": "261455a78484f6f39c0b1c90da07d522a64536d2", "x86_sha1": "33271963ea96d9aa211b1ad1bbf02eb55ceb5430", "x64_uri_queried": "/WEVk", "x86_uri_queried": "/zb4L", "x64_md5": "fcbc09bfdfdd14094dc8b09b1f5172ee", "x86_md5": "e978f43a9445dec636e88d4ffbc35b76", "x64_time": 1713648731157.7, "x86_time": 1713648721786.2, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 118505, "x86_polling": 118505, "x64_jitter": 39, "x86_jitter": 39, "x64_c2_server": "47.92.213.31,/download/20/ZO2XY7A4BOWU", "x86_c2_server": "47.92.213.31,/download/20/ZO2XY7A4BOWU", "x64_c2_host": "47.92.213.31", "x86_c2_host": "47.92.213.31", "x64_c2_path": "/download/20/ZO2XY7A4BOWU", "x86_c2_path": "/download/20/ZO2XY7A4BOWU", "x64_spawn_to_x86": "%windir%\\syswow64\\Locator.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\Locator.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\WUAUCLT.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\WUAUCLT.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/Fashion/account/5TQ57I2XMZ9Q", "x86_http_method_path_2": "/Fashion/account/5TQ57I2XMZ9Q", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 2, "x86_year": 2, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646640", "ip": "8.140.135.23", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "1792bb72ada345b1a303632194dfd1c0f78a02a7d08148e6793869661b9b926f", "x86_sha256": "9b2f2ff59b04ee642157118eb7614af45639f4fba3565ccce84c6fa9aabcd469", "x64_sha1": "64f2ea4fea07032c5b35601aa9e749d086861642", "x86_sha1": "6d01f33fac404fb0d6a959074bdebf1736250644", "x64_uri_queried": "/N0uj", "x86_uri_queried": "/YMNh", "x64_md5": "a6a447d6fe41fae456fed0daa980ac3e", "x86_md5": "a38fe6a47dff715089e29f4dc6c8b4b4", "x64_time": 1713646625220.0, "x86_time": 1713646614009.0, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "content.microsoft.com.w.kunlunca.com,/load", "x86_c2_server": "content.microsoft.com.w.kunlunca.com,/updates.rss", "x64_c2_host": "content.microsoft.com.w.kunlunca.com", "x86_c2_host": "content.microsoft.com.w.kunlunca.com", "x64_c2_path": "/load", "x86_c2_path": "/updates.rss", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "Host: content.microsoft.com\r\n", "x86_c2_host_header": "Host: content.microsoft.com\r\n", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646688", "ip": "18.192.209.34", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "3332e653fa40fc7a78ebc33df1d6aa9c20b1b1c854d340fd141d4098cd292219", "x86_sha256": "41f053dddafce0d27ed726f689a6a9a773eb84d7606eb0a8292fb05112b733f4", "x64_sha1": "d3616e01864efc06b1ebeea174e8982ba7bdc7a9", "x86_sha1": "c45f1cc310e974e67e67dfc2339ab5d82f0f0db0", "x64_uri_queried": "/bUp6", "x86_uri_queried": "/SjPO", "x64_md5": "e8399ead2f9ee561505de68777e30a6e", "x86_md5": "b856a89e4f22ffa4bc2a9e2e91d99e4c", "x64_time": 1713646662682.2, "x86_time": 1713646651593.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 74227, "x86_polling": 74227, "x64_jitter": 34, "x86_jitter": 34, "x64_c2_server": "10.10.14.47,/accelerate/v3.33/1F7JW12FQR2V,10.10.14.44,/accelerate/v3.33/1F7JW12FQR2V,10.10.16.15,/accelerate/v3.33/1F7JW12FQR2V", "x86_c2_server": "10.10.14.47,/accelerate/v3.33/1F7JW12FQR2V,10.10.14.44,/accelerate/v3.33/1F7JW12FQR2V,10.10.16.15,/accelerate/v3.33/1F7JW12FQR2V", "x64_c2_host": "10.10.14.47", "x86_c2_host": "10.10.14.47", "x64_c2_path": "/accelerate/v3.33/1F7JW12FQR2V", "x86_c2_path": "/accelerate/v3.33/1F7JW12FQR2V", "x64_spawn_to_x86": "%windir%\\syswow64\\dns-sd.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dns-sd.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\WUAUCLT.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\WUAUCLT.exe", "x64_watermark": 1709366803, "x86_watermark": 1709366803, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/doFor/utilities/27CI671LEFF", "x86_http_method_path_2": "/doFor/utilities/27CI671LEFF", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 1, "x86_year": 1, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646725", "ip": "42.193.117.162", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "ff5ccde9b75842ca3447a2e2f5294dd63249c3cced168d785a75ed300f2b0226", "x86_sha256": "1fe02a4c49607cc94661f4d95542c9e86e0707676dff87c209ffcc6e7d038492", "x64_sha1": "90f6ea9cb09080dcbc474d2c05338a279096cc72", "x86_sha1": "959a928a35da0fbd4d373716e18f78e0dababd51", "x64_uri_queried": "/th9H", "x86_uri_queried": "/pC9p", "x64_md5": "595799b20bdbf251cbb8bfa790f3a471", "x86_md5": "699b2f42cbeea07fc66800e68245f08f", "x64_time": 1713646707486.8, "x86_time": 1713646695434.9, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "42.193.117.162,/match", "x86_c2_server": "42.193.117.162,/en_US/all.js", "x64_c2_host": "42.193.117.162", "x86_c2_host": "42.193.117.162", "x64_c2_path": "/match", "x86_c2_path": "/en_US/all.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646765", "ip": "111.229.163.225", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "16df631b28a8580958a824da1c21155b2eb2d768664b3a9c96f2f2bfd1942001", "x86_sha256": "d0780a640ac1c6c183a1e20102485ea7a81e43b7511a64f0ae22b691f61e163a", "x64_sha1": "77d9feda90d6b36c77fe95279c98484d734ac109", "x86_sha1": "945ec3e2a0f47c3566e1ef23d3f858b87c9121f1", "x64_uri_queried": "/cy9H", "x86_uri_queried": "/6Jom", "x64_md5": "640130c80aba6df078696de7bd0be184", "x86_md5": "4180fae8bf90c8ce0197d9a0bfcefb69", "x64_time": 1713646742494.2, "x86_time": 1713646729180.6, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "111.229.163.225,/pixel", "x86_c2_server": "111.229.163.225,/dot.gif", "x64_c2_host": "111.229.163.225", "x86_c2_host": "111.229.163.225", "x64_c2_path": "/pixel", "x86_c2_path": "/dot.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646798", "ip": "103.146.50.218", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "83087598a5aedfa2d7460654e4c82349b9abdc1f10f145a8c999f73ac8f8a26d", "x86_sha256": "9e068a32aba7c7d88809e2d68b4e71f22594f841ab1ce0fc9fed82dc2bc6613a", "x64_sha1": "d1fedc1cef92bc838384c9426be1c64f5ea32eef", "x86_sha1": "61a4481c00ea74074bcb7810029e5448824f6d55", "x64_uri_queried": "/sPg3", "x86_uri_queried": "/sGKW", "x64_md5": "ef54c33e96d7b6415d5635208a12b714", "x86_md5": "c36b8ff9da95f3a63eed717fcd6b1c1c", "x64_time": 1713646781315.4, "x86_time": 1713646771830.3, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "103.146.50.218,/en_US/all.js", "x86_c2_server": "103.146.50.218,/en_US/all.js", "x64_c2_host": "103.146.50.218", "x86_c2_host": "103.146.50.218", "x64_c2_path": "/en_US/all.js", "x86_c2_path": "/en_US/all.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "x86_user_agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646839", "ip": "1.14.206.72", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "977bd4f49af34b7a755c0015e56be7c2af206ec4756f1492bb15a77174e46015", "x86_sha256": "c8f0e8119d4642ce9db6596e5bdc8b007a0fa582af04e343eba5f2b41af43c6d", "x64_sha1": "5548fb6b3116467d7b6481b2f57fd211ba0cd13d", "x86_sha1": "4ad9900ed5a9ad0b069c0d46623ca0340a136ed9", "x64_uri_queried": "/ldZ3", "x86_uri_queried": "/EdrA", "x64_md5": "9c44715b3ced50d7e1042d4aa34a025a", "x86_md5": "da13915c2e88f257b05132807a02bdf8", "x64_time": 1713646821192.6, "x86_time": 1713646803348.1, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "1.14.206.72,/fwlink", "x86_c2_server": "1.14.206.72,/__utm.gif", "x64_c2_host": "1.14.206.72", "x86_c2_host": "1.14.206.72", "x64_c2_path": "/fwlink", "x86_c2_path": "/__utm.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646883", "ip": "39.106.74.90", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "215a2c2479df01a4f8c94df3634801fc269d775bed2808d01194c092d9521416", "x86_sha256": "bc0d6d29d3ed715631d2c0f4e80628052b61c269d084131c8eb274acf31cab60", "x64_sha1": "26638eb91ab737642b8bcd19e551beee5c7a8880", "x86_sha1": "f7905dfdf9e28e93d8247f20cc9253f4ec6e7225", "x64_uri_queried": "/EmgD", "x86_uri_queried": "/OjUN", "x64_md5": "9d4f8edfc414e96913d03c7f310cab42", "x86_md5": "027e802f5d199775f21fb95eaae7fd44", "x64_time": 1713646863526.0, "x86_time": 1713646850256.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "39.106.74.90,/push", "x86_c2_server": "39.106.74.90,/cm", "x64_c2_host": "39.106.74.90", "x86_c2_host": "39.106.74.90", "x64_c2_path": "/push", "x86_c2_path": "/cm", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)", "x86_user_agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646952", "ip": "8.219.229.99", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "40f0f2c211dd216c148bfbee2e9174414b3a2d579b866dbeda71cff0c62c98a8", "x86_sha256": "67ff5a293b82cce9fc7401ce21bdc709fcfa57b54f498fe93960daadab9f0044", "x64_sha1": "c89a01e1c8bae60f613290c48af3518298ba8e45", "x86_sha1": "99c5c9343676036791c6d929f652348c2ae29999", "x64_uri_queried": "/yy38", "x86_uri_queried": "/PKtM", "x64_md5": "cf98a13fa307ff3518831c2d858993b1", "x86_md5": "cd5e62e84c9ba63313f0fff4a53d6220", "x64_time": 1713646927317.4, "x86_time": 1713646905192.1, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "8.219.229.99,/push", "x86_c2_server": "8.219.229.99,/dot.gif", "x64_c2_host": "8.219.229.99", "x86_c2_host": "8.219.229.99", "x64_c2_path": "/push", "x86_c2_path": "/dot.