Analysis Date2015-07-29 01:43:18
MD57d4cc544c215659b639ef74ce7899a97
SHA19d633dbbeda12a1864b62bb4a705595b0dcf0273

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 337c8690dd1edcd5cff78dadf56abd23 sha1: 01ef570b787f9554698d2d03ca7cc223c76ca0dd size: 12288
Section.rdata md5: 4b497195d5e684e3edf933c158a728b6 sha1: 41c33353ea8aacc8c9d6816f2ce415a8110c253a size: 4096
Section.data md5: 5d427b91fc33783c757d052094336b07 sha1: 4f99f6ecfaf042bddfe7e2c9ce12c46dfebb4c69 size: 167936
Section.rsrc md5: 922ce64bccf1103fe37e501040fbf446 sha1: 6a52f39e2c54d2872f53c959de1b84500393e8c2 size: 4096
Timestamp2010-04-09 09:04:46
VersionLegalCopyright: ? Microsoft Corp. All rights reserved.
InternalName: SQLWB
FileVersion: 2005.090.1399.00
CompanyName: Microsoft Corporation
LegalTrademarks: Microsoft? is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation
Comments: NT INTEL X86
ProductName: Microsoft SQL Server
ProductVersion: 9.00.1399.06
FileDescription: SQLWB - SQL Server Management Studio
OriginalFilename: SQLWB.EXE
PEhash8eeb65184115fc0edf64869071f0b67ac378470e
IMPhash7927ad091f622556ea46f6588610efff
AVK7Trojan ( 001d712b1 )
AVCAT (quickheal)Backdoor.Zegost.B
AVAlwil (avast)Zegost-D [Drp]:Fraudo [Trj]
AVAvira (antivir)TR/Dropper.Gen2
AVTrend MicroBKDR_ZEGOST.SMF
AVAd-AwareGen:Variant.Kazy.30339
AVCA (E-Trust Ino)no_virus
AVGrisoft (avg)BackDoor.Agent.11.BB
AVArcabit (arcavir)Gen:Variant.Kazy.30339
AVFortinetW32/Bjlog.EMA!tr
AVMicroWorld (escan)Gen:Variant.Kazy.30339
AVMalwareBytesno_virus
AVEmsisoftGen:Variant.Kazy.30339
AVSymantecno_virus
AVFrisk (f-prot)W32/Zegost.A.gen!Eldorado
AVIkarusBackdoor.Win32.Zegost
AVPadvishno_virus
AVVirusBlokAda (vba32)TrojanPSW.Bjlog
AVBitDefenderGen:Variant.Kazy.30339
AVMcafeeBackDoor-EQO
AVBullGuardGen:Variant.Kazy.30339
AVDr. WebTrojan.Baijin.290
AVF-SecureBackdoor:W32/Bjlog.D
AVTwisterTrojan.0CAC1B73E0C25768
AVZillya!Trojan.Bjlog.Win32.3298
AVRisingBackdoor.Zegost!56D2
AVMicrosoft Security EssentialsBackdoor:Win32/Zegost.B
AVKasperskyTrojan.Win32.Generic
AVEset (nod32)Win32/Redosdru.DB
AVClamAVWin.Trojan.Zegost-1749
AVAuthentiumW32/Zegost.A.gen!Eldorado

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\seRviCes\ias\Description ➝
\\xb4\\xab\\xca\\xe4\\xbf\\xcd\\xbb\\xa7\\xb6\\xcb\\xba\\xcd\\xb7\\xfe\\xce\\xf1\\xc6\\xf7\\xbd\\xbb\\xbb\\xa5\\xb5\\xc4\\xb7\\xfe\\xce\\xf1\\xa1\\xa3\\xc8\\xe7\\xb9\\xfb\\xb4\\xcb\\xb7\\xfe\\xce\\xf1\\xb1\\xbb\\xd6\\xd5\\xd6\\xb9\\xa3\\xac\\xb6\\xe0\\xca\\xfd\\xbb\\xf9\\xd3\\xda Windows \\xb5\\xc4\\xc8\\xed\\xbc\\xfe\\xbd\\xab\\xce\\xde\\xb7\\xa8\\xd5\\xfd\\xb3\\xa3\\xd4\\xcb\\xd0\\xd0\\xa1\\xa3\\xc8\\xe7\\xb9\\xfb\\xb4\\xcb\\xb7\\xfe\\xce\\xf1\\xb1\\xbb\\xbd\\xfb\\xd3\\xc3\\xa3\\xac\\xc8\\xce\\xba\\xce\\xd2\\xc0\\xc0\\xb5\\xcb\\xfc\\xb5\\xc4\\xb7\\xfe\\xce\\xf1\\xbd\\xab\\xce\\xde\\xb7\\xa8\\xc6\\xf4\\xb6\\xaf\\xa1\\xa3\\x00
RegistryHKEY_LOCAL_MACHINE\soFTwARE\mcsvdipcdj\servicemaiN ➝
OsThunkDdSetGammaRamp\\x00
Creates Filec:\Documents and Settings\Administrator\Local Settings\temp\xwnqieplmd.log
Creates Filemcsvdipcdj
Deletes Filemcsvdipcdj
Creates ServiceNetwork Protection Agent - %SystemRoot%\System32\svchost.exe -k netsvcs

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates FilePhysicalDrive0
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log
Creates MutexGlobal\b1006983447_8088j

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1848

Process
↳ Pid 1144

Network Details:

DNSdnl-01.geo.kaspersky.com
Type: A
4.28.136.42
DNSrsup1.rising.com.cn
Type: A
219.238.233.223
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
113.5.250.131
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
218.60.107.24
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
221.204.171.166
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
112.253.41.83
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
112.253.41.89
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSprd.geo.kaspersky.com
Type: A
38.124.168.116
DNSprd.geo.kaspersky.com
Type: A
38.124.168.125
DNSprd.geo.kaspersky.com
Type: A
4.28.136.36
DNSprd.geo.kaspersky.com
Type: A
4.28.136.42
DNSprd.geo.kaspersky.com
Type: A
38.117.98.253
DNSdnl-02.geo.kaspersky.com
Type: A
4.28.136.39
DNSywxx.gnway.net
Type: A
23.89.5.60
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
112.253.41.89
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
113.5.250.131
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
218.60.107.24
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
221.204.171.166
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
112.253.41.83
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSprd.geo.kaspersky.com
Type: A
38.117.98.253
DNSprd.geo.kaspersky.com
Type: A
38.124.168.116
DNSprd.geo.kaspersky.com
Type: A
38.124.168.125
DNSprd.geo.kaspersky.com
Type: A
4.28.136.36
DNSprd.geo.kaspersky.com
Type: A
4.28.136.42
DNSdnl-03.geo.kaspersky.com
Type: A
4.28.136.39
DNScu003.www.duba.cncssr.chinacache.net
Type: A
221.235.254.115
DNScu003.www.duba.cncssr.chinacache.net
Type: A
116.211.122.28
DNScs3.duba.net
Type: A
114.112.68.186
DNSprd.geo.kaspersky.com
Type: A
4.28.136.42
DNSprd.geo.kaspersky.com
Type: A
38.117.98.253
DNSprd.geo.kaspersky.com
Type: A
38.124.168.116
DNSprd.geo.kaspersky.com
Type: A
38.124.168.125
DNSprd.geo.kaspersky.com
Type: A
4.28.136.36
DNSdnl-04.geo.kaspersky.com
Type: A
4.28.136.36
DNScu003.www.duba.cncssr.chinacache.net
Type: A
116.211.122.28
DNScu003.www.duba.cncssr.chinacache.net
Type: A
221.235.254.115
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSprd.geo.kaspersky.com
Type: A
4.28.136.36
