9.6
极危
该样本未表现出任何异常!
重新分析
更多

aa01ab65bc45dfc87ea1184abc3a909bb943522c0af06277a52e63e193edd558

43b0cd8645e9009068e6c050cc24d393.exe

分析耗时

105s

最近分析

文件大小

172.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619414509.034125
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619414497.191125
CryptGenKey
crypto_handle: 0x005a2748
algorithm_identifier: 0x0000660e ()
provider_handle: 0x005a5268
flags: 1
key: fYÑóÁ¬tpWà3…·7¹
success 1 0
1619414509.034125
CryptExportKey
crypto_handle: 0x005a2748
crypto_export_handle: 0x005a5228
buffer: f¤à(©É`HN€Ôƒ=¥«ôÉè«ù:<ònþ;•bMžR¸„²YT6² FXKô÷ÅFöVí›~O:K\‘nK¼ѽ€(¡1¨3λG× ,»vIԎH Óiä
blob_type: 1
flags: 64
success 1 0
1619414519.347125
CryptExportKey
crypto_handle: 0x005a2748
crypto_export_handle: 0x005a5228
buffer: f¤.v<¡5Çü¼·œÃAËY2÷gEéî׋€Êpäž-rÁ„Üôž$ה¾»¤È†ØÙx"Ю lÓm!É?5Ò}z8a,Œö5 /a@È¶E+‹Î ŽPs¥
blob_type: 1
flags: 64
success 1 0
1619414543.503125
CryptExportKey
crypto_handle: 0x005a2748
crypto_export_handle: 0x005a5228
buffer: f¤A˹zúÔ¡ÄG ÷Ó]Kٕ¿ùÀ{Í0øýªä„gî6½¼äð›×~`×i²F£Øi'Gâ1äMӉÒy}Eþ¿É®¥¸ NZï sõ/# 'Á=“ÜN=õÁ‰
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:1866496538&cup2hreq=071c4a38b2806b976107b53b09ca95ea0795daa7f35eb70ac1cfada2c8bfb30e
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619385456&mv=u&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=5cac110095e9b4f7&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619385376&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:1866496538&cup2hreq=071c4a38b2806b976107b53b09ca95ea0795daa7f35eb70ac1cfada2c8bfb30e
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1866496538&cup2hreq=071c4a38b2806b976107b53b09ca95ea0795daa7f35eb70ac1cfada2c8bfb30e
Allocates read-write-execute memory (usually to unpack itself) (5 个事件)
Time & API Arguments Status Return Repeated
1619414490.753125
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00440000
success 0 0
1619414490.784125
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00470000
success 0 0
1619414122.523021
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004080000
success 0 0
1619414496.847125
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003e0000
success 0 0
1619414496.862125
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003f0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Foreign language identified in PE resource (20 个事件)
name RT_CURSOR language LANG_CHINESE offset 0x0002e0d8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_CURSOR language LANG_CHINESE offset 0x0002e0d8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_BITMAP language LANG_CHINESE offset 0x0002eab0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0002eab0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0002eab0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0002eab0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_DIALOG language LANG_CHINESE offset 0x0002e7a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000e2
name RT_DIALOG language LANG_CHINESE offset 0x0002e7a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000e2
name RT_STRING language LANG_CHINESE offset 0x0002f4c8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0002f4c8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0002f4c8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0002f4c8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0002f4c8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0002f4c8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0002f4c8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0002f4c8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0002f4c8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0002f4c8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0002f4c8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0002e190 filetype Lotus unknown worksheet or configuration, revision 0x2 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619414491.566125
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\43b0cd8645e9009068e6c050cc24d393.exe
newfilepath: C:\Windows\SysWOW64\ftp\profapi.exe
newfilepath_r: C:\Windows\SysWOW64\ftp\profapi.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\43b0cd8645e9009068e6c050cc24d393.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619414510.362125
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.009819292753843 section {'size_of_data': '0x0000d000', 'virtual_address': '0x00023000', 'entropy': 7.009819292753843, 'name': '.rsrc', 'virtual_size': '0x0000c4f0'} description A section with a high entropy has been found
entropy 0.30952380952380953 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process profapi.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619414509.409125
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 162.144.42.60
host 172.217.24.14
host 190.136.179.102
host 94.102.209.63
host 97.107.135.148
Installs itself for autorun at Windows startup (1 个事件)
service_name profapi service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\ftp\profapi.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619414496.144125
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x02a96060
display_name: profapi
error_control: 0
service_name: profapi
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\ftp\profapi.exe"
filepath_r: "C:\Windows\SysWOW64\ftp\profapi.exe"
service_manager_handle: 0x02aab328
desired_access: 2
service_type: 16
password:
success 44654688 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619414512.925125
RegSetValueExA
key_handle: 0x000003a0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619414512.925125
RegSetValueExA
key_handle: 0x000003a0
value: Ð\äP:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619414512.925125
RegSetValueExA
key_handle: 0x000003a0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619414512.925125
RegSetValueExW
key_handle: 0x000003a0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619414512.925125
RegSetValueExA
key_handle: 0x000003b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619414512.925125
RegSetValueExA
key_handle: 0x000003b8
value: Ð\äP:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619414512.925125
RegSetValueExA
key_handle: 0x000003b8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619414512.941125
RegSetValueExW
key_handle: 0x0000039c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\ftp\profapi.exe:Zone.Identifier
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (6 个事件)
dead_host 94.102.209.63:7080
dead_host 172.217.24.14:443
dead_host 190.136.179.102:80
dead_host 97.107.135.148:8080
dead_host 172.217.160.78:443
dead_host 192.168.56.101:49183
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-29 00:14:14

Imports

Library KERNEL32.dll:
0x4170b0 RtlUnwind
0x4170b4 HeapAlloc
0x4170b8 GetStartupInfoA
0x4170bc GetCommandLineA
0x4170c0 ExitProcess
0x4170c4 RaiseException
0x4170c8 HeapFree
0x4170cc TerminateProcess
0x4170d0 HeapSize
0x4170d4 HeapReAlloc
0x4170d8 GetACP
0x4170dc HeapDestroy
0x4170e0 HeapCreate
0x4170e4 VirtualFree
0x4170e8 IsBadWritePtr
0x4170fc SetHandleCount
0x417100 GetStdHandle
0x417104 GetFileType
0x41710c LCMapStringA
0x417110 LCMapStringW
0x417114 GetStringTypeA
0x417118 GetStringTypeW
0x41711c IsBadReadPtr
0x417120 IsBadCodePtr
0x417124 SetStdHandle
0x417128 GetProfileStringA
0x41712c FlushFileBuffers
0x417130 SetFilePointer
0x417134 WriteFile
0x417138 GetCurrentProcess
0x41713c SetErrorMode
0x417140 SizeofResource
0x417148 GetOEMCP
0x41714c GetCPInfo
0x417150 GetProcessVersion
0x417154 GlobalFlags
0x417158 TlsGetValue
0x41715c LocalReAlloc
0x417160 TlsSetValue
0x417168 GlobalReAlloc
0x417170 TlsFree
0x417174 GlobalHandle
0x41717c TlsAlloc
0x417184 LocalFree
0x417188 LocalAlloc
0x41718c GetLastError
0x417190 GlobalFree
0x417194 CloseHandle
0x417198 GetModuleFileNameA
0x41719c GetProcAddress
0x4171a0 GlobalAlloc
0x4171a4 lstrcmpA
0x4171a8 GetCurrentThread
0x4171ac MultiByteToWideChar
0x4171b0 WideCharToMultiByte
0x4171b4 lstrlenA
0x4171c0 GlobalLock
0x4171c4 GlobalUnlock
0x4171c8 SetLastError
0x4171cc lstrcpynA
0x4171d0 MulDiv
0x4171d4 FindResourceA
0x4171d8 LoadResource
0x4171dc LockResource
0x4171e0 GetVersion
0x4171e4 lstrcatA
0x4171e8 GetCurrentThreadId
0x4171ec GlobalGetAtomNameA
0x4171f0 lstrcmpiA
0x4171f4 GlobalAddAtomA
0x4171f8 GlobalFindAtomA
0x4171fc GlobalDeleteAtom
0x417200 lstrcpyA
0x417204 GetModuleHandleA
0x417208 VirtualAlloc
0x41720c LoadLibraryW
0x417210 FreeLibrary
0x417214 LoadLibraryA
Library USER32.dll:
0x417220 ModifyMenuA
0x417224 GetMenuState
0x417228 LoadBitmapA
0x417230 InflateRect
0x417234 ReleaseDC
0x417238 GetDC
0x41723c ClientToScreen
0x417240 GetWindowDC
0x417244 BeginPaint
0x417248 EndPaint
0x41724c TabbedTextOutA
0x417250 DrawTextA
0x417254 GrayStringA
0x417258 PostQuitMessage
0x41725c SetCursor
0x417260 GetCursorPos
0x417264 ValidateRect
0x417268 GetActiveWindow
0x41726c TranslateMessage
0x417270 GetMessageA
0x417278 EndDialog
0x41727c GetClassNameA
0x417280 PtInRect
0x417284 LoadCursorA
0x417288 GetSysColorBrush
0x41728c DestroyMenu
0x417290 LoadStringA
0x417294 InvalidateRect
0x417298 ShowWindow
0x41729c SetWindowTextA
0x4172a0 IsDialogMessageA
0x4172a4 PostMessageA
0x4172a8 UpdateWindow
0x4172ac SendDlgItemMessageA
0x4172b0 MapWindowPoints
0x4172b4 PeekMessageA
0x4172b8 DispatchMessageA
0x4172bc SetMenuItemBitmaps
0x4172c0 SetActiveWindow
0x4172c4 IsWindow
0x4172c8 SetFocus
0x4172cc AdjustWindowRectEx
0x4172d0 ScreenToClient
0x4172d4 CopyRect
0x4172d8 IsWindowVisible
0x4172dc GetTopWindow
0x4172e0 MessageBoxA
0x4172e4 GetParent
0x4172e8 GetCapture
0x4172ec WinHelpA
0x4172f0 wsprintfA
0x4172f4 GetClassInfoA
0x4172f8 RegisterClassA
0x4172fc GetMenu
0x417300 GetMenuItemCount
0x417304 GetSubMenu
0x417308 GetMenuItemID
0x41730c GetDlgItem
0x417314 GetWindowTextA
0x417318 GetDlgCtrlID
0x41731c GetKeyState
0x417320 DefWindowProcA
0x417324 DestroyWindow
0x417328 CreateWindowExA
0x41732c SetWindowsHookExA
0x417330 CallNextHookEx
0x417334 GetClassLongA
0x417338 SetPropA
0x41733c UnhookWindowsHookEx
0x417340 GetPropA
0x417344 CallWindowProcA
0x417348 RemovePropA
0x41734c GetMessageTime
0x417350 GetMessagePos
0x417354 GetLastActivePopup
0x417358 GetForegroundWindow
0x41735c SetForegroundWindow
0x417360 GetWindow
0x417364 GetWindowLongA
0x417368 SetWindowLongA
0x41736c SetWindowPos
0x417370 GetSysColor
0x417374 RedrawWindow
0x417378 GetWindowRect
0x41737c UnregisterClassA
0x417380 HideCaret
0x417384 ShowCaret
0x41738c OffsetRect
0x417390 IntersectRect
0x417398 GetWindowPlacement
0x41739c IsIconic
0x4173a0 GetSystemMetrics
0x4173a4 GetClientRect
0x4173a8 DrawIcon
0x4173ac CheckMenuItem
0x4173b0 EnableMenuItem
0x4173b4 GetNextDlgTabItem
0x4173b8 GetFocus
0x4173bc IsWindowEnabled
0x4173c0 SendMessageA
0x4173c4 LoadIconA
0x4173c8 EnableWindow
0x4173cc IsWindowUnicode
0x4173d0 CharNextA
0x4173d4 DefDlgProcA
0x4173d8 DrawFocusRect
0x4173dc ExcludeUpdateRgn
Library GDI32.dll:
0x41701c PatBlt
0x417020 ExtTextOutA
0x417024 DeleteDC
0x417028 SaveDC
0x41702c RestoreDC
0x417030 SelectObject
0x417034 GetStockObject
0x417038 SetBkMode
0x41703c SetMapMode
0x417040 SetViewportOrgEx
0x417044 OffsetViewportOrgEx
0x417048 SetViewportExtEx
0x41704c ScaleViewportExtEx
0x417050 SetWindowExtEx
0x417054 ScaleWindowExtEx
0x417058 IntersectClipRect
0x41705c DeleteObject
0x417060 MoveToEx
0x417064 LineTo
0x417068 CreateSolidBrush
0x41706c PtVisible
0x417070 RectVisible
0x417074 TextOutA
0x417078 Escape
0x41707c GetDeviceCaps
0x417080 CreateBitmap
0x417084 GetObjectA
0x417088 SetBkColor
0x41708c SetTextColor
0x417090 GetClipBox
0x417094 CreatePen
0x417098 CreateDIBitmap
0x41709c GetTextExtentPointA
0x4170a0 BitBlt
0x4170a4 CreateCompatibleDC
0x4170a8 Polygon
Library WINSPOOL.DRV:
0x4173e4 DocumentPropertiesA
0x4173e8 ClosePrinter
0x4173ec OpenPrinterA
Library ADVAPI32.dll:
0x417000 RegSetValueExA
0x417004 RegCloseKey
0x417008 RegOpenKeyExA
0x41700c RegCreateKeyExA
Library COMCTL32.dll:
0x417014

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49190 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49191 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49188 203.208.41.34 update.googleapis.com 443
192.168.56.101 49189 203.208.41.65 redirector.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56743 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=5cac110095e9b4f7&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619385376&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=5cac110095e9b4f7&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619385376&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619385456&mv=u&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619385456&mv=u&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.