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646995", "ip": "47.236.171.179", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "04c414f620097b113ced39c0a06b81235408b6bce2639e70065a43f84ac90403", "x86_sha256": "ef1dbaa319c05422a2ee6a7ce003b27abcf5e36d58008face8985ebeda4ed65f", "x64_sha1": "e1c4bfc8e31744528b371e01b5192cd7aa12f08b", "x86_sha1": "a9287eef0c184e96e6866960172a300569d8ef8b", "x64_uri_queried": "/2Oyc", "x86_uri_queried": "/3ejZ", "x64_md5": "5a23b7b614200a807ee6dcdfc6d0a517", "x86_md5": "c2b1c8d224f617291771d9a12148f61c", "x64_time": 1713646972492.3, "x86_time": 1713646955977.8, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.236.171.179,/IE9CompatViewList.xml", "x86_c2_server": "47.236.171.179,/en_US/all.js", "x64_c2_host": "47.236.171.179", "x86_c2_host": "47.236.171.179", "x64_c2_path": "/IE9CompatViewList.xml", "x86_c2_path": "/en_US/all.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647037", "ip": "120.27.212.14", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "9193acae0d788fc216fa57e93c259a4e95606c4b26e7487132099390363b5721", "x86_sha256": "cf6b9a10395520740a42dd0e8684fdc53ce62ca71770d3771263a41997471317", "x64_sha1": "9c3148397582e01c8d60ec63a008c6c4fb1b8b0e", "x86_sha1": "cdc6e6f37f7dfd6429dc4b240ea2fb763bd943b3", "x64_uri_queried": "/2oiS", "x86_uri_queried": "/XPPd", "x64_md5": "5db2f3b0766d86cd10249015f0ff2dc0", "x86_md5": "c674d9627d60e1465c6fffa2a3877995", "x64_time": 1713647017131.1, "x86_time": 1713647001052.5, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "120.27.212.14,/activity", "x86_c2_server": "120.27.212.14,/pixel", "x64_c2_host": "120.27.212.14", "x86_c2_host": "120.27.212.14", "x64_c2_path": "/activity", "x86_c2_path": "/pixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647074", "ip": "43.159.58.81", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "6ca921843c0fbf24c3f740a353edf43a32c895496bba0350de60e93dcd0f668a", "x86_sha256": "36e714e49582d59bc72de9edc37c478caa0680b4313741b57c01a418d9209f0a", "x64_sha1": "0b62a23790a8ea8ff62df9cf1cb4c707b37a7556", "x86_sha1": "80ca2b6ced83b4fee266b6eaf58f59f1de7c416f", "x64_uri_queried": "/Axr2", "x86_uri_queried": "/Q4gp", "x64_md5": "aabfab86e4d34018dd6c25eea076b458", "x86_md5": "725614ad17493fd21700ddfab2d778e2", "x64_time": 1713647056279.4, "x86_time": 1713647040999.3, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "43.159.58.81,/en_US/all.js", "x86_c2_server": "43.159.58.81,/ptj", "x64_c2_host": "43.159.58.81", "x86_c2_host": "43.159.58.81", "x64_c2_path": "/en_US/all.js", "x86_c2_path": "/ptj", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 100000, "x86_watermark": 100000, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647117", "ip": "212.129.223.49", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "b6e4fd6e89b3dc78b2d50d2e653799bf71b29e9f6786692cd5528f7857dd59fe", "x86_sha256": "af2cc8c6cb2bb15b6b248503465e26861043ad54628646bf454ac7710e26f0c9", "x64_sha1": "46b2f69744847439530b01fd29845e98edfa2e89", "x86_sha1": "c17646e234e303872d1e2eba4623b1fccc2ba3ac", "x64_uri_queried": "/CDlj", "x86_uri_queried": "/J0um", "x64_md5": "eff1d50056357feef78f8ebd9081e0df", "x86_md5": "49ebae9642df13dbcb1f2809e8423e36", "x64_time": 1713647094775.6, "x86_time": 1713647080049.8, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "212.129.223.49,/load", "x86_c2_server": "212.129.223.49,/dpixel", "x64_c2_host": "212.129.223.49", "x86_c2_host": "212.129.223.49", "x64_c2_path": "/load", "x86_c2_path": "/dpixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 100000, "x86_watermark": 100000, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647157", "ip": "47.113.179.177", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "698ff1bebd7beb40deaeaa53ba4373971fc194c90424249f8c1231443aa02bef", "x86_sha256": "daba77e928fcb5b748407b11a281a2334456fb129f6c1b31659abf58f3d0cb9e", "x64_sha1": "c5d855c6850a0046f25573ad624efcdfa5c8e23f", "x86_sha1": "59e0ad4dcddd317a1271310bc2f13d51252b0976", "x64_uri_queried": "/H1uo", "x86_uri_queried": "/GXdY", "x64_md5": "eefc8c4048f8a4f6c0e6161166bce434", "x86_md5": "f42346a2262f297e594a88393a65f956", "x64_time": 1713647138664.5, "x86_time": 1713647122928.1, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 30000, "x86_polling": 30000, "x64_jitter": 10, "x86_jitter": 10, "x64_c2_server": "47.113.179.177,/ipv4test/test", "x86_c2_server": "47.113.179.177,/ipv6test/test", "x64_c2_host": "47.113.179.177", "x86_c2_host": "47.113.179.177", "x64_c2_path": "/ipv4test/test", "x86_c2_path": "/ipv6test/test", "x64_spawn_to_x86": "%windir%\\syswow64\\wbem\\wmiprvse.exe -Embedding", "x86_spawn_to_x86": "%windir%\\syswow64\\wbem\\wmiprvse.exe -Embedding", "x64_spawn_to_x64": "%windir%\\sysnative\\wbem\\wmiprvse.exe -Embedding", "x86_spawn_to_x64": "%windir%\\sysnative\\wbem\\wmiprvse.exe -Embedding", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/fd/ls/lsp.aspx", "x86_http_method_path_2": "/fd/ls/lsp.aspx", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647222", "ip": "139.155.148.131", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "7c0227755b61a4145411255796aeeae0c12190d0e26b0f828bada760d290f794", "x86_sha256": "dda8c85f2563380effe94d8709b74be17a568b566f50c19e10609fb1704374fb", "x64_sha1": "feec62d2049d454a0791b4697cc361d1f2f830e5", "x86_sha1": "2e1344a1cf36d5e4642bf693b97e9055def48da0", "x64_uri_queried": "/OiBc", "x86_uri_queried": "/lS6g", "x64_md5": "050f9e4281d03bfc8a6a371df31de9de", "x86_md5": "ddc075004c08790fdb04bce9183cae6f", "x64_time": 1713647203582.9, "x86_time": 1713647187195.1, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 10000, "x86_polling": 10000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "service-rbr85ft5-1259685312.cd.apigw.tencentcs.com,/api/get", "x86_c2_server": "service-rbr85ft5-1259685312.cd.apigw.tencentcs.com,/api/get", "x64_c2_host": "service-rbr85ft5-1259685312.cd.apigw.tencentcs.com", "x86_c2_host": "service-rbr85ft5-1259685312.cd.apigw.tencentcs.com", "x64_c2_path": "/api/get", "x86_c2_path": "/api/get", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/api/post", "x86_http_method_path_2": "/api/post", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647267", "ip": "111.230.15.118", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "142f5cd76a031704dfe3e163846930929bc6dabe53905feaa98faab8c25a16b5", "x86_sha256": "acaddc68ea83aaa0cf2d68504bc3c025d549274018aa00f3cb50d34025f83d26", "x64_sha1": "95611b21866e4462a1d9c648964abeed07e4a23a", "x86_sha1": "7a0d48a273744b143c76894b1153bdb302ffba89", "x64_uri_queried": "/3aWr", "x86_uri_queried": "/9Snb", "x64_md5": "a8baee367f1b8c6d7f79fd95ef984de8", "x86_md5": "200eae9648ebdacecb608ce3ec9f6e06", "x64_time": 1713647247989.3, "x86_time": 1713647234159.5, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "111.230.15.118,/push", "x86_c2_server": "111.230.15.118,/activity", "x64_c2_host": "111.230.15.118", "x86_c2_host": "111.230.15.118", "x64_c2_path": "/push", "x86_c2_path": "/activity", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647309", "ip": "47.108.180.121", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "35a046d0eac33ead019fa3b1b3ab96091b84022cad2c571ed2254903a81e14ca", "x86_sha256": "e430f9f87cb2926a14966ef0a309a0fcc3c537ab5970c33cbae5f7f9abf403c1", "x64_sha1": "b208e4428b91093a5630132ea51e1c378fc44393", "x86_sha1": "e446b46a193ac586f6beaf06613faa0b0ec4ab24", "x64_uri_queried": "/lJfA", "x86_uri_queried": "/YIOk", "x64_md5": "a1edaac9e55f6e5a68bd0baff62961e9", "x86_md5": "7c2579841f1ea482afaca38f8e439206", "x64_time": 1713647287890.7, "x86_time": 1713647278357.9, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 10, "x86_jitter": 10, "x64_c2_server": "47.108.180.121,/updates", "x86_c2_server": "47.108.180.121,/updates", "x64_c2_host": "47.108.180.121", "x86_c2_host": "47.108.180.121", "x64_c2_path": "/updates", "x86_c2_path": "/updates", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/hello/flash.php", "x86_http_method_path_2": "/aircanada/dark.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647365", "ip": "77.242.250.36", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "7564404286ced6e7713431878dc794ec9bf421ccd6bc62fe8b00da96da9f3018", "x86_sha256": "d480350b52a57762352225aa291602e07dc850f044fc9e05695614ab1b90227b", "x64_sha1": "200d2a368a3be2fbef299ed649be5ac996622df7", "x86_sha1": "ed96c970dd14cc321d26bb56c989852111c9ddc8", "x64_uri_queried": "/ZIJp", "x86_uri_queried": "/Jhs7", "x64_md5": "8fc7be1b600227cdfab923b0bb076db4", "x86_md5": "d6c02be1955aa125e1b6348ee3ffb950", "x64_time": 1713647340627.5, "x86_time": 1713647324943.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 45000, "x86_polling": 45000, "x64_jitter": 37, "x86_jitter": 37, "x64_c2_server": "77.242.250.36,/jquery-3.3.1.min.js", "x86_c2_server": "77.242.250.36,/jquery-3.3.1.min.js", "x64_c2_host": "77.242.250.36", "x86_c2_host": "77.242.250.36", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x64_watermark": 888072749, "x86_watermark": 888072749, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647440", "ip": "43.138.77.115", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "4a91cebc585097d9a4e1a050915cc5221207fb3c629d916b5769ef27f8003e90", "x86_sha256": "91b3c597e194aaa10df0fe1c6176f4a05faa7d80328f3184d41e90f6145ade44", "x64_sha1": "87524690d0ddb61f7870b3367ac4457fb0b8c881", "x86_sha1": "dad1c8eecff09099612c413890273b51175e3322", "x64_uri_queried": "/lZMJ", "x86_uri_queried": "/FhLb", "x64_md5": "353d527471869fef257de1230542d0fe", "x86_md5": "0836c420795f6ea0cf002aba7bdab894", "x64_time": 1713647421677.0, "x86_time": 1713647403377.3, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "43.138.77.115,/dpixel", "x86_c2_server": "43.138.77.115,/pixel.gif", "x64_c2_host": "43.138.77.115", "x86_c2_host": "43.138.77.115", "x64_c2_path": "/dpixel", "x86_c2_path": "/pixel.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647481", "ip": "124.221.177.165", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "6f272be2571ef9c366dbde79fbdd90bca8a11bb6174495a35afbea4b2baeed17", "x86_sha256": "2846813f9b087dcf089f4923706df6f58d36138e01bb7308afd6992bfa80fc52", "x64_sha1": "19a4ba7e100e0a87ddbb42522c11c7001bcf24b4", "x86_sha1": "158f909ba131d850a69e55b51587204c9ff4d9c9", "x64_uri_queried": "/eJ8v", "x86_uri_queried": "/Kn1r", "x64_md5": "195b89641d75bde275df39906bcf0207", "x86_md5": "b4fe90805edaedabbc34080a1d28096c", "x64_time": 1713647461272.1, "x86_time": 1713647446218.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 10000, "x86_polling": 10000, "x64_jitter": 15, "x86_jitter": 15, "x64_c2_server": "124.221.177.165,/static/mancard/img/qrcode_download_john.png", "x86_c2_server": "124.221.177.165,/static/mancard/img/qrcode_download_john.png", "x64_c2_host": "124.221.177.165", "x86_c2_host": "124.221.177.165", "x64_c2_path": "/static/mancard/img/qrcode_download_john.png", "x86_c2_path": "/static/mancard/img/qrcode_download_john.png", "x64_spawn_to_x86": "%windir%\\syswow64\\gpupdate.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\gpupdate.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\gpupdate.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\gpupdate.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/api/developer/user/current", "x86_http_method_path_2": "/api/developer/user/current", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647518", "ip": "101.201.46.105", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "2dbc37cc37d6845cb0e5c471b09cf57535c2f8568667f009e95ced3b7cd6dc98", "x86_sha256": "9af1ad6dced8b2df1df995732656cfef231f7333eeef00db7f75dc070139f688", "x64_sha1": "7a81a5ceaffdde4781a0a631c0a387663039a34a", "x86_sha1": "996d11b9232a4a2dfad8163cc10ee8cb790b7fae", "x64_uri_queried": "/z0Ne", "x86_uri_queried": "/kUOM", "x64_md5": "000313ea479e86adb976c686815f7e4c", "x86_md5": "798967ce71a1a41110f9cdf367af47ca", "x64_time": 1713647498814.4, "x86_time": 1713647487030.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "101.201.46.105,/pixel.gif", "x86_c2_server": "101.201.46.105,/match", "x64_c2_host": "101.201.46.105", "x86_c2_host": "101.201.46.105", "x64_c2_path": "/pixel.gif", "x86_c2_path": "/match", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647605", "ip": "124.220.182.36", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "111d2824fe06d97599d04a50914547ce19253c581e8cd8193b89429b8d49d9fe", "x86_sha256": "e443408776326e7bd60fe4f51a48df42251be807dee2e50baee1ae3405b06800", "x64_sha1": "90810e6e4140da4309959a21180e42a717dbdff2", "x86_sha1": "1f565778d23b90feaf9421d06275deecf00374e8", "x64_uri_queried": "/s8ZX", "x86_uri_queried": "/hXXD", "x64_md5": "de130a96f88fc2e53982675c41d10a0b", "x86_md5": "ad11e5293b2414f713ca0381c98e1e22", "x64_time": 1713647588278.5, "x86_time": 1713647572483.1, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "124.220.182.36,/pixel.gif", "x86_c2_server": "124.220.182.36,/ptj", "x64_c2_host": "124.220.182.36", "x86_c2_host": "124.220.182.36", "x64_c2_path": "/pixel.gif", "x86_c2_path": "/ptj", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647642", "ip": "101.43.16.149", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "f56129e5e0aa7aa973029504d399897ed9fc159daa8d116153e71f08fa824f79", "x86_sha256": "6948390fdef581bba3a4401427b5de2578c9d843c84de2be55fd6689a03fb25e", "x64_sha1": "aa823cb6a99ffd1d994c20b6259fa17db2a72540", "x86_sha1": "19cc4b4c4a414397038234f276f8071272cd5425", "x64_uri_queried": "/zUKC", "x86_uri_queried": "/WwW7", "x64_md5": "4c61f6a44a67e0717a959baeaca821da", "x86_md5": "ff20d2811e837f5e752b95d205e27945", "x64_time": 1713647626546.2, "x86_time": 1713647616322.0, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "101.43.16.149,/admin/login", "x86_c2_server": "101.43.16.149,/admin/login", "x64_c2_host": "101.43.16.149", "x86_c2_host": "101.43.16.149", "x64_c2_path": "/admin/login", "x86_c2_path": "/admin/login", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "x86_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "x64_http_method_path_2": "/admin/user", "x86_http_method_path_2": "/admin/user", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647687", "ip": "47.109.106.162", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "3f46d5513085c5a01b6659e4c7d83c0c9c9440474154ec2640a290d371a953a4", "x86_sha256": "b0a8f6e588ff3560036ec708811a48c9b1920cb607bd83189114f6e98ae0387d", "x64_sha1": "39f1c8452fb79d9c693779acb214e53d98939124", "x86_sha1": "f644a06f3c79f9afe97e5c02d16f8303f2600d6a", "x64_uri_queried": "/2Tfq", "x86_uri_queried": "/Oj6m", "x64_md5": "7afbd5f2e1432e44aa3cd17f2fef6ccb", "x86_md5": "a5ee1b2394c34800f2be0182baf69d0c", "x64_time": 1713647665783.4, "x86_time": 1713647653131.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.109.106.162,/dot.gif", "x86_c2_server": "47.109.106.162,/pixel", "x64_c2_host": "47.109.106.162", "x86_c2_host": "47.109.106.162", "x64_c2_path": "/dot.gif", "x86_c2_path": "/pixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 666666666, "x86_watermark": 666666666, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647732", "ip": "60.204.222.75", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "ad6108a3a377f4ac18704e938ca5c9644318e913cfa513554d8cae886c7075f0", "x86_sha256": "7afe60bf37da3bdc72e108e566d303eeb47a43461e6f1490518381cc7e0aaea6", "x64_sha1": "f99c5748fdc2e019d25c921ff4754e49374d53f4", "x86_sha1": "3c44c224cf43e3e34a95ce35259875a4d5b4c693", "x64_uri_queried": "/DtcB", "x86_uri_queried": "/SRVa", "x64_md5": "ca7b235005751022848dc9394e24db89", "x86_md5": "9c3e454d205b1b251a0cd35fb395594f", "x64_time": 1713647711961.0, "x86_time": 1713647697335.6, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "60.204.222.75,/pixel.gif", "x86_c2_server": "60.204.222.75,/j.ad", "x64_c2_host": "60.204.222.75", "x86_c2_host": "60.204.222.75", "x64_c2_path": "/pixel.gif", "x86_c2_path": "/j.ad", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 666666666, "x86_watermark": 666666666, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647768", "ip": "101.43.2.116", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "566c89876df2f4459b5da805d4a9cf2c7cb0c8f4d6112f42adb29ff84ba48f42", "x86_sha256": "292af3eacbf13b3afaf1e188ff674abe683844fff1d0baea9546195e2ae95b65", "x64_sha1": "515a76b28ccb31243f26bddd14211282ebe5e19f", "x86_sha1": "58459f924df3dc46259cb198b885d3f33f618fe1", "x64_uri_queried": "/7yiD", "x86_uri_queried": "/mYf0", "x64_md5": "de12f0ea6f21454fffd0b048cd7976c1", "x86_md5": "c31f665e17785acf0de82cf77431be0f", "x64_time": 1713647749986.0, "x86_time": 1713647739477.4, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "101.43.2.116,/admin/login", "x86_c2_server": "101.43.2.116,/admin/login", "x64_c2_host": "101.43.2.116", "x86_c2_host": "101.43.2.116", "x64_c2_path": "/admin/login", "x86_c2_path": "/admin/login", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "x86_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "x64_http_method_path_2": "/admin/user", "x86_http_method_path_2": "/admin/user", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647840", "ip": "180.184.69.31", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "c56517273aa63a31244900f4a6e280ff72d977bac0fe968a1ba79f256fae2666", "x86_sha256": "c30e6bb8affc2aa56593f4134b00218d0312149830658979ee072382c0e34469", "x64_sha1": "3cd3da8aed504e6f4856fe7f81aaed7db08ccc16", "x86_sha1": "a62622b31352e74b35b0b2d06e6fa3e2f5eae7f7", "x64_uri_queried": "/LYEs", "x86_uri_queried": "/r3Fq", "x64_md5": "9415a543610f027f01bed59cf1abc286", "x86_md5": "6b927bdd37737ed0fe0ab2cc081f0302", "x64_time": 1713647818252.8, "x86_time": 1713647802286.1, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 3000, "x86_polling": 3000, "x64_jitter": 7, "x86_jitter": 7, "x64_c2_server": "180.184.69.31,/www/handle/doc", "x86_c2_server": "180.184.69.31,/www/handle/doc", "x64_c2_host": "180.184.69.31", "x86_c2_host": "180.184.69.31", "x64_c2_path": "/www/handle/doc", "x86_c2_path": "/www/handle/doc", "x64_spawn_to_x86": "c:\\windows\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "c:\\windows\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "c:\\windows\\system32\\rundll32.exe", "x86_spawn_to_x64": "c:\\windows\\system32\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/IMXo", "x86_http_method_path_2": "/IMXo", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647885", "ip": "47.236.185.166", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "6668f551f23f0cd6f691aeaaff0c965fc8f2b8b96e6ef1cf5f44589f71f33f87", "x86_sha256": "1eb85db6b409b30ad55aa59dd8f26dca6b3ea5e80b370e457810512c8485346b", "x64_sha1": "1732439c459fb142e72727c685a3123bbc38dede", "x86_sha1": "1a1cb60ecf69821790e062048f49983e11ba9e30", "x64_uri_queried": "/TIjV", "x86_uri_queried": "/z2VZ", "x64_md5": "2debd92642a6edb33222778f77aa1d66", "x86_md5": "907b34dbb6be24d2fde28de910f628f3", "x64_time": 1713647860625.3, "x86_time": 1713647850315.9, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.236.185.166,/cx", "x86_c2_server": "47.236.185.166,/__utm.gif", "x64_c2_host": "47.236.185.166", "x86_c2_host": "47.236.185.166", "x64_c2_path": "/cx", "x86_c2_path": "/__utm.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647922", "ip": "117.72.11.112", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "6de2faa86097fca2681015a2f61e94002f085cadcedbbb77c016fd4942fb5490", "x86_sha256": "c2f29eb6849ea73672dec75508c2b470a91a9f8d0cfb8cfb9e769746e4a71e5d", "x64_sha1": "2e4969c8b7d8d24939800e562c7d1ca11c76eb6c", "x86_sha1": "66098a8a211800d1459b9505a5651e6899ab86ab", "x64_uri_queried": "/lVIR", "x86_uri_queried": "/Hz1i", "x64_md5": "74ae9c53919d4f979aaf020659822db7", "x86_md5": "8ed9a0fc6d08fab96b261d96cf00f937", "x64_time": 1713647907765.8, "x86_time": 1713647896119.4, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "117.72.11.112,/dpixel", "x86_c2_server": "117.72.11.112,/ptj", "x64_c2_host": "117.72.11.112", "x86_c2_host": "117.72.11.112", "x64_c2_path": "/dpixel", "x86_c2_path": "/ptj", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648355", "ip": "47.113.150.236", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "af4d9d6ce419df68b58c83ffbbe3f5e6004bb0462acc45fd97d16f0ecbe05d1b", "x86_sha256": "f944e8ff07f1b10b1a0bb157fb34a45710184c18688b5f69d659653236b5ea7c", "x64_sha1": "9191ef7a1b2d7c3379fcd9a9d35f1bb511157f50", "x86_sha1": "e44ab93b6ebbe928dc7819657afd70873544f379", "x64_uri_queried": "/0zHk", "x86_uri_queried": "/XGLq", "x64_md5": "28306c1f8531c915454a7aa79faf382d", "x86_md5": "1ad1a70bd563c60d14ac3a507d8bc8b5", "x64_time": 1713648344163.7, "x86_time": 1713648336787.0, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.113.150.236,/__utm.gif", "x86_c2_server": "47.113.150.236,/visit.js", "x64_c2_host": "47.113.150.236", "x86_c2_host": "47.113.150.236", "x64_c2_path": "/__utm.gif", "x86_c2_path": "/visit.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 100000, "x86_watermark": 100000, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648365", "ip": "157.245.12.65", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "a1bb198ad9f42528402d912456cfa327aef7b50ad6f1f9721513ec2b6742fecd", "x86_sha256": "d84b9db92d52af74981df55172587db40bef9ba96affac3c858bc85ccdc5b6de", "x64_sha1": "0591e6293b040c4fd0d5a3153c22b9f2787dbb41", "x86_sha1": "23eddc8971c7136e9641756ed34561e2affe82fe", "x64_uri_queried": "/Tb0w", "x86_uri_queried": "/tMIR", "x64_md5": "a43a6d921f7e37cfbe7eb61a1162c369", "x86_md5": "caf9de1b8946356a1545aa18db861bb5", "x64_time": 1713648359387.7, "x86_time": 1713648355607.5, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "157.245.12.65,/cm", "x86_c2_server": "157.245.12.65,/ca", "x64_c2_host": "157.245.12.65", "x86_c2_host": "157.245.12.65", "x64_c2_path": "/cm", "x86_c2_path": "/ca", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648434", "ip": "123.207.45.112", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "e2467f3849ae1780836297c3b27d6a57e0d931804f5b88e7c0776830375766a2", "x86_sha256": "90b74995435c6dc08272a610b6d55499ddbc1dd66070fd749a745a942b336854", "x64_sha1": "afec12d84f67e85dfafa03a70977c41838bc8f21", "x86_sha1": "3a5c1d0a117cf35eb463dfe1d411542f86801c47", "x64_uri_queried": "/h9iS", "x86_uri_queried": "/EQwO", "x64_md5": "24f9861e7294349cd97aa42c1c0eda73", "x86_md5": "55e70365de0589a3096d6b726c6c1d86", "x64_time": 1713648417741.5, "x86_time": 1713648405576.0, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "123.207.45.112,/ca", "x86_c2_server": "123.207.45.112,/cx", "x64_c2_host": "123.207.45.112", "x86_c2_host": "123.207.45.112", "x64_c2_path": "/ca", "x86_c2_path": "/cx", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648485", "ip": "114.134.188.22", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "583f933eeb82df156c2701df8f1433c08e42d35bc46b599fc4b0554ef3c0af53", "x86_sha256": "75233e9e414c8fa7c92876ce2a4c32f3e274abad00489397d69b3b0466510eb9", "x64_sha1": "34b42c9e79bd0f4e5712951748e39b89e4e14ccd", "x86_sha1": "a606a37eef5737325437669a00afa290c4345b50", "x64_uri_queried": "/7lRh", "x86_uri_queried": "/x7Fg", "x64_md5": "64637b126d6807f15a2e5f5a0d2e74ba", "x86_md5": "360a8b65530fb587098b85409a79b7c9", "x64_time": 1713648473646.6, "x86_time": 1713648459810.8, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "114.134.188.22,/ptj", "x86_c2_server": "114.134.188.22,/g.pixel", "x64_c2_host": "114.134.188.22", "x86_c2_host": "114.134.188.22", "x64_c2_path": "/ptj", "x86_c2_path": "/g.pixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648583", "ip": "82.156.188.211", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "d896f9412af7451b71c5f96e634fdb8b564f4b55542f8f171220361210de2835", "x86_sha256": "a16f575014ac0089241d05fb60b4abc16abac9f67d7ddf040301ef36f960d614", "x64_sha1": "8f998b0ae7805b2b1fca0c99b7a3228bc739868f", "x86_sha1": "3383cba143b33a02392e24df8e2e4ae74d8803d6", "x64_uri_queried": "/ScdC", "x86_uri_queried": "/MxQF", "x64_md5": "c39bc3a5bee60bedd0973a4be23ab356", "x86_md5": "c097639e42dcd6bf6b3a4df0434ed67d", "x64_time": 1713648565643.8, "x86_time": 1713648555260.9, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 443, "x86_port": 443, "x64_polling": 3000, "x86_polling": 3000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "82.156.188.211,/api/x", "x86_c2_server": "82.156.188.211,/api/x", "x64_c2_host": "82.156.188.211", "x86_c2_host": "82.156.188.211", "x64_c2_path": "/api/x", "x86_c2_path": "/api/x", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/api/y", "x86_http_method_path_2": "/api/y", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648633", "ip": "8.137.108.208", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "818a9f4ce6cf2c5113536098de3032c50d2e1553d5fab6ab8c5fd51af0ff2014", "x86_sha256": "1bb9b3be5e1f64a9be7b9cbc0a26c270a395b95535e685cac4aaac32ed2e8fc4", "x64_sha1": "44dcbda8fb144a4fcdf66ec4c2e62bd9526d2856", "x86_sha1": "77054b2147c7263cbda63c061725e7e001abb224", "x64_uri_queried": "/0bgd", "x86_uri_queried": "/hbY9", "x64_md5": "5e448cbd7a30aac0f6d1588ddb7e6742", "x86_md5": "7caae717f3e824ce43231012b2ae8f71", "x64_time": 1713648621472.2, "x86_time": 1713648615226.8, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "8.137.108.208,/pixel", "x86_c2_server": "8.137.108.208,/ptj", "x64_c2_host": "8.137.108.208", "x86_c2_host": "8.137.108.208", "x64_c2_path": "/pixel", "x86_c2_path": "/ptj", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648663", "ip": "165.232.75.251", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "dd4e0ebddab3c48cfe32bcbc3f95652f39f3ed57014016dff348a6ffc40dce5e", "x86_sha256": "8a99986b24bcc67a7c1136327e82078389d61c5f1ed3f6ba8fff5240f579e139", "x64_sha1": "e703d22d732285a067be9166c48ba770eb65c4a7", "x86_sha1": "5bb7c9b5f7ab77d211d0d33fa13688ea9abbbc0c", "x64_uri_queried": "/jf6W", "x86_uri_queried": "/M1zd", "x64_md5": "ea75bc50497fa522bc3f63937c7c667f", "x86_md5": "fee293010b8b597bf96038f0ee52663b", "x64_time": 1713648645337.4, "x86_time": 1713648634955.1, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "165.232.75.251,/cm", "x86_c2_server": "165.232.75.251,/en_US/all.js", "x64_c2_host": "165.232.75.251", "x86_c2_host": "165.232.75.251", "x64_c2_path": "/cm", "x86_c2_path": "/en_US/all.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648700", "ip": "47.92.213.25", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "d8779664940f8642d4c4256127c9f700be8c5cce0f64d5d6cf963f3419cd5699", "x86_sha256": "e1f098d9dce64f8c29e04c4d47c04a80ac8f5bddd25197acf2c35133f07c56c6", "x64_sha1": "6e92d77b33ba55d288581839d9412005bd981593", "x86_sha1": "9ba65ecc4f09ab00269e27e5b506afe4852ec3ca", "x64_uri_queried": "/HcCo", "x86_uri_queried": "/BbtD", "x64_md5": "91ed853e3bdde28b01bbb0227fa8165a", "x86_md5": "a496d53f679f51ad16b0d1dec7403131", "x64_time": 1713648681381.1, "x86_time": 1713648672261.9, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.92.213.25,/pixel.gif", "x86_c2_server": "47.92.213.25,/push", "x64_c2_host": "47.92.213.25", "x86_c2_host": "47.92.213.25", "x64_c2_path": "/pixel.gif", "x86_c2_path": "/push", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 666666666, "x86_watermark": 666666666, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648764", "ip": "121.37.208.189", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "1f99f8fb2289b70b6da6fd0b3f86fd61db5a6420c1b34ce5a984a1ca48d0af86", "x86_sha256": "893b8efae84cce68f3b05332e1a697f63b7e5c18005cf81b08304d489b90bc59", "x64_sha1": "c591634692e189836a3d482120707f557bc8be95", "x86_sha1": "d6a91c2b3c8679d5e3847be19a1caa7f4fac614f", "x64_uri_queried": "/z4fI", "x86_uri_queried": "/MvFS", "x64_md5": "cb5ac0089483f56f4cdc3d0d22c12655", "x86_md5": "1acf82a4f8a5075c62a19ae5bde3edf2", "x64_time": 1713648758326.1, "x86_time": 1713648751702.3, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "121.37.208.189,/updates.rss", "x86_c2_server": "121.37.208.189,/dpixel", "x64_c2_host": "121.37.208.189", "x86_c2_host": "121.37.208.189", "x64_c2_path": "/updates.rss", "x86_c2_path": "/dpixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646646", "ip": "107.151.247.136", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "e0592332e6c49543e8d45a6f25aac9a622239cea8f08ebf3b176145b605afea8", "x86_sha256": "bfe0167a844fd2a4b1b886b2c39458c5871d86a3db2a3a3eee303b359caa8f48", "x64_sha1": "e083ec08a40d8ec4c7927854dd84a59e6d317c29", "x86_sha1": "e2bad92054d100cba63659312e5d02cb244ee648", "x64_uri_queried": "/wbBB", "x86_uri_queried": "/jdLB", "x64_md5": "08f1377e6eaac587b2098db6b715a8fc", "x86_md5": "2d58ad30e68e82abed55d257d56063c3", "x64_time": 1713646629142.8, "x86_time": 1713646613734.