| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | 20190527 | 0.3.0.5 | |
| Baidu | 20190318 | 1.0.0.2 | |
| Avast | 20200829 | 18.4.3895.0 | |
| Kingsoft | 20200829 | 2013.8.14.323 | |
| McAfee | 20200829 | 6.0.6.653 | |
| Tencent | 20200829 | 1.0.0.1 | |
| CrowdStrike | 20190702 | 1.0 |
| pdb_path | e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kisengine\product\win32\dbginfo\kinstuiofficial.pdb |
| resource name | CONFIG |
| resource name | EXE |
| resource name | PNG |
| resource name | XML |
| suspicious_features | POST method with no referer header | suspicious_request | POST http://infoc0.duba.net/c/ | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://config.i.duba.net/installrcmd/KInstallRcmdCfg.dat | ||||||
| suspicious_features | POST method with no referer header | suspicious_request | POST https://update.googleapis.com/service/update2?cup2key=10:542233527&cup2hreq=ba5f6f5b359d7a8cc13707db6085680d730393567b0ec08c5d745c7d8ec050b9 | ||||||
| request | GET http://2398.35go.net/defend/o1/jcqgx.ini |
| request | POST http://infoc0.duba.net/c/ |
| request | GET http://config.i.duba.net/installrcmd/KInstallRcmdCfg.dat |
| request | GET http://config.i.duba.net/lminstall3/1.json?time=1620792573 |
| request | HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe |
| request | HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620790356&mv=m&mvi=1&pl=23&shardbypass=yes |
| request | HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=16b163312e83c206&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620790356&mv=m&mvi=3 |
| request | POST https://update.googleapis.com/service/update2?cup2key=10:542233527&cup2hreq=ba5f6f5b359d7a8cc13707db6085680d730393567b0ec08c5d745c7d8ec050b9 |
| request | POST http://infoc0.duba.net/c/ |
| request | POST https://update.googleapis.com/service/update2?cup2key=10:542233527&cup2hreq=ba5f6f5b359d7a8cc13707db6085680d730393567b0ec08c5d745c7d8ec050b9 |
| regkey | .*rising |
| regkey | .*Kingsoft |
| name | CONFIG | language | LANG_CHINESE | offset | 0x000bdc38 | filetype | ISO-8859 text, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000008b | ||||||||||||||||||
| name | EXE | language | LANG_CHINESE | offset | 0x000bdcc4 | filetype | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x018f63d0 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x019f2cfc | filetype | PNG image data, 56 x 14, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000601 | ||||||||||||||||||
| name | XML | language | LANG_CHINESE | offset | 0x019f5a24 | filetype | exported SGML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000004aa | ||||||||||||||||||
| name | XML | language | LANG_CHINESE | offset | 0x019f5a24 | filetype | exported SGML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000004aa | ||||||||||||||||||
| name | XML | language | LANG_CHINESE | offset | 0x019f5a24 | filetype | exported SGML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000004aa | ||||||||||||||||||
| wmi | SELECT Caption FROM Win32_SoundDevice |
| wmi | select * from Win32_NetworkAdapter where PnpDeviceID like 'PCI%' or PnpDeviceID like 'USB%' |
| wmi | SELECT * FROM Win32_BaseBoard WHERE (SerialNumber IS NOT NULL) |
| Cylance | Unsafe |