DNSprd.geo.kaspersky.com
Type: A
4.28.136.42
DNSprd.geo.kaspersky.com
Type: A
38.117.98.253
DNSprd.geo.kaspersky.com
Type: A
38.124.168.116
DNSprd.geo.kaspersky.com
Type: A
38.124.168.125
DNSdnl-05.geo.kaspersky.com
Type: A
4.28.136.36
DNSc01.i05.arnic.hadns.net
Type: A
183.61.10.163
DNSc01.i05.arnic.hadns.net
Type: A
183.57.148.143
DNSc01.i05.arnic.hadns.net
Type: A
183.61.10.157
DNSc01.i05.arnic.hadns.net
Type: A
183.61.10.159
DNSc01.i05.arnic.hadns.net
Type: A
183.61.10.161
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSprd.geo.kaspersky.com
Type: A
38.124.168.125
DNSprd.geo.kaspersky.com
Type: A
4.28.136.36
DNSprd.geo.kaspersky.com
Type: A
4.28.136.42
DNSprd.geo.kaspersky.com
Type: A
38.117.98.253
DNSprd.geo.kaspersky.com
Type: A
38.124.168.116
DNSdnl-06.geo.kaspersky.com
Type: A
38.124.168.125
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
112.253.41.83
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
112.253.41.89
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
113.5.250.131
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
218.60.107.24
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
221.204.171.166
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSprd.geo.kaspersky.com
Type: A
38.124.168.116
DNSprd.geo.kaspersky.com
Type: A
38.124.168.125
DNSprd.geo.kaspersky.com
Type: A
4.28.136.36
DNSprd.geo.kaspersky.com
Type: A
4.28.136.42
DNSprd.geo.kaspersky.com
Type: A
38.117.98.253
DNSdnl-07.geo.kaspersky.com
Type: A
38.124.168.125
DNSdownload005.dbu.cnc.ccgslb.net
Type: A
112.253.41.83
DNSdownload005.dbu.cnc.ccgslb.net
Type: A
112.253.41.89
DNSdownload005.dbu.cnc.ccgslb.net
Type: A
211.90.30.14
DNSdownload005.dbu.cnc.ccgslb.net
Type: A
218.60.107.24
DNSdownload005.dbu.cnc.ccgslb.net
Type: A
222.142.57.26
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSprd.geo.kaspersky.com
Type: A
38.117.98.253
DNSprd.geo.kaspersky.com
Type: A
38.124.168.116
DNSprd.geo.kaspersky.com
Type: A
38.124.168.125
DNSprd.geo.kaspersky.com
Type: A
4.28.136.36
DNSprd.geo.kaspersky.com
Type: A
4.28.136.42
DNSdnl-08.geo.kaspersky.com
Type: A
38.124.168.119
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSprd.geo.kaspersky.com
Type: A
4.28.136.42
DNSprd.geo.kaspersky.com
Type: A
38.117.98.253
DNSprd.geo.kaspersky.com
Type: A
38.124.168.116
DNSprd.geo.kaspersky.com
Type: A
38.124.168.125
DNSprd.geo.kaspersky.com
Type: A
4.28.136.36
DNSdnl-09.geo.kaspersky.com
Type: A
38.124.168.119
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSprd.geo.kaspersky.com
Type: A
4.28.136.36
DNSprd.geo.kaspersky.com
Type: A
4.28.136.42
DNSprd.geo.kaspersky.com
Type: A
38.117.98.253
DNSprd.geo.kaspersky.com
Type: A
38.124.168.116
DNSprd.geo.kaspersky.com
Type: A
38.124.168.125
DNSdnl-10.geo.kaspersky.com
Type: A
38.124.168.116
DNSz.rising.com.cn
Type: A
211.103.159.73
DNSz.rising.com.cn
Type: A
211.103.159.74
DNSz.rising.com.cn
Type: A
211.103.159.75
DNSz.rising.com.cn
Type: A
211.103.159.76
DNSz.rising.com.cn
Type: A
211.103.159.77
DNSz.rising.com.cn
Type: A
211.103.159.78
DNSz.rising.com.cn
Type: A
211.103.159.79
DNSz.rising.com.cn
Type: A
211.103.159.80
DNSz.rising.com.cn
Type: A
211.103.159.81
DNSz.rising.com.cn
Type: A
211.103.159.82
DNSz.rising.com.cn
Type: A
211.103.159.83
DNScc00036.h.cncssr.chinacache.net
Type: A
60.12.50.153
DNScc00036.h.cncssr.chinacache.net
Type: A
139.209.89.90
DNScc00036.h.cncssr.chinacache.net
Type: A
221.204.171.157
DNScc00036.h.cncssr.chinacache.net
Type: A
60.12.50.140
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSdnl-11.geo.kaspersky.com
Type: A
38.124.168.116
DNSz.rising.com.cn
Type: A
211.103.159.83
DNSz.rising.com.cn
Type: A
211.103.159.73
DNSz.rising.com.cn
Type: A
211.103.159.74
DNSz.rising.com.cn
Type: A
211.103.159.75
DNSz.rising.com.cn
Type: A
211.103.159.76
DNSz.rising.com.cn
Type: A
211.103.159.77
DNSz.rising.com.cn
Type: A
211.103.159.78
DNSz.rising.com.cn
Type: A
211.103.159.79
DNSz.rising.com.cn
Type: A
211.103.159.80
DNSz.rising.com.cn
Type: A
211.103.159.81
DNSz.rising.com.cn
Type: A
211.103.159.82
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
221.204.171.166
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
112.253.41.83
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
112.253.41.89
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
113.5.250.131
DNSdownload005.dbu.cncssr.chinacache.net
Type: A
218.60.107.24
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSdnl-12.geo.kaspersky.com
Type: A
38.117.98.253
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSdnl-13.geo.kaspersky.com
Type: A
38.117.98.202
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNScs13.duba.net
Type: A
121.14.11.100
DNSdnl-14.geo.kaspersky.com
Type: A
38.117.98.199
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSdnl-15.geo.kaspersky.com
Type: A
38.117.98.196
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSdnl-16.geo.kaspersky.com
Type: A
38.117.98.253
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSdnl-17.geo.kaspersky.com
Type: A
4.28.136.39
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSdnl-18.geo.kaspersky.com
Type: A
38.117.98.199
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSdnl-19.geo.kaspersky.com
Type: A
38.117.98.196
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSantispy.db.kingsoft.com
Type: A
219.232.254.22
DNSbo.duba.net
Type: A
119.147.146.155
DNSwww.beike.cn
Type: A
114.112.68.174
DNSrdr.kingsoft.com
Type: A
115.182.195.29
DNSrdr.kingsoft.com
Type: A
125.39.136.78
DNSforkingsoft.xdwscache.glb0.lxdns.com
Type: A
8.37.239.17
DNSyd.ecoma.glb0.lxdns.com
Type: A
8.37.239.17
DNSz.rising.com.cn
Type: A
211.103.159.82
DNSz.rising.com.cn
Type: A
211.103.159.81
DNSz.rising.com.cn
Type: A
211.103.159.80
DNSz.rising.com.cn
Type: A
211.103.159.79
DNSz.rising.com.cn
Type: A
211.103.159.78
DNSz.rising.com.cn
Type: A
211.103.159.77
DNSz.rising.com.cn
Type: A
211.103.159.76
DNSz.rising.com.cn
Type: A
211.103.159.75
DNSz.rising.com.cn
Type: A
211.103.159.74
DNSz.rising.com.cn
Type: A
211.103.159.73
DNSz.rising.com.cn
Type: A
211.103.159.83
DNSgnop008.tlgslb.com
Type: A
116.10.187.119
DNSgnop008.tlgslb.com
Type: A
116.10.187.120
DNSgnop008.tlgslb.com
Type: A
116.10.187.110
DNSgnop008.tlgslb.com
Type: A
116.10.187.111
DNSgnop008.tlgslb.com
Type: A
116.10.187.112
DNSgnop008.tlgslb.com
Type: A
116.10.187.118
DNSm.rising.com.cn
Type: A
211.103.159.169
DNSm.rising.com.cn
Type: A
211.103.159.170
DNSm.rising.com.cn
Type: A
211.103.159.86
DNSm.rising.com.cn
Type: A
211.103.159.151
DNSm.rising.com.cn
Type: A
211.103.159.152
DNSm.rising.com.cn
Type: A
211.103.159.153
DNSm.rising.com.cn
Type: A
211.103.159.154
DNSm.rising.com.cn
Type: A
211.103.159.155
DNSm.rising.com.cn
Type: A
211.103.159.157
DNSm.rising.com.cn
Type: A
211.103.159.158
DNSm.rising.com.cn
Type: A
211.103.159.159
DNSm.rising.com.cn
Type: A
211.103.159.160
DNSm.rising.com.cn
Type: A
211.103.159.161
DNSm.rising.com.cn
Type: A
211.103.159.162
DNSm.rising.com.cn
Type: A
211.103.159.163
DNSm.rising.com.cn
Type: A
211.103.159.164
DNSm.rising.com.cn
Type: A
211.103.159.165
DNSm.rising.com.cn
Type: A
211.103.159.166
DNSm.rising.com.cn
Type: A
211.103.159.167
DNSm.rising.com.cn
Type: A
211.103.159.168
DNSreportq.rising.com.cn
Type: A
211.103.159.107
DNSreportq.rising.com.cn
Type: A
211.103.159.109
DNSreportq.rising.com.cn
Type: A
211.103.159.97
DNSreportq.rising.com.cn
Type: A
211.103.159.100
DNSreportq.rising.com.cn
Type: A
211.103.159.101
DNSgnop008.tlgslb.com
Type: A
116.10.187.118
DNSgnop008.tlgslb.com
Type: A
116.10.187.119
DNSgnop008.tlgslb.com
Type: A
116.10.187.120
DNSgnop008.tlgslb.com
Type: A
116.10.187.110
DNSgnop008.tlgslb.com
Type: A
116.10.187.111
DNSgnop008.tlgslb.com
Type: A
116.10.187.112
DNSxnop007.tlgslb.com
Type: A
117.42.74.137
DNSxnop007.tlgslb.com
Type: A
117.42.74.147
DNSqup.qh-lb.com
Type: A
106.120.162.178
DNSqup.qh-lb.com
Type: A
106.120.167.27
DNSqup.qh-lb.com
Type: A
106.120.167.27
DNSqup.qh-lb.com
Type: A
106.120.162.178
DNSqup.qh-lb.com
Type: A
106.120.162.178
DNSqup.qh-lb.com
Type: A
106.120.167.27
DNSd1z9e7acialubj.cloudfront.net
Type: A
54.230.204.203
DNSd1z9e7acialubj.cloudfront.net
Type: A
54.230.204.209
DNSd1z9e7acialubj.cloudfront.net
Type: A
54.230.204.222
DNSd1z9e7acialubj.cloudfront.net
Type: A
54.230.204.253
DNSd1z9e7acialubj.cloudfront.net
Type: A
54.230.206.175
DNSd1z9e7acialubj.cloudfront.net
Type: A
54.230.206.219
DNSd1z9e7acialubj.cloudfront.net
Type: A
54.239.172.251
DNSd1z9e7acialubj.cloudfront.net
Type: A
54.192.207.9
DNSsdup.qh-lb.com
Type: A
0.0.0.0
DNSd1q7jy3ylnh6sp.cloudfront.net
Type: A
54.192.207.223
DNSd1q7jy3ylnh6sp.cloudfront.net
Type: A
54.230.204.119
DNSd1q7jy3ylnh6sp.cloudfront.net
Type: A
54.230.204.153
DNSd1q7jy3ylnh6sp.cloudfront.net
Type: A
54.230.205.189
DNSd1q7jy3ylnh6sp.cloudfront.net
Type: A
54.230.206.11
DNSd1q7jy3ylnh6sp.cloudfront.net
Type: A
54.230.206.72
DNSd1q7jy3ylnh6sp.cloudfront.net
Type: A
54.230.207.130
DNSd1q7jy3ylnh6sp.cloudfront.net
Type: A
54.239.172.170
DNSqd-b.code.qihoo.com
Type: A
218.30.118.9
DNSqd-b.code.qihoo.com
Type: A
218.30.118.9
DNSg2-b.stat.360safe.com
Type: A
106.38.184.104
DNSg2-b.stat.360safe.com
Type: A
180.97.63.236
DNSlocini.gslb.360safe.com
Type: A
220.181.159.91
DNSlocini.gslb.360safe.com
Type: A
101.226.161.214
DNSlocini.gslb.360safe.com
Type: A
220.181.150.161
DNSlocini.gslb.360safe.com
Type: A
220.181.150.162
DNSlocini.gslb.360safe.com
Type: A
220.181.150.219
DNStr-b.p.360.cn
Type: A
180.153.227.168
DNStr-b.p.360.cn
Type: A
180.153.227.169
DNStr-b.p.360.cn
Type: A
61.160.224.11
DNStr-b.p.360.cn
Type: A
61.160.224.12
DNStr-b.p.360.cn
Type: A
61.160.224.13
DNStr-b.p.360.cn
Type: A
61.160.224.14
DNStr-b.p.360.cn
Type: A
180.153.227.61
DNStr-b.p.360.cn
Type: A
180.153.227.62
DNSupdateh-b.360safe.com
Type: A
58.68.236.241
DNSwww-b.360.cn
Type: A
106.120.167.66
DNSg2-b.stat.360safe.com
Type: A
180.97.63.236
DNSg2-b.stat.360safe.com
Type: A
106.38.184.104
DNSdl.qhcdn.com
Type: A
171.13.14.165
DNSdl.qhcdn.com
Type: A
171.13.14.169
DNSdl.qhcdn.com
Type: A
171.13.14.169
DNSdl.qhcdn.com
Type: A
171.13.14.165
DNSdl.qh-lb.com
Type: A
0.0.0.0
DNSwww-b.360.cn
Type: A
106.120.167.66
DNSwww.360safe.com
Type: A
54.251.107.25
DNSsoftm-b.update.360safe.com
Type: A
180.153.230.27
DNSsoftm-b.update.360safe.com
Type: A
180.153.230.28
DNSsoftm-b.update.360safe.com
Type: A
220.181.158.158
DNSsoftm-b.update.360safe.com
Type: A
220.181.158.159
DNSsoftm-b.update.360safe.com
Type: A
106.120.168.93
DNSsoftm-b.update.360safe.com
Type: A
106.120.168.94
DNSsoftm-s.update.360safe.com
Type: A
61.240.140.65
DNSsoftm-s.update.360safe.com
Type: A
61.240.140.66
DNSsoftm-s.update.360safe.com
Type: A
123.125.80.23
DNSsoftm-s.update.360safe.com
Type: A
123.125.80.24
DNScu001.www.duba.net
Type: A
DNScs1.duba.net
Type: A
DNSdownloads1.kaspersky-labs.com
Type: A
DNSrsup2.rising.com.cn
Type: A
DNScu002.www.duba.net
Type: A
DNScs2.duba.net
Type: A
DNSdownloads2.kaspersky-labs.com
Type: A
DNSrsup3.rising.com.cn
Type: A
DNScu003.www.duba.net
Type: A
DNSdownloads3.kaspersky-labs.com
Type: A
DNSrsup4.rising.com.cn
Type: A
DNScu004.www.duba.net
Type: A
DNScs4.duba.net
Type: A
DNSdownloads4.kaspersky-labs.com
Type: A
DNSrsup5.rising.com.cn
Type: A
DNScu005.www.duba.net
Type: A
DNScs5.duba.net
Type: A
DNSdownloads5.kaspersky-labs.com
Type: A
DNSrsup6.rising.com.cn
Type: A
DNScu006.www.duba.net
Type: A
DNScs6.duba.net
Type: A
DNSdownloads6.kaspersky-labs.com
Type: A
DNSrsup7.rising.com.cn
Type: A
DNScu007.www.duba.net
Type: A
DNScs7.duba.net
Type: A
DNSdownloads7.kaspersky-labs.com
Type: A
DNSrsup8.rising.com.cn
Type: A
DNScu008.www.duba.net
Type: A
DNScs8.duba.net
Type: A
DNSdownloads8.kaspersky-labs.com
Type: A
DNSrsup9.rising.com.cn
Type: A
DNScu009.www.duba.net
Type: A
DNScs9.duba.net
Type: A
DNSdownloads9.kaspersky-labs.com
Type: A
DNSrsup10.rising.com.cn
Type: A
DNScu010.www.duba.net
Type: A
DNScs10.duba.net
Type: A
DNSdownloads10.kaspersky-labs.com
Type: A
DNSrsup11.rising.com.cn
Type: A
DNScu011.www.duba.net
Type: A
DNScs11.duba.net
Type: A
DNSdownloads11.kaspersky-labs.com
Type: A
DNSrsup12.rising.com.cn
Type: A
DNScu012.www.duba.net
Type: A
DNScs12.duba.net
Type: A
DNSdownloads12.kaspersky-labs.com
Type: A
DNSrsup13.rising.com.cn
Type: A
DNScu013.www.duba.net
Type: A
DNSdownloads13.kaspersky-labs.com
Type: A
DNSrsup14.rising.com.cn
Type: A
DNScu014.www.duba.net
Type: A
DNScs14.duba.net
Type: A
DNSdownloads14.kaspersky-labs.com
Type: A
DNSrsup15.rising.com.cn
Type: A
DNScu015.www.duba.net
Type: A
DNScs15.duba.net
Type: A
DNSdownloads15.kaspersky-labs.com
Type: A
DNSrsup16.rising.com.cn
Type: A
DNScu016.www.duba.net
Type: A
DNScs16.duba.net
Type: A
DNSdownloads16.kaspersky-labs.com
Type: A
DNSrsup17.rising.com.cn
Type: A
DNScu017.www.duba.net
Type: A
DNScs17.duba.net
Type: A
DNSdownloads17.kaspersky-labs.com
Type: A
DNSrsup18.rising.com.cn
Type: A
DNScu018.www.duba.net
Type: A
DNScs18.duba.net
Type: A
DNSdownloads18.kaspersky-labs.com
Type: A
DNSrsup19.rising.com.cn
Type: A
DNScu019.www.duba.net
Type: A
DNScs19.duba.net
Type: A
DNSdownloads19.kaspersky-labs.com
Type: A
DNSf-sq.beike.cn
Type: A
DNSvc01.beike.cn
Type: A
DNSpush.www.duba.net
Type: A
DNSwww.duba.net
Type: A
DNSwww.rising.com.cn
Type: A
DNSrsdownload.rising.com.cn
Type: A
DNSmsginfo.rising.com.cn
Type: A
DNSrsdownauto.rising.com.cn
Type: A
DNSkaspersky.fastcdn.com
Type: A
DNSconf.f.360.cn
Type: A
DNSqup.f.360.cn
Type: A
DNSsdup.360.cn
Type: A
DNSsdupm.360.cn
Type: A
DNSqd.code.360.cn
Type: A
DNSqd.code.qihoo.com
Type: A
DNSstat.360safe.com
Type: A
DNSstat-s.360safe.com
Type: A
DNSupdate.360safe.com
Type: A
DNSupdate-s.360safe.com
Type: A
DNStr.p.360.cn
Type: A
DNSupdateh.360safe.com
Type: A
DNSw.360.cn
Type: A
DNSstat.sd.360.cn
Type: A
DNSsdl.360safe.com
Type: A
DNSdl.360safe.com
Type: A
DNSwww.360.cn
Type: A
DNSsoftm.update.360safe.com
Type: A
Flows TCP192.168.1.1:1032 ➝ 23.89.5.60:8088

Raw Pcap
0x00000000 (00000)   63623173 743f02                       cb1st?.


Strings