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "107.151.247.136,/visit.js", "x86_c2_server": "107.151.247.136,/ga.js", "x64_c2_host": "107.151.247.136", "x86_c2_host": "107.151.247.136", "x64_c2_path": "/visit.js", "x86_c2_path": "/ga.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646722", "ip": "114.55.133.151", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "8d5ba2acc9d0bf340f29e2d65dec2117673e50e0d6adf4ea51b553a1621ac394", "x86_sha256": "4e358d5a25276f8bfe87c30faf3fa0a8cecfebf14cb44d4c1a2646f27265a9f6", "x64_sha1": "08212c0ebca9fb0f691985945aec8e3faacb04e0", "x86_sha1": "5b2a7dbef7b10887ad9c34e9cf2a3ff96ea6f60d", "x64_uri_queried": "/jbIH", "x86_uri_queried": "/dAVa", "x64_md5": "7ab6c7b1208d80511564aca417e3c28a", "x86_md5": "819755835846213935b04e27d2619fcc", "x64_time": 1713646699125.5, "x86_time": 1713646660454.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "114.55.133.151,/ca", "x86_c2_server": "114.55.133.151,/load", "x64_c2_host": "114.55.133.151", "x86_c2_host": "114.55.133.151", "x64_c2_path": "/ca", "x86_c2_path": "/load", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646766", "ip": "101.34.46.239", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "58c465f891e8ab4ae573c782d48c9544bbe75e3b8a82f7d83672fe564c201ec6", "x86_sha256": "0da7cd857bf1da730d57bcd931f99d397476350421530d3a3e3a221c3472c59c", "x64_sha1": "9c0c6d18da6db7376bc4179fa52c0acecd14d29e", "x86_sha1": "e6373ec4e301606440d90dd7d0ddeaa6c85aa3f6", "x64_uri_queried": "/Ko4o", "x86_uri_queried": "/Kls2", "x64_md5": "44a8074b145571ba006879ef59f215c1", "x86_md5": "9e0fe88bc1985beda5132dfa6c425a62", "x64_time": 1713646748619.3, "x86_time": 1713646735992.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "101.34.46.239,/push", "x86_c2_server": "101.34.46.239,/ca", "x64_c2_host": "101.34.46.239", "x86_c2_host": "101.34.46.239", "x64_c2_path": "/push", "x86_c2_path": "/ca", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)", "x86_user_agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646829", "ip": "35.221.150.166", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "1cf00200926befc4a44a9cee88c67dfb513173a5810c94c6859a6012869c5834", "x86_sha256": "6d73bf493b5b05c48203e64859a44176ff9c8d2562ec9c83c5c8ed80519e7c3e", "x64_sha1": "b7bacb842c07e0209dccd005ca92f9576468954f", "x86_sha1": "fe41d20055d6bba8e54a1c72b9bb67f2d8e58269", "x64_uri_queried": "/2Tfq", "x86_uri_queried": "/iNm8", "x64_md5": "4259e8f12104efc6a7e45b2e0783882c", "x86_md5": "d783cb3bf1aa33741171b5463c3ce6e7", "x64_time": 1713646799411.7, "x86_time": 1713646782376.7, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "35.221.150.166,/g.pixel", "x86_c2_server": "35.221.150.166,/ga.js", "x64_c2_host": "35.221.150.166", "x86_c2_host": "35.221.150.166", "x64_c2_path": "/g.pixel", "x86_c2_path": "/ga.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646874", "ip": "162.14.77.157", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "383b95669ff72407618b8e5d17449d7d6a06d3146cf959826bfd6f1361e3feb1", "x86_sha256": "6e3e623695c7e69e55b9bc95a294a1f8d16c538214213f8fcb3ce8e7bb7f8d4a", "x64_sha1": "dabc2a3fe5d42bf78964f4c4078a36e5cd20b7b5", "x86_sha1": "7a266cb282cd710fed961f8204858b547f8ae0e1", "x64_uri_queried": "/TuDP", "x86_uri_queried": "/FNec", "x64_md5": "c64a186a40b80ceb8a031eb281e5f0a6", "x86_md5": "01f1985fc6cbc866459c2ab6d4a88cac", "x64_time": 1713646857530.0, "x86_time": 1713646844608.4, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 40000, "x86_polling": 40000, "x64_jitter": 35, "x86_jitter": 35, "x64_c2_server": "162.14.77.157,/default.jsp", "x86_c2_server": "162.14.77.157,/parse.jsp", "x64_c2_host": "162.14.77.157", "x86_c2_host": "162.14.77.157", "x64_c2_path": "/default.jsp", "x86_c2_path": "/parse.jsp", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.jsp", "x86_http_method_path_2": "/submit.jsp", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646957", "ip": "43.156.21.230", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "d75365e59e57f07eabbf6d75407483815af5c0506b76c086009f0a32131c9859", "x86_sha256": "3534e06cae3bf5b117fe8732cea82837b6d3a6756358ef425d4f8f295b90c87b", "x64_sha1": "5c310506d5042258043ddaa08355cfeb37f418c9", "x86_sha1": "e42c40b4f028446f9459d62e9c5c05ce90cd7acd", "x64_uri_queried": "/P4nk", "x86_uri_queried": "/tD0t", "x64_md5": "88c53b62d1c9e95d22bad2feec86e68a", "x86_md5": "8cd88ce420c0c4a30c4abd4daba53d7a", "x64_time": 1713646940464.4, "x86_time": 1713646903975.9, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "43.156.21.230,/ca", "x86_c2_server": "43.156.21.230,/dpixel", "x64_c2_host": "43.156.21.230", "x86_c2_host": "43.156.21.230", "x64_c2_path": "/ca", "x86_c2_path": "/dpixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713646990", "ip": "49.232.55.153", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "7f58801bdf0eb83c449494abb1af8fffb3db4f7e61878c57d2e2e34db525ff3b", "x86_sha256": "62ea50b23fcbc0b9fe5bf7ada645a475bafebdc890c6785f86140de9547e7eb6", "x64_sha1": "76aca67514eda8bd65bc638a971d1c5bc74103b0", "x86_sha1": "8b2489eed03d406ff14c82594b27fec2026058f0", "x64_uri_queried": "/zVHE", "x86_uri_queried": "/4Wap", "x64_md5": "3850393e1ba6f958da38c2b46f0972cd", "x86_md5": "d7ee923551dd1e47f49928d27765da4b", "x64_time": 1713646972587.6, "x86_time": 1713646960532.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "49.232.55.153,/dpixel", "x86_c2_server": "49.232.55.153,/cx", "x64_c2_host": "49.232.55.153", "x86_c2_host": "49.232.55.153", "x64_c2_path": "/dpixel", "x86_c2_path": "/cx", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER", "x86_user_agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647021", "ip": "120.78.206.231", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "0a0f14643010132bf7fea77f14d2ddbf8cdf7bda02ce71c20ef79e5a92f5f2af", "x86_sha256": "809a270e38413ea501ed8ad3077d1ff8539358e81f8b348bea289d4a2272e035", "x64_sha1": "25e9e7f8be192eed4757eab030d7d6bf338e5156", "x86_sha1": "80097d6279e07f1461402a91821b789f6e9c4221", "x64_uri_queried": "/UpLL", "x86_uri_queried": "/0Jso", "x64_md5": "4bc412f36cfde8356f903d655ade6440", "x86_md5": "f0f76b0147029b492c93a36585608b1d", "x64_time": 1713647002003.7, "x86_time": 1713646996469.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "120.78.206.231,/fwlink", "x86_c2_server": "120.78.206.231,/pixel.gif", "x64_c2_host": "120.78.206.231", "x86_c2_host": "120.78.206.231", "x64_c2_path": "/fwlink", "x86_c2_path": "/pixel.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C; .NET4.0E)", "x86_user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647060", "ip": "124.223.200.131", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "33558f544922d0f4de501ee45504c56a75eb976ff8e9f82d792a125a4ca22d69", "x86_sha256": "e6004f93ea88cbca7574d758ef89e00b5217383167275ef1d25856f3222fa455", "x64_sha1": "df7ddc3f563aa3038b13f5f921b27d7cae71dcdb", "x86_sha1": "758aa40f85e99ecfe89f9168a36e492f512d099d", "x64_uri_queried": "/SNiS", "x86_uri_queried": "/BuAd", "x64_md5": "07f8c02aca7de5ca814cf9b35c9d60eb", "x86_md5": "3c758b68842db8e253e30af4369cf40d", "x64_time": 1713647041005.8, "x86_time": 1713647028804.8, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 5000, "x86_polling": 5000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "service-1cao6cjs-1312654103.gz.apigw.tencentcs.com,/admin/login", "x86_c2_server": "service-1cao6cjs-1312654103.gz.apigw.tencentcs.com,/admin/login", "x64_c2_host": "service-1cao6cjs-1312654103.gz.apigw.tencentcs.com", "x86_c2_host": "service-1cao6cjs-1312654103.gz.apigw.tencentcs.com", "x64_c2_path": "/admin/login", "x86_c2_path": "/admin/login", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "x86_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "x64_http_method_path_2": "/admin/user", "x86_http_method_path_2": "/admin/user", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647124", "ip": "164.155.128.124", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "6400c9d5e74ad3a4d155f93f1def2f76ac32ec82a6bdd825e42795511840ff47", "x86_sha256": "442620f14e84631c1a7ee810a9f20de94a4d08dcee256a5febdbbc616dabcf10", "x64_sha1": "2ce4104fb016cc618f3ef84c096e7969983292ef", "x86_sha1": "029f500b7b57a79e213f220911b15997ec547aa0", "x64_uri_queried": "/l3Fx", "x86_uri_queried": "/S3kk", "x64_md5": "e2308e7bce00a2bb716c566f066136dd", "x86_md5": "63c376b2314a3619c21003afd7075f11", "x64_time": 1713647104886.4, "x86_time": 1713647075406.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 45000, "x86_polling": 45000, "x64_jitter": 37, "x86_jitter": 37, "x64_c2_server": "164.155.128.124,/jquery-3.3.1.min.js", "x86_c2_server": "164.155.128.124,/jquery-3.3.1.min.js", "x64_c2_host": "164.155.128.124", "x86_c2_host": "164.155.128.124", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x64_watermark": 426352781, "x86_watermark": 426352781, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647167", "ip": "152.136.100.26", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "f78e2e596313927f5a7d87d8b80b12d46bf5b87fb17fca6c95e17d7e118b3ccd", "x86_sha256": "6eef515ed87d8c7291d75b8cec34678b84ac303469b3f12d0d9b5ba5ee68dd4a", "x64_sha1": "18ec9b535f486a23c7c23da0560a32a8778de66d", "x86_sha1": "98f6add5d443e89bb2ee5ca794aa341b0d3869e1", "x64_uri_queried": "/dhFK", "x86_uri_queried": "/MHvQ", "x64_md5": "aaabc9a10ededee8c0f65611a929791f", "x86_md5": "4b99f0c5eefac0c144f9cabed3b07e30", "x64_time": 1713647150448.1, "x86_time": 1713647130866.4, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "152.136.100.26,/__utm.gif", "x86_c2_server": "152.136.100.26,/pixel", "x64_c2_host": "152.136.100.26", "x86_c2_host": "152.136.100.26", "x64_c2_path": "/__utm.gif", "x86_c2_path": "/pixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647206", "ip": "111.229.187.212", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "4bd9123a556fc0ebfa50a9c700a0843ba0afc81a69a096760b50a561134ad8bb", "x86_sha256": "08a37715b9af22f8e42c56fc828b175a9192e0fa3b08f07a5e235a097f5cfe6c", "x64_sha1": "0e71f84a53bd949ee876b01ce84b697972688ee0", "x86_sha1": "29592e61291155c52c9c7bb7a713e2fd108686f0", "x64_uri_queried": "/Kh9q", "x86_uri_queried": "/1rtE", "x64_md5": "b4214f51bd7ec1c0918bcd036142d240", "x86_md5": "c6c80451550dea00b25c2d22a1521500", "x64_time": 1713647186575.7, "x86_time": 1713647173078.9, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "111.229.187.212,/activity", "x86_c2_server": "111.229.187.212,/cm", "x64_c2_host": "111.229.187.212", "x86_c2_host": "111.229.187.212", "x64_c2_path": "/activity", "x86_c2_path": "/cm", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647270", "ip": "80.66.87.240", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "a07393dcb2b27ce539923b4167e99735d97b82a75be8765142e126e5a4f5e949", "x86_sha256": "bbe0398359d21fd297f413bbc930f4a4d9021c6f10440459fc1952ca83b4da01", "x64_sha1": "40cfd7e653da1f349628222ece80aeaf561858b7", "x86_sha1": "3e98046da252e82ee29fc7e97a7d65f263e75f83", "x64_uri_queried": "/fJDi", "x86_uri_queried": "/PSRg", "x64_md5": "2231e179ba55aebdd7889acc11741413", "x86_md5": "3ec0047d5a20c221fb1b93b3c1e8ca2a", "x64_time": 1713647245356.2, "x86_time": 1713647230580.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "80.66.87.240,/match", "x86_c2_server": "80.66.87.240,/ptj", "x64_c2_host": "80.66.87.240", "x86_c2_host": "80.66.87.240", "x64_c2_path": "/match", "x86_c2_path": "/ptj", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647315", "ip": "8.212.49.116", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "7d64ca0621a659619c0467b17f106cc26b6349db85433a92106870d54d16e9af", "x86_sha256": "5223020b4c8545fa675b229153ffcc647e91b43796e2e8c4a759a4dc0fd623a6", "x64_sha1": "1f94fc17a4896be19989142813380d11fb79a285", "x86_sha1": "62a5851fb08fd6fb7d7527d1ca93135e07833ed7", "x64_uri_queried": "/8raR", "x86_uri_queried": "/jZVB", "x64_md5": "e5b8d1b21412aaa968a9f06319e234a3", "x86_md5": "eeb45ee1d18e6e67b22d4b2cc44dc5f3", "x64_time": 1713647301657.9, "x86_time": 1713647288314.3, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 100, "x86_polling": 100, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "js.msedgeupdate.com,/cm", "x86_c2_server": "js.msedgeupdate.com,/visit.js", "x64_c2_host": "js.msedgeupdate.com", "x86_c2_host": "js.msedgeupdate.com", "x64_c2_path": "/cm", "x86_c2_path": "/visit.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 0, "x86_watermark": 0, "x64_c2_host_header": null, "x86_c2_host_header": null, "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MALC)", "x86_user_agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647386", "ip": "43.138.20.107", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "280b7dfb80d4f1f10056cffd37acb954c538eb3c1bf77242bf285b2343c9388a", "x86_sha256": "fcacd39bbc4b452ad12d3dc7599b40ca9c2fb72b51d7a37828b4b6b93e91f53c", "x64_sha1": "4550cc6914d21f3cfb5fc052a4fbb1dc240d4cd6", "x86_sha1": "c0e6b00c666b634caf33607445282d3ab94a9a52", "x64_uri_queried": "/m2jT", "x86_uri_queried": "/ug2N", "x64_md5": "b70e8c8d14ccdb5f884f26090222d01e", "x86_md5": "edb8a75f3b035312cf3d2516d2805c98", "x64_time": 1713647366301.1, "x86_time": 1713647350802.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 3000, "x86_polling": 3000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "service-9sehd1r7-1252427727.bj.apigw.tencentcs.com,/api/x", "x86_c2_server": "service-9sehd1r7-1252427727.bj.apigw.tencentcs.com,/api/x", "x64_c2_host": "service-9sehd1r7-1252427727.bj.apigw.tencentcs.com", "x86_c2_host": "service-9sehd1r7-1252427727.bj.apigw.tencentcs.com", "x64_c2_path": "/api/x", "x86_c2_path": "/api/x", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/api/y", "x86_http_method_path_2": "/api/y", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647436", "ip": "47.100.87.177", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "4ca8a933e5b536cba703eae80232b764c2feaff62961c13653857950190c911f", "x86_sha256": "6040da39d672d6da48720a868101e55bda3ae2c7b60ef67938d23b23a22a7b64", "x64_sha1": "f7542ce8eec0f525f91f397b083e0f50c048e88b", "x86_sha1": "e41c260c5e87cc4bbe79b8791366859dcb592bb6", "x64_uri_queried": "/CfnF", "x86_uri_queried": "/f1Sr", "x64_md5": "caf92f17b006086043ad2a79e20fc176", "x86_md5": "3a8e3517e3805ee549347abf0980b25e", "x64_time": 1713647412607.9, "x86_time": 1713647395833.7, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.100.87.177,/__utm.gif", "x86_c2_server": "47.100.87.177,/pixel", "x64_c2_host": "47.100.87.177", "x86_c2_host": "47.100.87.177", "x64_c2_path": "/__utm.gif", "x86_c2_path": "/pixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647462", "ip": "156.232.7.236", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "6b565942a0d013b533e86244e55910694053539d9b209ce3020b1830208258a3", "x86_sha256": "dea116620dbd6259b98de9dae96c9f8bd0cd4785041c419b37c1eb83c7d9a228", "x64_sha1": "5a29f7234f5eac7fabfedc7cc2bb17f017e89fbb", "x86_sha1": "beafc78afe72b57e3c554af10c4dd7c210c4ac5a", "x64_uri_queried": "/nJt1", "x86_uri_queried": "/RNqK", "x64_md5": "11bf49c68411b15404bf5b60fac725f7", "x86_md5": "3b6b33a59fe179852c6ae609a0289cbd", "x64_time": 1713647444991.2, "x86_time": 1713647437997.5, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "156.232.7.236,/g.pixel", "x86_c2_server": "156.232.7.236,/cx", "x64_c2_host": "156.232.7.236", "x86_c2_host": "156.232.7.236", "x64_c2_path": "/g.pixel", "x86_c2_path": "/cx", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1234567890, "x86_watermark": 1234567890, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647487", "ip": "142.93.2.25", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "3dcca2c0623f63a65a768f6075e96ff8559ac43c77d0067dc246d8b43d1d6a27", "x86_sha256": "a027e89d662ecb7ce46102774db3a7911cb101118522bc52b0cfa623950f9b80", "x64_sha1": "58f2c0e049b9796fee3dad14bd3a4fb78d40c068", "x86_sha1": "f4f26072e21bed863333f2a6623ffb3f973c5461", "x64_uri_queried": "/rx1B", "x86_uri_queried": "/FUSn", "x64_md5": "eca0a3b166a2956be90366bfdcfc8cb5", "x86_md5": "b5441f6c3db5859018e8b3a8c11a3069", "x64_time": 1713647476931.9, "x86_time": 1713647463363.7, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 1, "x86_polling": 1, "x64_jitter": 1, "x86_jitter": 1, "x64_c2_server": "service-dj3eqgq2-1316113086.gz.apigw.tencentcs.com,/Contact/v9.23/AODFY6X8UV", "x86_c2_server": "service-dj3eqgq2-1316113086.gz.apigw.tencentcs.com,/Contact/v9.23/AODFY6X8UV", "x64_c2_host": "service-dj3eqgq2-1316113086.gz.apigw.tencentcs.com", "x86_c2_host": "service-dj3eqgq2-1316113086.gz.apigw.tencentcs.com", "x64_c2_path": "/Contact/v9.23/AODFY6X8UV", "x86_c2_path": "/Contact/v9.23/AODFY6X8UV", "x64_spawn_to_x86": "%windir%\\syswow64\\dns-sd.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dns-sd.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\EhStorAuthn.