| ClamAV | Win.Trojan.Generic-6629330-0 |
| Sophos | Generic PUA ML (PUA) |
| VBA32 | BScope.Adware.Presenoker |
| ESET-NOD32 | a variant of Win32/KingSoft.B potentially unwanted |
| entropy | 7.999649606454752 | section | {'size_of_data': '0x0193c000', 'virtual_address': '0x000bd000', 'entropy': 7.999649606454752, 'name': '.rsrc', 'virtual_size': '0x0193b3d0'} | description | A section with a high entropy has been found | |||||||||
| entropy | 0.9721595184349134 | description | Overall entropy of this PE file is high | |||||||||||
| wmi | select * from Win32_NetworkAdapter where PnpDeviceID like 'PCI%' or PnpDeviceID like 'USB%' |
| host | 172.217.24.14 | |||
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\rising\RAV |
| dead_host | 172.217.160.78:443 |
No hosts contacted.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49188 | 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com | 80 |
| 192.168.56.101 | 49189 | 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com | 80 |
| 192.168.56.101 | 49175 | 124.225.102.38 2398.35go.net | 80 |
| 192.168.56.101 | 49186 | 203.208.40.34 update.googleapis.com | 443 |
| 192.168.56.101 | 49187 | 203.208.41.65 redirector.gvt1.com | 80 |
| 192.168.56.101 | 49177 | 211.159.130.116 infoc0.duba.net | 80 |
| 192.168.56.101 | 49179 | 211.159.130.116 infoc0.duba.net | 80 |
| 192.168.56.101 | 49181 | 211.159.130.116 infoc0.duba.net | 80 |
| 192.168.56.101 | 49178 | 27.159.68.238 config.i.duba.net | 80 |
| 192.168.56.101 | 49180 | 27.159.68.238 config.i.duba.net | 80 |
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49713 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50002 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50568 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51378 | 114.114.114.114 | 53 |
| 192.168.56.101 | 54260 | 114.114.114.114 | 53 |
| 192.168.56.101 | 54991 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57236 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57756 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 60088 | 114.114.114.114 | 53 |
| 192.168.56.101 | 60221 | 114.114.114.114 | 53 |
| 192.168.56.101 | 60384 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62318 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 49235 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 50534 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51963 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 53210 | 224.0.0.252 | 5355 |
| URI | Data |
|---|---|
| http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=16b163312e83c206&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620790356&mv=m&mvi=3 | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=16b163312e83c206&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620790356&mv=m&mvi=3 HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com |
| http://2398.35go.net/defend/o1/jcqgx.ini | GET /defend/o1/jcqgx.ini HTTP/1.1 Host: 2398.35go.net Content-Type: application/octet-stream User-Agent: Mozilla/4.0 Accept: */* |
