5.6
高危
56 个模型检测该样本为恶意!
重新分析
更多

e6e4b0109e43affdd3b67ec30a114cf3f8d56fedd9f6d7bb15d034a28293b4a5

036247505cba3e5f70298960e4b05dfa.exe

分析耗时

83s

最近分析

文件大小

2.1MB
静态报毒 动态报毒 100% AGENTB AI SCORE=82 ATTRIBUTE BUFMNP BULZ CONFIDENCE DELF ELDORADO FAREIT GENCIRC GENERICKD HIGH CONFIDENCE HIGHCONFIDENCE HRRLEN IGENT JM3@A8LUT7OI KCLOUD MALICIOUS PE MALWARE@#1SJ74PAXAZL6V R002C0PHB20 R347077 RNKBEND S + MAL SCORE STATIC AI UNSAFE YMACCO ZDHMC ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Agentb.1ac0306a 20190527 0.3.0.5
Avast Win32:Malware-gen 20210127 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Undef.(kcloud) 20210128 2017.9.26.565
McAfee Fareit-FVP!036247505CBA 20210127 6.0.6.653
Tencent Malware.Win32.Gencirc.11ac86e2 20210128 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:1939760676&cup2hreq=9e6379f6a3b14651d7df440fac2d5f8425fbd2d43324792cba17e4664064639e
Performs some HTTP requests (3 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.99&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1620114497&mv=m&mvi=1&pl=23&shardbypass=yes
request POST https://update.googleapis.com/service/update2?cup2key=10:1939760676&cup2hreq=9e6379f6a3b14651d7df440fac2d5f8425fbd2d43324792cba17e4664064639e
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1939760676&cup2hreq=9e6379f6a3b14651d7df440fac2d5f8425fbd2d43324792cba17e4664064639e
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620143555.294375
NtAllocateVirtualMemory
process_identifier: 2292
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00630000
success 0 0
1620143570.856375
NtAllocateVirtualMemory
process_identifier: 2292
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x020e0000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1620143591.012375
RegSetValueExA
key_handle: 0x000002ec
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 118.193.202.219:443
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Stealer.23680
MicroWorld-eScan Trojan.GenericKD.43635802
FireEye Generic.mg.036247505cba3e5f
ALYac Trojan.Agent.Ymacco
Cylance Unsafe
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Agentb.1ac0306a
K7GW Riskware ( 0040eff71 )
Cybereason malicious.05cba3
Arcabit Trojan.Generic
BitDefenderTheta Gen:NN.ZelphiF.34780.jM3@a8Lut7oi
Cyren W32/Bulz.C.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Win32/Delf.UNA
TrendMicro-HouseCall TROJ_GEN.R002C0PHB20
Avast Win32:Malware-gen
Kaspersky HEUR:Trojan.Win32.Agentb.gen
BitDefender Trojan.GenericKD.43635802
NANO-Antivirus Trojan.Win32.Stealer.hrrlen
Paloalto generic.ml
Ad-Aware Trojan.GenericKD.43635802
Sophos Mal/Generic-S + Mal/Agent-ATI
Comodo Malware@#1sj74paxazl6v
F-Secure Trojan.TR/Agent.zdhmc
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0PHB20
McAfee-GW-Edition Fareit-FVP!036247505CBA
Emsisoft Trojan.GenericKD.43635802 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Agentb.hil
Avira TR/Agent.zdhmc
MAX malware (ai score=82)
Antiy-AVL Trojan/Win32.Delf
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Agent.oa
Microsoft Trojan:Win32/Ymacco.AAE6
AegisLab Trojan.Win32.Agentb.4!c
ZoneAlarm HEUR:Trojan.Win32.Agentb.gen
GData Trojan.GenericKD.43635802
Cynet Malicious (score: 85)
AhnLab-V3 Malware/Win32.RL_Generic.R347077
McAfee Fareit-FVP!036247505CBA
VBA32 Trojan.Agent
Malwarebytes Trojan.MalPack.SMY
APEX Malicious
Tencent Malware.Win32.Gencirc.11ac86e2
Yandex Trojan.Igent.bUfmNP.2
Ikarus Trojan.Inject
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x5128a4 SysFreeString
0x5128a8 SysReAllocStringLen
0x5128ac SysAllocStringLen
Library advapi32.dll:
0x5128b4 RegQueryValueExA
0x5128b8 RegOpenKeyExA
0x5128bc RegCloseKey
Library user32.dll:
0x5128c4 GetKeyboardType
0x5128c8 DestroyWindow
0x5128cc LoadStringA
0x5128d0 MessageBoxA
0x5128d4 CharNextA
Library kernel32.dll:
0x5128dc GetACP
0x5128e0 Sleep
0x5128e4 VirtualFree
0x5128e8 VirtualAlloc
0x5128ec GetTickCount
0x5128f4 GetCurrentThreadId
0x512900 VirtualQuery
0x512904 WideCharToMultiByte
0x512908 MultiByteToWideChar
0x51290c lstrlenA
0x512910 lstrcpynA
0x512914 LoadLibraryExA
0x512918 GetThreadLocale
0x51291c GetStartupInfoA
0x512920 GetProcAddress
0x512924 GetModuleHandleA
0x512928 GetModuleFileNameA
0x51292c GetLocaleInfoA
0x512930 GetCommandLineA
0x512934 FreeLibrary
0x512938 FindFirstFileA
0x51293c FindClose
0x512940 ExitProcess
0x512944 CompareStringA
0x512948 WriteFile
0x512950 RtlUnwind
0x512954 RaiseException
0x512958 GetStdHandle
Library kernel32.dll:
0x512960 TlsSetValue
0x512964 TlsGetValue
0x512968 LocalAlloc
0x51296c GetModuleHandleA
Library user32.dll:
0x512974 CreateWindowExA
0x512978 WindowFromPoint
0x51297c WaitMessage
0x512980 ValidateRect
0x512984 UpdateWindow
0x512988 UnregisterClassA
0x51298c UnionRect
0x512990 UnhookWindowsHookEx
0x512994 TranslateMessage
0x51299c TrackPopupMenu
0x5129a4 ShowWindow
0x5129a8 ShowScrollBar
0x5129ac ShowOwnedPopups
0x5129b0 SetWindowsHookExA
0x5129b4 SetWindowTextA
0x5129b8 SetWindowPos
0x5129bc SetWindowPlacement
0x5129c0 SetWindowLongW
0x5129c4 SetWindowLongA
0x5129c8 SetTimer
0x5129cc SetScrollRange
0x5129d0 SetScrollPos
0x5129d4 SetScrollInfo
0x5129d8 SetRect
0x5129dc SetPropA
0x5129e0 SetParent
0x5129e4 SetMenuItemInfoA
0x5129e8 SetMenu
0x5129ec SetKeyboardState
0x5129f0 SetForegroundWindow
0x5129f4 SetFocus
0x5129f8 SetCursor
0x5129fc SetClipboardData
0x512a00 SetClassLongA
0x512a04 SetCaretPos
0x512a08 SetCapture
0x512a0c SetActiveWindow
0x512a10 SendMessageW
0x512a14 SendMessageA
0x512a18 ScrollWindowEx
0x512a1c ScrollWindow
0x512a20 ScreenToClient
0x512a24 RemovePropA
0x512a28 RemoveMenu
0x512a2c ReleaseDC
0x512a30 ReleaseCapture
0x512a3c RegisterClassA
0x512a40 RedrawWindow
0x512a44 PtInRect
0x512a48 PostQuitMessage
0x512a4c PostMessageA
0x512a50 PeekMessageW
0x512a54 PeekMessageA
0x512a58 OpenClipboard
0x512a5c OffsetRect
0x512a60 OemToCharA
0x512a64 MessageBoxA
0x512a68 MessageBeep
0x512a6c MapWindowPoints
0x512a70 MapVirtualKeyA
0x512a74 LoadStringA
0x512a78 LoadKeyboardLayoutA
0x512a7c LoadIconA
0x512a80 LoadCursorA
0x512a84 LoadBitmapA
0x512a88 KillTimer
0x512a8c IsZoomed
0x512a90 IsWindowVisible
0x512a94 IsWindowUnicode
0x512a98 IsWindowEnabled
0x512a9c IsWindow
0x512aa0 IsRectEmpty
0x512aa4 IsIconic
0x512aa8 IsDialogMessageW
0x512aac IsDialogMessageA
0x512ab0 IsChild
0x512ab4 IsCharAlphaNumericA
0x512ab8 IsCharAlphaA
0x512abc InvalidateRect
0x512ac0 IntersectRect
0x512ac4 InsertMenuItemA
0x512ac8 InsertMenuA
0x512acc InflateRect
0x512ad4 GetWindowTextA
0x512ad8 GetWindowRect
0x512adc GetWindowPlacement
0x512ae0 GetWindowLongW
0x512ae4 GetWindowLongA
0x512ae8 GetWindowDC
0x512aec GetTopWindow
0x512af0 GetSystemMetrics
0x512af4 GetSystemMenu
0x512af8 GetSysColorBrush
0x512afc GetSysColor
0x512b00 GetSubMenu
0x512b04 GetScrollRange
0x512b08 GetScrollPos
0x512b0c GetScrollInfo
0x512b10 GetPropA
0x512b14 GetParent
0x512b18 GetWindow
0x512b1c GetMessageTime
0x512b20 GetMessagePos
0x512b24 GetMenuStringA
0x512b28 GetMenuState
0x512b2c GetMenuItemInfoA
0x512b30 GetMenuItemID
0x512b34 GetMenuItemCount
0x512b38 GetMenu
0x512b3c GetLastActivePopup
0x512b40 GetKeyboardState
0x512b4c GetKeyboardLayout
0x512b50 GetKeyState
0x512b54 GetKeyNameTextA
0x512b58 GetIconInfo
0x512b5c GetForegroundWindow
0x512b60 GetFocus
0x512b64 GetDoubleClickTime
0x512b68 GetDlgItem
0x512b6c GetDesktopWindow
0x512b70 GetDCEx
0x512b74 GetDC
0x512b78 GetCursorPos
0x512b7c GetCursor
0x512b80 GetClipboardData
0x512b84 GetClientRect
0x512b88 GetClassLongA
0x512b8c GetClassInfoA
0x512b90 GetCaretPos
0x512b94 GetCapture
0x512b98 GetActiveWindow
0x512b9c FrameRect
0x512ba0 FindWindowA
0x512ba4 FillRect
0x512ba8 EqualRect
0x512bac EnumWindows
0x512bb0 EnumThreadWindows
0x512bb8 EnumChildWindows
0x512bbc EndPaint
0x512bc0 EnableWindow
0x512bc4 EnableScrollBar
0x512bc8 EnableMenuItem
0x512bcc EmptyClipboard
0x512bd0 DrawTextA
0x512bd4 DrawMenuBar
0x512bd8 DrawIconEx
0x512bdc DrawIcon
0x512be0 DrawFrameControl
0x512be4 DrawFocusRect
0x512be8 DrawEdge
0x512bec DispatchMessageW
0x512bf0 DispatchMessageA
0x512bf4 DestroyWindow
0x512bf8 DestroyMenu
0x512bfc DestroyIcon
0x512c00 DestroyCursor
0x512c04 DestroyCaret
0x512c08 DeleteMenu
0x512c0c DefWindowProcA
0x512c10 DefMDIChildProcA
0x512c14 DefFrameProcA
0x512c18 CreatePopupMenu
0x512c1c CreateMenu
0x512c20 CreateIcon
0x512c24 CreateCaret
0x512c28 CloseClipboard
0x512c2c ClientToScreen
0x512c30 CheckMenuItem
0x512c34 CharNextW
0x512c38 CallWindowProcA
0x512c3c CallNextHookEx
0x512c40 BeginPaint
0x512c44 CharNextA
0x512c48 CharLowerBuffA
0x512c4c CharLowerA
0x512c50 CharUpperBuffA
0x512c54 CharToOemA
0x512c58 AdjustWindowRectEx
Library gdi32.dll:
0x512c64 UnrealizeObject
0x512c68 StretchBlt
0x512c6c SetWindowOrgEx
0x512c70 SetWindowExtEx
0x512c74 SetWinMetaFileBits
0x512c78 SetViewportOrgEx
0x512c7c SetViewportExtEx
0x512c80 SetTextColor
0x512c84 SetStretchBltMode
0x512c88 SetROP2
0x512c8c SetPixel
0x512c90 SetMapMode
0x512c94 SetEnhMetaFileBits
0x512c98 SetDIBColorTable
0x512c9c SetBrushOrgEx
0x512ca0 SetBkMode
0x512ca4 SetBkColor
0x512ca8 SelectPalette
0x512cac SelectObject
0x512cb0 SelectClipRgn
0x512cb4 SaveDC
0x512cb8 RestoreDC
0x512cbc Rectangle
0x512cc0 RectVisible
0x512cc4 RealizePalette
0x512cc8 Polyline
0x512ccc PolyPolyline
0x512cd0 PlayEnhMetaFile
0x512cd4 PatBlt
0x512cd8 MoveToEx
0x512cdc MaskBlt
0x512ce0 LineTo
0x512ce4 IntersectClipRect
0x512ce8 GetWindowOrgEx
0x512cec GetWinMetaFileBits
0x512cf0 GetTextMetricsA
0x512cf4 GetTextExtentPointA
0x512d00 GetStockObject
0x512d04 GetRgnBox
0x512d08 GetPixel
0x512d0c GetPaletteEntries
0x512d10 GetObjectA
0x512d14 GetNearestColor
0x512d18 GetMapMode
0x512d24 GetEnhMetaFileBits
0x512d28 GetDeviceCaps
0x512d2c GetDIBits
0x512d30 GetDIBColorTable
0x512d34 GetDCOrgEx
0x512d3c GetClipBox
0x512d40 GetBrushOrgEx
0x512d44 GetBkMode
0x512d48 GetBitmapBits
0x512d4c ExtTextOutA
0x512d50 ExtCreatePen
0x512d54 ExcludeClipRect
0x512d58 DeleteObject
0x512d5c DeleteEnhMetaFile
0x512d60 DeleteDC
0x512d64 CreateSolidBrush
0x512d68 CreatePenIndirect
0x512d6c CreatePalette
0x512d74 CreateFontIndirectA
0x512d78 CreateDIBitmap
0x512d7c CreateDIBSection
0x512d80 CreateCompatibleDC
0x512d88 CreateBrushIndirect
0x512d8c CreateBitmap
0x512d90 CopyEnhMetaFileA
0x512d94 BitBlt
Library version.dll:
0x512d9c VerQueryValueA
0x512da4 GetFileVersionInfoA
Library kernel32.dll:
0x512dac lstrcpyA
0x512db0 WriteFile
0x512db4 WaitForSingleObject
0x512db8 VirtualQuery
0x512dbc VirtualProtect
0x512dc0 VirtualAlloc
0x512dc4 SizeofResource
0x512dc8 SetThreadLocale
0x512dcc SetLastError
0x512dd0 SetFilePointer
0x512dd4 SetEvent
0x512dd8 SetErrorMode
0x512ddc SetEndOfFile
0x512de0 ResetEvent
0x512de4 ReadFile
0x512de8 MultiByteToWideChar
0x512dec MulDiv
0x512df0 LockResource
0x512df4 LoadResource
0x512df8 LoadLibraryA
0x512e04 GlobalUnlock
0x512e08 GlobalLock
0x512e0c GlobalFree
0x512e10 GlobalFindAtomA
0x512e14 GlobalDeleteAtom
0x512e18 GlobalAlloc
0x512e1c GlobalAddAtomA
0x512e20 GetVersionExA
0x512e24 GetVersion
0x512e28 GetTickCount
0x512e2c GetThreadLocale
0x512e30 GetStdHandle
0x512e34 GetProcAddress
0x512e38 GetModuleHandleA
0x512e3c GetModuleFileNameA
0x512e40 GetLocaleInfoA
0x512e44 GetLocalTime
0x512e48 GetLastError
0x512e4c GetFullPathNameA
0x512e50 GetDiskFreeSpaceA
0x512e54 GetDateFormatA
0x512e58 GetCurrentThreadId
0x512e5c GetCurrentProcessId
0x512e60 GetComputerNameA
0x512e64 GetCPInfo
0x512e68 FreeResource
0x512e6c InterlockedExchange
0x512e70 FreeLibrary
0x512e74 FormatMessageA
0x512e78 FindResourceA
0x512e7c FindFirstFileA
0x512e80 FindClose
0x512e8c EnumCalendarInfoA
0x512e98 CreateThread
0x512e9c CreateFileA
0x512ea0 CreateEventA
0x512ea4 CompareStringW
0x512ea8 CompareStringA
0x512eac CloseHandle
Library advapi32.dll:
0x512eb4 RegQueryValueExA
0x512eb8 RegOpenKeyExA
0x512ebc RegFlushKey
0x512ec0 RegCloseKey
Library oleaut32.dll:
0x512ec8 GetErrorInfo
0x512ecc GetActiveObject
0x512ed0 SysFreeString
Library ole32.dll:
0x512ed8 CoTaskMemFree
0x512edc ProgIDFromCLSID
0x512ee0 StringFromCLSID
0x512ee4 CoCreateInstance
0x512ee8 CoUninitialize
0x512eec CoInitialize
0x512ef0 IsEqualGUID
Library kernel32.dll:
0x512ef8 Sleep
Library oleaut32.dll:
0x512f00 SafeArrayPtrOfIndex
0x512f04 SafeArrayPutElement
0x512f08 SafeArrayGetElement
0x512f10 SafeArrayAccessData
0x512f14 SafeArrayGetUBound
0x512f18 SafeArrayGetLBound
0x512f1c SafeArrayCreate
0x512f20 VariantChangeType
0x512f24 VariantCopyInd
0x512f28 VariantCopy
0x512f2c VariantClear
0x512f30 VariantInit
Library comctl32.dll:
0x512f38 _TrackMouseEvent
0x512f44 ImageList_Write
0x512f48 ImageList_Read
0x512f54 ImageList_DragMove
0x512f58 ImageList_DragLeave
0x512f5c ImageList_DragEnter
0x512f60 ImageList_EndDrag
0x512f64 ImageList_BeginDrag
0x512f68 ImageList_Remove
0x512f6c ImageList_DrawEx
0x512f70 ImageList_Replace
0x512f74 ImageList_Draw
0x512f80 ImageList_Add
0x512f88 ImageList_Destroy
0x512f8c ImageList_Create
0x512f90 InitCommonControls
Library shell32.dll:
0x512f98 ShellExecuteA
Library comdlg32.dll:
0x512fa0 GetOpenFileNameA
Library kernel32.dll:
0x512fa8 MulDiv
Library UrL:
0x512fb0 InetIsOffline

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49178 203.208.40.98 update.googleapis.com 443
192.168.56.101 49180 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49181 58.63.233.66 r1---sn-j5o76n7l.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r1---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.99&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1620114497&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.99&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1620114497&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o76n7l.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.