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\EhStorAuthn.exe", "x64_watermark": 391144938, "x86_watermark": 391144938, "x64_c2_host_header": "Host: service-dj3eqgq2-1316113086.gz.apigw.tencentcs.com\r\n", "x86_c2_host_header": "Host: service-dj3eqgq2-1316113086.gz.apigw.tencentcs.com\r\n", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/Level/v10.41/O9QLXGNJ2", "x86_http_method_path_2": "/Level/v10.41/O9QLXGNJ2", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647540", "ip": "47.241.225.61", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "464950ba204413776a50b7d675b2ef378f13a1890f7e879d5f2414dbefb4f81b", "x86_sha256": "241725d80c365e25b0fa63a45f73c16e4e1bec94be4a63e9d5d745d52818ecd3", "x64_sha1": "f96019240db4e3a67b3547e9a25006a791c40165", "x86_sha1": "daa9ce2bff0ba025f3f46cbf34274e32c02de8c6", "x64_uri_queried": "/1lgY", "x86_uri_queried": "/GflC", "x64_md5": "d2f76e32dc046ea0652ecc2fdc1a063e", "x86_md5": "6f368d9d1773f21adbf56778a9fcd676", "x64_time": 1713647517005.5, "x86_time": 1713647496818.7, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "47.241.225.61,/en_US/all.js", "x86_c2_server": "47.241.225.61,/IE9CompatViewList.xml", "x64_c2_host": "47.241.225.61", "x86_c2_host": "47.241.225.61", "x64_c2_path": "/en_US/all.js", "x86_c2_path": "/IE9CompatViewList.xml", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647579", "ip": "143.198.101.149", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "fad733e0da6731ac1f10399fc6ecf76964d355834d75678fcec1bf62755dcdfa", "x86_sha256": "c1ef0ea966d902cc6500d272a403b8c6ed7b2c4e8eb8f27293c40ad993eef4cf", "x64_sha1": "61087321eeeca09d30f83158687140135966d1ed", "x86_sha1": "50521602299f2cf4dca86231204f4b036b8d7769", "x64_uri_queried": "/tJm2", "x86_uri_queried": "/XYy2", "x64_md5": "3348c56865dc144ce2ee0b649693c946", "x86_md5": "f092c6bd769b23087c164f90b151dc69", "x64_time": 1713647562047.3, "x86_time": 1713647557185.0, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 37, "x86_jitter": 37, "x64_c2_server": "143.198.101.149,/jquery-3.3.1.min.js", "x86_c2_server": "143.198.101.149,/jquery-3.3.1.min.js", "x64_c2_host": "143.198.101.149", "x86_c2_host": "143.198.101.149", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647623", "ip": "59.110.172.50", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "d50e7c5a53b7e4a27fae2086e8972112e064cdc0752abdf562111e77bf0b010d", "x86_sha256": "7e83d282e648478e1ee80c1dfd32061494b7d49b678ea642d7da52a1175e1577", "x64_sha1": "6cc33d3ff0a93f0c1a23d6f24cfd94dd7c487b70", "x86_sha1": "61cba2ab3eb3a1a5f89c6aa5d2d21a949a21a1a9", "x64_uri_queried": "/4zZU", "x86_uri_queried": "/1tiN", "x64_md5": "eec57003fcfc228b334d0c022d4cf4cd", "x86_md5": "1597ca6399ab7a629d7ec90a53382187", "x64_time": 1713647608906.0, "x86_time": 1713647598570.0, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "59.110.172.50,/ptj", "x86_c2_server": "59.110.172.50,/dpixel", "x64_c2_host": "59.110.172.50", "x86_c2_host": "59.110.172.50", "x64_c2_path": "/ptj", "x86_c2_path": "/dpixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 0, "x86_watermark": 0, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)", "x86_user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647667", "ip": "5.188.87.50", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "57a13db967743803d27aafe7a1967fe7a1755b740b83e7be666b86ebad638be3", "x86_sha256": "0b5bb179e89e7a6d0c267352bcc03d16b5b4c6a9cf575791945eae631410b372", "x64_sha1": "502751814fff7118d4f6f58ba44aa20d52bc2a70", "x86_sha1": "35237bb9897774b34e68a5f13134b4ba2b18a9d1", "x64_uri_queried": "/83zx", "x86_uri_queried": "/CsSS", "x64_md5": "d47063a55c0a2c2b79ea00a930a6f6ff", "x86_md5": "5b9de33975f764a731935390cbeabb7c", "x64_time": 1713647650613.0, "x86_time": 1713647635697.2, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "goldensoftware.co.uk,/push", "x86_c2_server": "goldensoftware.co.uk,/visit.js", "x64_c2_host": "goldensoftware.co.uk", "x86_c2_host": "goldensoftware.co.uk", "x64_c2_path": "/push", "x86_c2_path": "/visit.js", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1357776117, "x86_watermark": 1357776117, "x64_c2_host_header": "Host: goldensoftware.co.uk\r\n", "x86_c2_host_header": "Host: goldensoftware.co.uk\r\n", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647710", "ip": "45.14.66.194", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "5f9823696428415e7b82edbc81f52ae129986caddc2ee102f9a6ab17963a7167", "x86_sha256": "fa6ca42c8c5c8ffd83dcefd49d7d3c7a80a2d5d354eb3cf8672acb081652293e", "x64_sha1": "a9764f25dbf15ccac7cd8eff868a2f2b944e1390", "x86_sha1": "2bb3316d5a57980f72632e247f8c19f39395903c", "x64_uri_queried": "/79sz", "x86_uri_queried": "/Fnq7", "x64_md5": "2ce0895dbf4b0c52e50fe03254ca3904", "x86_md5": "afa8c0da5fb4f4108c71ef4dbace95e3", "x64_time": 1713647694172.8, "x86_time": 1713647682223.2, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "45.14.66.194,/j.ad", "x86_c2_server": "45.14.66.194,/match", "x64_c2_host": "45.14.66.194", "x86_c2_host": "45.14.66.194", "x64_c2_path": "/j.ad", "x86_c2_path": "/match", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUS)", "x86_user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647758", "ip": "111.231.146.154", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "042c5696cce8124e318835c08442955b4fc02e2969b31369e72a3be285e9095e", "x86_sha256": "6f6e31edb34ed8eae6485f3ce9b92923922acb7c534388f3182759f84f4586cd", "x64_sha1": "dd0cc1fe591463d8032681bb30630cb4fbcde510", "x86_sha1": "7125dc5e6a00fb533bf94b5327fb992d84a9284d", "x64_uri_queried": "/km9L", "x86_uri_queried": "/3Mfv", "x64_md5": "29660598c57ed9b573c2b9654fc7fb8d", "x86_md5": "281582d00dcc4e4dfd0de1930dec2a51", "x64_time": 1713647736892.0, "x86_time": 1713647717406.1, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 11937, "x86_polling": 11937, "x64_jitter": 50, "x86_jitter": 50, "x64_c2_server": "111.231.146.154,/jquery-3.3.1.min.js", "x86_c2_server": "111.231.146.154,/jquery-3.3.1.min.js", "x64_c2_host": "111.231.146.154", "x86_c2_host": "111.231.146.154", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\mtstocom.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\mtstocom.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\mtstocom.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\mtstocom.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647800", "ip": "193.222.96.156", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "7a2e0421fd657e20e0089fc0cc49a5adc64ca7234018c0b8c73af758b30478dd", "x86_sha256": "e52a6242ea4175ee99ffa3bf71e14fd58b03a9d7dd0a9d542445f1bd0926c745", "x64_sha1": "2da97e05ca01d2b31380b762583e5b090ded4b2d", "x86_sha1": "7d9b9dbfac6838f714f81f0eadc120c65a5628f5", "x64_uri_queried": "/XCNt", "x86_uri_queried": "/fFfJ", "x64_md5": "52225f3497381abb34dd0b7854c5bf1a", "x86_md5": "446c459e5b47a32374fc756a552d32e5", "x64_time": 1713647778775.6, "x86_time": 1713647762191.7, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 45000, "x86_polling": 45000, "x64_jitter": 37, "x86_jitter": 37, "x64_c2_server": "193.222.96.156,/jquery-3.3.1.min.js", "x86_c2_server": "193.222.96.156,/jquery-3.3.1.min.js", "x64_c2_host": "193.222.96.156", "x86_c2_host": "193.222.96.156", "x64_c2_path": "/jquery-3.3.1.min.js", "x86_c2_path": "/jquery-3.3.1.min.js", "x64_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\dllhost.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\dllhost.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/jquery-3.3.2.min.js", "x86_http_method_path_2": "/jquery-3.3.2.min.js", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647839", "ip": "20.56.70.245", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "656e541e2d17857b376d4ab02bc4df9c6517f243f8e6454c9c2d3ff1ab2d3f03", "x86_sha256": "9f16fe915e2baf90761590d7d55a71f655ec9f2eee3dd53f3488424fdd72781d", "x64_sha1": "d29ca062f6a6697e72d36d75313858c52179b196", "x86_sha1": "1af7a1a5e972b09ace2722dbbf17c381fbd93dd5", "x64_uri_queried": "/FdGl", "x86_uri_queried": "/mOTL", "x64_md5": "a609d20c08e1dc498cd1afefeb84b3b7", "x86_md5": "acdef7028df8dd2b2addad11212e72ec", "x64_time": 1713647819553.7, "x86_time": 1713647803961.8, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "20.56.70.245,/__utm.gif", "x86_c2_server": "20.56.70.245,/fwlink", "x64_c2_host": "20.56.70.245", "x86_c2_host": "20.56.70.245", "x64_c2_path": "/__utm.gif", "x86_c2_path": "/fwlink", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 158572911, "x86_watermark": 158572911, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713647892", "ip": "68.183.92.175", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "fcdeca31da8d3a36f57d9f83b87edc8de6c831adde13fffc95c3bf07e16f14c5", "x86_sha256": "f573598a0820db7942c9d16455ecddc7c38bdf1bbe0c8394018f457bf439161d", "x64_sha1": "e6492287d490b409e3fb38e1a10df1e3f8db2bc4", "x86_sha1": "04f59692911aa4a9ad6d7549053c2ec73f7e2ad1", "x64_uri_queried": "/Czi7", "x86_uri_queried": "/AZkV", "x64_md5": "bc0113c37332389d36f25b90027239e2", "x86_md5": "c5cadef713e329f0c928c0512f480fb0", "x64_time": 1713647868695.5, "x86_time": 1713647854362.9, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 35, "x86_jitter": 35, "x64_c2_server": "canarapay-f5agf9ccgteqbpg2.z03.azurefd.net,/safebrowsing/I7F9L/s0Rm6WOzIDfYrB6YAi2d", "x86_c2_server": "canarapay-f5agf9ccgteqbpg2.z03.azurefd.net,/safebrowsing/I7F9L/s0Rm6WOzIDfYrB6YAi2d", "x64_c2_host": "canarapay-f5agf9ccgteqbpg2.z03.azurefd.net", "x86_c2_host": "canarapay-f5agf9ccgteqbpg2.z03.azurefd.net", "x64_c2_path": "/safebrowsing/I7F9L/s0Rm6WOzIDfYrB6YAi2d", "x86_c2_path": "/safebrowsing/I7F9L/s0Rm6WOzIDfYrB6YAi2d", "x64_spawn_to_x86": "%windir%\\syswow64\\WerFault.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\WerFault.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\WerFault.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\WerFault.exe", "x64_watermark": 335259885, "x86_watermark": 335259885, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/safebrowsing/xaH9uts/utTlBXZ8Ke9O0lXVLjjDNWw-BUh0h", "x86_http_method_path_2": "/safebrowsing/xaH9uts/utTlBXZ8Ke9O0lXVLjjDNWw-BUh0h", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648082", "ip": "121.37.215.238", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "e9ffdc2537d0629dea8c76e0fb1749bbaa26a47398a7dabb02222794a8feb505", "x86_sha256": "19eb6981377bda3091acebeab1e8b786f007ed035f790cde290244c6ef730716", "x64_sha1": "5683febedfd19f08f6d329168b7b429f973e0a5c", "x86_sha1": "85844b0703d035347fedd90fcc28c516457bc8b1", "x64_uri_queried": "/RgNV", "x86_uri_queried": "/oO8f", "x64_md5": "807c93b3dbc56648c7cd0c0245db3708", "x86_md5": "0c9401f917ce256501ed2eca351351b9", "x64_time": 1713648073295.2, "x86_time": 1713648068210.9, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "121.37.215.238,/match", "x86_c2_server": "121.37.215.238,/load", "x64_c2_host": "121.37.215.238", "x86_c2_host": "121.37.215.238", "x64_c2_path": "/match", "x86_c2_path": "/load", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 1, "x86_watermark": 1, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648426", "ip": "8.131.118.10", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "eb4540b17414bf951ed83431aeb9d2f220bfa15b7472c023832cbd3fd103dec4", "x86_sha256": "11dfa07221ddc0a4ac6c0d98fbd1877ace44ff79f7802367f59da761fa327d34", "x64_sha1": "72905cb50968dcac7c3653219b0224af4f1f71f3", "x86_sha1": "ed3ed72cd01a32b09ba803cd3e6dbaf7b807e478", "x64_uri_queried": "/TOwC", "x86_uri_queried": "/Ke5w", "x64_md5": "6dd4d7461dc56d1da877b6fb166aa02f", "x86_md5": "c1382a7fe624dac405e681f8898cddae", "x64_time": 1713648410966.8, "x86_time": 1713648400765.1, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "8.131.118.10,/__utm.gif", "x86_c2_server": "8.131.118.10,/pixel", "x64_c2_host": "8.131.118.10", "x86_c2_host": "8.131.118.10", "x64_c2_path": "/__utm.gif", "x86_c2_path": "/pixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 305419896, "x86_watermark": 305419896, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)", "x86_user_agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648472", "ip": "39.104.200.45", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "79c00a303214b107bd1abf28d29499258e29cffb8ae916188818047b07982978", "x86_sha256": "83f787e1abd3634916905540d69a2e8e0dc133705eb96c7efd9c52d924820e58", "x64_sha1": "ca0c20ae82928789d3d0b4359756ece79a493050", "x86_sha1": "408250ffbd1a57d051bce31be648ed7f8244e694", "x64_uri_queried": "/cSr5", "x86_uri_queried": "/BvKY", "x64_md5": "8d758b434941c5cb9b829044901a115c", "x86_md5": "8992f46d28ce1a820160e518376377e8", "x64_time": 1713648458203.5, "x86_time": 1713648449476.4, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "39.104.200.45,/pixel.gif", "x86_c2_server": "39.104.200.45,/dpixel", "x64_c2_host": "39.104.200.45", "x86_c2_host": "39.104.200.45", "x64_c2_path": "/pixel.gif", "x86_c2_path": "/dpixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648512", "ip": "45.152.64.2", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "2e91e98cdfcc37172c68252ac60ca00fdfad9b9990efe12ec41eb61eec746be3", "x86_sha256": "c80b772788eea40fe5c6fe559b9b6a479c20f3a535614fd9f8997e9e922c562d", "x64_sha1": "6817122d8b5ca9c7ee8838378392f3074dd176b7", "x86_sha1": "a157fc0009662a7c0d720ff79a45757f8d9f5161", "x64_uri_queried": "/6uBp", "x86_uri_queried": "/OUgQ", "x64_md5": "905d348aadd4128c9db60b1e6c78a318", "x86_md5": "40731a7e01765cb1b880ec81bc813858", "x64_time": 1713648506431.4, "x86_time": 1713648500566.6, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "45.152.62.2,/push", "x86_c2_server": "45.152.62.2,/IE9CompatViewList.xml", "x64_c2_host": "45.152.62.2", "x86_c2_host": "45.152.62.2", "x64_c2_path": "/push", "x86_c2_path": "/IE9CompatViewList.xml", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648579", "ip": "114.115.210.125", "hostnames": null, "protocol": "tcp", "port": "443", "service": "https", "x64_sha256": "36c4a2d27e4f21b58ee6dda8dbb8950d51dda6a2cb82d669c7eccd3e4068b383", "x86_sha256": "1df5b1af87f9b5401c6ba90eea086e9ea6f1aa35c58e0a54dd2e5d79892dc2ff", "x64_sha1": "62e697d5adab7048c8585959f6a1e55122510e26", "x86_sha1": "e5ddc00a87786c48b14d61df5539f9c04ff28bb0", "x64_uri_queried": "/JcHh", "x86_uri_queried": "/7fFy", "x64_md5": "c011e90138f9f7cc72e8b5e28031f993", "x86_md5": "18cae26c54a38e0566a5544d308bcf89", "x64_time": 1713648563411.4, "x86_time": 1713648553698.1, "x64_beacon_type": "8 (HTTPS)", "x86_beacon_type": "8 (HTTPS)", "x64_port": 443, "x86_port": 443, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "114.115.210.125,/dpixel", "x86_c2_server": "114.115.210.125,/dot.gif", "x64_c2_host": "114.115.210.125", "x86_c2_host": "114.115.210.125", "x64_c2_path": "/dpixel", "x86_c2_path": "/dot.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 666666666, "x86_watermark": 666666666, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648659", "ip": "123.60.135.22", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "bc34b99ead83d343155b73d14c1b2adfd343473daaca1b1c6cb1192d91dbbd8e", "x86_sha256": "7cca1958d1fba7b76b166d192d0f08e435b7b78f0b764ed3017539fd7432f4fd", "x64_sha1": "4068a9665613fa55aac8c9698bf89c87d21a0dd8", "x86_sha1": "1abcc4a54b05ecc09709326d78df70f18aeb7730", "x64_uri_queried": "/AdFr", "x86_uri_queried": "/HXYc", "x64_md5": "9680ad44ce1fe2dc2037c1bd09892a82", "x86_md5": "6b3eeb36967fb9acef748b9d98621703", "x64_time": 1713648645610.7, "x86_time": 1713648637313.9, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "123.60.135.22,/pixel", "x86_c2_server": "123.60.135.22,/g.pixel", "x64_c2_host": "123.60.135.22", "x86_c2_host": "123.60.135.22", "x64_c2_path": "/pixel", "x86_c2_path": "/g.pixel", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 0, "x86_watermark": 0, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": 255, "x86_max_dns": 255, "x64_user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)", "x86_user_agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)", "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": "", "x86_header_1": "", "x64_header_2": "", "x86_header_2": "", "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": "", "x86_pipe_name": "", "x64_year": null, "x86_year": null, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": "0.0.0.0", "x86_dns_idle": "0.0.0.0", "x64_dns_sleep": 0, "x86_dns_sleep": 0, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}, {"seen_at": "1713648703", "ip": "120.78.139.9", "hostnames": null, "protocol": "tcp", "port": "80", "service": "http", "x64_sha256": "7bf37e08590913387ad1810cd8e67a616b165b955a0ebfa36b0cf89b99e20383", "x86_sha256": "f3061d459a853e14d13747e5c2488433f5a95ded97d5fddf97f1ead921b57896", "x64_sha1": "63408420b5be5ee76227595cade35e7b407af8d5", "x86_sha1": "f48b644c12256576a6eb8bb4f15cb8412c0e4319", "x64_uri_queried": "/jJ4u", "x86_uri_queried": "/FRsQ", "x64_md5": "46cb4bd046af173a9585da5482bc36d7", "x86_md5": "d414713ba25db5fa08245e6e711344be", "x64_time": 1713648686962.5, "x86_time": 1713648676798.7, "x64_beacon_type": "0 (HTTP)", "x86_beacon_type": "0 (HTTP)", "x64_port": 80, "x86_port": 80, "x64_polling": 60000, "x86_polling": 60000, "x64_jitter": 0, "x86_jitter": 0, "x64_c2_server": "120.78.139.9,/push", "x86_c2_server": "120.78.139.9,/dot.gif", "x64_c2_host": "120.78.139.9", "x86_c2_host": "120.78.139.9", "x64_c2_path": "/push", "x86_c2_path": "/dot.gif", "x64_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x86_spawn_to_x86": "%windir%\\syswow64\\rundll32.exe", "x64_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x86_spawn_to_x64": "%windir%\\sysnative\\rundll32.exe", "x64_watermark": 987654321, "x86_watermark": 987654321, "x64_c2_host_header": "", "x86_c2_host_header": "", "x64_max_dns": null, "x86_max_dns": null, "x64_user_agent": null, "x86_user_agent": null, "x64_http_method_path_2": "/submit.php", "x86_http_method_path_2": "/submit.php", "x64_header_1": null, "x86_header_1": null, "x64_header_2": null, "x86_header_2": null, "x64_injection_process": null, "x86_injection_process": null, "x64_pipe_name": null, "x86_pipe_name": null, "x64_year": 0, "x86_year": 0, "x64_month": null, "x86_month": null, "x64_day": null, "x86_day": null, "x64_dns_idle": null, "x86_dns_idle": null, "x64_dns_sleep": null, "x86_dns_sleep": null, "x64_method_1": "GET", "x86_method_1": "GET", "x64_method_2": "POST", "x86_method_2": "POST", "x64_proxy_hostname": null, "x86_proxy_hostname": null, "x64_proxy_username": null, "x86_proxy_username": null, "x64_proxy_password": null, "x86_proxy_password": null, "x64_proxy_access_type": null, "x86_proxy_access_type": null, "x64_create_remote_thread": null, "x86_create_remote_thread": null}]