| http://infoc0.duba.net/c/ | POST /c/ HTTP/1.1 Host: infoc0.duba.net Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 Accept: */* Content-Length: 256 \x00\x01\x02\x01\x02\x00\x88\xe2+\xaf\x04\x00\x10\x00\xa4n"m$U\x1b\xaa\xd3\x84>\x99F\x18\xfd\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\xfdT\x9b`\x00\x00\x00\x00\x1c\x00\xe6\xe4\xbd\xfb\xec\xbd\xb0\xf1\xed\xba\xb0\xf9\xfb\xe0\xe9\xbc\xe1\xb0\xb0\xe3\xbd\xeb\xeb\xee\xff\xef\xeb\xf2G\x12\x02\x00\x00\x00\x02\x00\x00\x00\x0b\x00\x00\x00\x96\x00\x00\x00k\x00\xf3\xaa\xba\xbb\xbc\xbd\xcd\xf0\xf8\xe4\xe7\xfa\xed\xfa\xaa\xb2\xb8\xa4\xaa\xbb\xbe\xb8\xfb\xe9\xee\xed\xaa\xb2\xb8\xa4\xaa\xca\xe9\xe1\xcc\xfd\xc9\xe6\xfc\xe1\xfe\xe1\xfa\xfd\xfb\xaa\xb2\xb8\xa4\xaa\xca\xe9\xe1\xcc\xfd\xdb\xe9\xee\xed\xaa\xb2\xb8\xa4\xaa\xd9\xd9\xcf\xfd\xe9\xe6\xc2\xe1\xe9\xaa\xb2\xb8\xa4\xaa\xda\xfd\xe1\xd0\xe1\xe6\xef\xaa\xb2\xb8\xa4\xaa\xec\xfd\xea\xe9\xaa\xb2\xb8\xa4\xaa\xf9\xec\xe2\xe4\xaa\xb2\xb8\xf5\x0c\x00\x00\x00 \x00\xcc\xba\xbf\xbb\xcb\xb1\xbf\xbc\xcb\xbb\xcb\xcd\xb0\xbe\xc9\xcc\xb0\xcb\xcc\xb1\xbc\xce\xba\xc9\xb0\xce\xc9\xb1\xce\xbb\xbb\xba |
| http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620790356&mv=m&mvi=1&pl=23&shardbypass=yes | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620790356&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r1---sn-j5o7dn7e.gvt1.com |
| http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com |
| http://infoc0.duba.net/c/ | POST /c/ HTTP/1.1 Host: infoc0.duba.net Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 Accept: */* Content-Length: 256 \x00\x01\x02\x01\x02\x00\x80#\x915\x04\x00\x10\x00\xa4n"m$U\x1b\xaa\xd3\x84>\x99F\x18\xfd\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\xfdT\x9b`\x00\x00\x00\x00\x1c\x00\xe6\xe4\xbd\xfb\xec\xbd\xb0\xf1\xed\xba\xb0\xf9\xfb\xe0\xe9\xbc\xe1\xb0\xb0\xe3\xbd\xeb\xeb\xee\xff\xef\xeb\xf2G\x12\x02\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00k\x00\xf3\xaa\xba\xbb\xbc\xbd\xcd\xf0\xf8\xe4\xe7\xfa\xed\xfa\xaa\xb2\xb8\xa4\xaa\xbb\xbe\xb8\xfb\xe9\xee\xed\xaa\xb2\xb8\xa4\xaa\xca\xe9\xe1\xcc\xfd\xc9\xe6\xfc\xe1\xfe\xe1\xfa\xfd\xfb\xaa\xb2\xb8\xa4\xaa\xca\xe9\xe1\xcc\xfd\xdb\xe9\xee\xed\xaa\xb2\xb8\xa4\xaa\xd9\xd9\xcf\xfd\xe9\xe6\xc2\xe1\xe9\xaa\xb2\xb8\xa4\xaa\xda\xfd\xe1\xd0\xe1\xe6\xef\xaa\xb2\xb8\xa4\xaa\xec\xfd\xea\xe9\xaa\xb2\xb8\xa4\xaa\xf9\xec\xe2\xe4\xaa\xb2\xb8\xf5\x0c\x00\x00\x00 \x00\xcc\xba\xbf\xbb\xcb\xb1\xbf\xbc\xcb\xbb\xcb\xcd\xb0\xbe\xc9\xcc\xb0\xcb\xcc\xb1\xbc\xce\xba\xc9\xb0\xce\xc9\xb1\xce\xbb\xbb\xba |
| http://config.i.duba.net/installrcmd/KInstallRcmdCfg.dat | GET /installrcmd/KInstallRcmdCfg.dat HTTP/1.1 Host: config.i.duba.net Accept: */* |
| http://config.i.duba.net/lminstall3/1.json?time=1620792573 | GET /lminstall3/1.json?time=1620792573 HTTP/1.1 Host: config.i.duba.net Content-Type: application/octet-stream User-Agent: Mozilla/4.0 Accept: */* |
| http://infoc0.duba.net/c/ | POST /c/ HTTP/1.1 Host: infoc0.duba.net Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 Accept: */* Content-Length: 107 k\x00\x02\x01\x02\x00 J\x08\x8f\x04\x00\x10\x00\xa4n"m$U\x1b\xaa\xd3\x84>\x99F\x18\xfd\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\xf9T\x9b`\x00\x00\x00\x00\x1c\x00\xe6\xe4\xbd\xfb\xec\xbd\xb0\xf1\xed\xba\xb0\xf9\xfb\xe0\xe9\xbc\xe1\xb0\xb0\xe3\xbd\xeb\xeb\xee\xff\xef\xeb\xf2\xc1\x0f\x02\x00\x00\x00b\x01\x00\x00\x00\x00\x00\x00\x00\x00 |
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts