7.0
高危
该样本未表现出任何异常!
重新分析
更多

eee7ddeefc84650c313aa4b4683286fffb29eec6f469ce31273529e2082b45b3

44536f3d8cfa80825bc72f1168985f64.exe

分析耗时

106s

最近分析

文件大小

172.3KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619386906.659626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:4242279203&cup2hreq=ddc2d9e5f7a5e5bed6957dda9237582fc46e8b7b38539acdeb988e53d60b5902
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619357775&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=c4b7d76792cc32fa&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619357775&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:4242279203&cup2hreq=ddc2d9e5f7a5e5bed6957dda9237582fc46e8b7b38539acdeb988e53d60b5902
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:4242279203&cup2hreq=ddc2d9e5f7a5e5bed6957dda9237582fc46e8b7b38539acdeb988e53d60b5902
Allocates read-write-execute memory (usually to unpack itself) (9 个事件)
Time & API Arguments Status Return Repeated
1619384481.875125
NtAllocateVirtualMemory
process_identifier: 2520
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00320000
success 0 0
1619384482.406125
NtAllocateVirtualMemory
process_identifier: 2520
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003c0000
success 0 0
1619384482.406125
NtAllocateVirtualMemory
process_identifier: 2520
region_size: 81920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
1619384482.406125
NtAllocateVirtualMemory
process_identifier: 2520
region_size: 81920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00430000
success 0 0
1619386899.471626
NtAllocateVirtualMemory
process_identifier: 944
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01c00000
success 0 0
1619386900.018626
NtAllocateVirtualMemory
process_identifier: 944
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01c20000
success 0 0
1619386900.018626
NtAllocateVirtualMemory
process_identifier: 944
region_size: 81920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01c30000
success 0 0
1619386900.018626
NtAllocateVirtualMemory
process_identifier: 944
region_size: 81920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01c50000
success 0 0
1619386537.33427
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00000000041c0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Creates a service (1 个事件)
Time & API Arguments Status Return Repeated
1619386908.425626
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x002c9868
display_name: dmapnf
error_control: 0
service_name: dmapnf
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\dmapnf.exe"
filepath_r: "C:\Windows\SysWOW64\dmapnf.exe"
service_manager_handle: 0x002b1a98
desired_access: 18
service_type: 16
password:
success 2922600 0
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619386906.971626
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\44536f3d8cfa80825bc72f1168985f64.exe
newfilepath: C:\Windows\SysWOW64\dmapnf.exe
newfilepath_r: C:\Windows\SysWOW64\dmapnf.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\44536f3d8cfa80825bc72f1168985f64.exe
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.450046497060489 section {'size_of_data': '0x00012a00', 'virtual_address': '0x00001000', 'entropy': 7.450046497060489, 'name': '.text', 'virtual_size': '0x0001288e'} description A section with a high entropy has been found
entropy 7.57652023923795 section {'size_of_data': '0x00013c00', 'virtual_address': '0x00019000', 'entropy': 7.57652023923795, 'name': '.rsrc', 'virtual_size': '0x00013b28'} description A section with a high entropy has been found
entropy 0.9136904761904762 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 181.142.29.90
host 24.150.44.53
Installs itself for autorun at Windows startup (1 个事件)
service_name dmapnf service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\dmapnf.exe"
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\dmapnf.exe:Zone.Identifier
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.24.14:443
dead_host 181.142.29.90:80
dead_host 24.150.44.53:80
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-04-29 16:19:06

Imports

Library KERNEL32.dll:
0x4140a0 FindClose
0x4140a4 FindFirstFileA
0x4140a8 FindFirstFileW
0x4140ac FindNextFileA
0x4140b0 FindNextFileW
0x4140b4 FlushFileBuffers
0x4140b8 FlushViewOfFile
0x4140bc FormatMessageA
0x4140c0 FormatMessageW
0x4140cc FreeLibrary
0x4140d0 GetACP
0x4140d4 GetCPInfo
0x4140d8 GetCommandLineA
0x4140dc GetComputerNameA
0x4140e0 GetConsoleCP
0x4140e4 GetConsoleMode
0x4140e8 GetConsoleOutputCP
0x4140f0 GetCurrentProcess
0x4140f4 GetCurrentProcessId
0x4140f8 GetCurrentThread
0x4140fc GetCurrentThreadId
0x414100 GetDateFormatA
0x414104 GetDateFormatW
0x414108 GetDiskFreeSpaceA
0x41410c GetDiskFreeSpaceExA
0x414110 GetDiskFreeSpaceW
0x414114 GetDriveTypeA
0x414128 GetExitCodeProcess
0x41412c GetExitCodeThread
0x414130 GetFileAttributesA
0x41413c GetFileAttributesW
0x414144 GetFileSize
0x414148 GetFileTime
0x41414c GetFileType
0x414150 GetFullPathNameA
0x414154 GetFullPathNameW
0x414158 GetLastError
0x41415c GetLocalTime
0x414160 GetLocaleInfoA
0x414168 GetLongPathNameW
0x41416c GetModuleFileNameA
0x414170 GetModuleFileNameW
0x414174 GetModuleHandleA
0x414178 GetOEMCP
0x41417c GetOverlappedResult
0x414180 GetPriorityClass
0x41418c GetProcAddress
0x414194 GetProcessHeap
0x414198 GetShortPathNameA
0x41419c GetShortPathNameW
0x4141a0 GetStartupInfoA
0x4141a4 GetStdHandle
0x4141a8 GetStringTypeA
0x4141ac GetStringTypeW
0x4141b4 GetSystemDirectoryA
0x4141b8 GetSystemDirectoryW
0x4141bc GetSystemInfo
0x4141c0 GetSystemTime
0x4141c8 GetTempFileNameA
0x4141cc GetTempFileNameW
0x4141d0 GetTempPathA
0x4141d4 GetTempPathW
0x4141d8 GetTickCount
0x4141dc GetTimeFormatA
0x4141e0 GetTimeFormatW
0x4141e8 GetVersionExA
0x4141ec GetVersionExW
0x4141fc GlobalAddAtomA
0x414200 GlobalFindAtomA
0x414204 GlobalFree
0x414208 GlobalMemoryStatus
0x41420c HeapAlloc
0x414210 HeapCompact
0x414214 HeapCreate
0x414218 HeapDestroy
0x41421c HeapFree
0x414220 HeapReAlloc
0x414224 HeapSize
0x414228 HeapValidate
0x41423c InterlockedExchange
0x414244 IsBadWritePtr
0x414248 IsDebuggerPresent
0x41424c IsValidCodePage
0x414250 LCMapStringA
0x414254 LCMapStringW
0x41425c LoadLibraryA
0x414260 LoadLibraryExA
0x414264 LoadLibraryW
0x414268 LocalAlloc
0x414270 LocalFree
0x414274 LockFile
0x414278 LockFileEx
0x41427c MapViewOfFile
0x414280 Module32First
0x414284 Module32FirstW
0x414288 Module32Next
0x41428c Module32NextW
0x414290 MoveFileA
0x414294 MoveFileExA
0x414298 MoveFileExW
0x41429c MulDiv
0x4142a0 MultiByteToWideChar
0x4142a4 OpenEventA
0x4142a8 OpenProcess
0x4142ac OutputDebugStringA
0x4142b0 OutputDebugStringW
0x4142b4 Process32First
0x4142b8 Process32FirstW
0x4142bc Process32Next
0x4142c0 Process32NextW
0x4142cc QueueUserAPC
0x4142d0 RaiseException
0x4142d4 ReadFile
0x4142d8 ReadProcessMemory
0x4142dc ReleaseMutex
0x4142e0 RemoveDirectoryA
0x4142e4 RemoveDirectoryW
0x4142e8 ResetEvent
0x4142ec RtlUnwind
0x4142f0 SearchPathA
0x4142f4 SetEndOfFile
0x4142fc SetEvent
0x414300 SetFileAttributesA
0x414304 SetFileAttributesW
0x414308 SetFilePointer
0x41430c SetFileTime
0x414310 SetHandleCount
0x414318 SetLastError
0x414320 SetPriorityClass
0x414328 SetStdHandle
0x41432c SetSystemPowerState
0x414338 SetThreadPriority
0x414340 Sleep
0x414348 TerminateProcess
0x41434c TerminateThread
0x414350 TlsAlloc
0x414354 TlsFree
0x414358 TlsGetValue
0x41435c TlsSetValue
0x41436c UnlockFile
0x414370 UnlockFileEx
0x414374 UnmapViewOfFile
0x414378 VerLanguageNameA
0x41437c VirtualAlloc
0x414380 VirtualFree
0x414384 VirtualProtect
0x414388 VirtualQuery
0x414394 WaitForSingleObject
0x41439c WaitNamedPipeA
0x4143a0 WideCharToMultiByte
0x4143a4 WriteConsoleA
0x4143a8 WriteConsoleW
0x4143ac WriteFile
0x4143b0 lstrcatA
0x4143b4 lstrcmpA
0x4143b8 lstrcmpiA
0x4143bc lstrcpyA
0x4143c0 lstrcpynA
0x4143c4 lstrlenA
0x4143c8 lstrlenW
0x4143d4 ExitThread
0x4143d8 ExitProcess
0x4143e4 DeviceIoControl
0x4143e8 DeleteFileW
0x4143ec DeleteFileA
0x4143f4 DebugBreak
0x4143fc GetModuleHandleW
0x414400 CreateThread
0x414404 CreateProcessW
0x414408 CreateProcessA
0x41440c CreatePipe
0x414410 CreateMutexW
0x414414 CreateMutexA
0x414418 CreateFileW
0x41441c CreateFileMappingW
0x414420 CreateFileMappingA
0x414424 CreateFileA
0x414428 CreateEventW
0x41442c CreateEventA
0x414430 CreateDirectoryW
0x414434 CreateDirectoryA
0x414438 CopyFileW
0x41443c CopyFileA
0x414440 CompareStringW
0x414444 CompareStringA
0x414448 CompareFileTime
0x41444c CloseHandle
0x414450 CancelIo
0x414454 BackupSeek
0x414458 BackupRead
0x41445c AreFileApisANSI
0x414460 VirtualAllocEx
Library USER32.dll:
0x41446c DrawIconEx
0x414470 DrawMenuBar
0x414474 DrawTextExW
0x414478 DrawTextW
0x41447c EmptyClipboard
0x414480 EnableMenuItem
0x414484 EnableScrollBar
0x414488 EnableWindow
0x41448c EndDialog
0x414490 EndPaint
0x414494 EnumChildWindows
0x41449c EnumDisplayMonitors
0x4144a0 EnumThreadWindows
0x4144a4 EnumWindows
0x4144a8 EqualRect
0x4144ac FillRect
0x4144b0 FindWindowExW
0x4144b4 FindWindowW
0x4144b8 FrameRect
0x4144bc GetActiveWindow
0x4144c0 GetAsyncKeyState
0x4144c4 GetCapture
0x4144c8 GetClassInfoExW
0x4144cc GetClassInfoW
0x4144d0 GetClassLongW
0x4144d4 GetClassNameW
0x4144d8 GetClientRect
0x4144dc GetClipboardData
0x4144e0 GetCursor
0x4144e4 GetCursorPos
0x4144e8 GetDC
0x4144ec GetDCEx
0x4144f0 GetDesktopWindow
0x4144f4 GetDlgCtrlID
0x4144f8 GetDlgItem
0x4144fc GetDlgItemTextA
0x414500 GetDoubleClickTime
0x414504 GetFocus
0x414508 GetForegroundWindow
0x41450c GetIconInfo
0x414510 GetKeyNameTextW
0x414514 GetKeyState
0x414518 GetKeyboardLayout
0x414524 GetKeyboardState
0x414528 GetLastActivePopup
0x41452c GetMenu
0x414534 GetMenuDefaultItem
0x414538 GetMenuItemCount
0x41453c GetMenuItemID
0x414540 GetMenuItemInfoW
0x414544 GetMenuState
0x414548 GetMenuStringW
0x41454c GetMessageA
0x414550 GetMessageExtraInfo
0x414554 GetMessagePos
0x414558 GetMessageTime
0x41455c GetMessageW
0x414560 GetMonitorInfoW
0x414564 GetNextDlgTabItem
0x414568 GetParent
0x41456c GetPropW
0x414570 GetScrollInfo
0x414574 GetScrollPos
0x414578 GetScrollRange
0x41457c GetSubMenu
0x414580 GetSysColor
0x414584 GetSysColorBrush
0x414588 GetSystemMenu
0x41458c GetSystemMetrics
0x414590 GetTopWindow
0x414594 GetUpdateRect
0x414598 GetWindow
0x41459c GetWindowDC
0x4145a0 GetWindowLongA
0x4145a4 GetWindowLongW
0x4145a8 GetWindowPlacement
0x4145ac GetWindowRect
0x4145b0 GetWindowTextW
0x4145b8 GrayStringW
0x4145bc HideCaret
0x4145c0 InflateRect
0x4145c4 InsertMenuItemW
0x4145c8 InsertMenuW
0x4145cc IntersectRect
0x4145d0 InvalidateRect
0x4145d4 IsCharAlphaNumericW
0x4145d8 IsCharAlphaW
0x4145dc IsChild
0x4145e4 IsDialogMessageA
0x4145e8 IsDialogMessageW
0x4145ec IsIconic
0x4145f0 IsRectEmpty
0x4145f4 IsWindow
0x4145f8 IsWindowEnabled
0x4145fc IsWindowUnicode
0x414600 IsWindowVisible
0x414604 IsZoomed
0x414608 KillTimer
0x41460c LoadBitmapW
0x414610 LoadCursorW
0x414614 LoadIconW
0x414618 LoadKeyboardLayoutW
0x41461c LoadStringW
0x414620 MapDialogRect
0x414624 MapVirtualKeyW
0x414628 MapWindowPoints
0x41462c MessageBeep
0x414630 MessageBoxA
0x414634 MessageBoxW
0x414638 ModifyMenuW
0x41463c MonitorFromPoint
0x414640 MonitorFromWindow
0x414644 MoveWindow
0x414650 OffsetRect
0x414654 OpenClipboard
0x414658 PeekMessageA
0x41465c PeekMessageW
0x414660 PostMessageW
0x414664 PostQuitMessage
0x414668 PostThreadMessageA
0x41466c PostThreadMessageW
0x414670 PtInRect
0x414674 RedrawWindow
0x414678 RegisterClassW
0x414684 ReleaseCapture
0x414688 ReleaseDC
0x41468c RemoveMenu
0x414690 RemovePropW
0x414694 ScreenToClient
0x414698 ScrollWindow
0x41469c SendDlgItemMessageA
0x4146a0 SendDlgItemMessageW
0x4146a4 SendMessageA
0x4146a8 SendMessageW
0x4146ac SetActiveWindow
0x4146b0 SetCapture
0x4146b4 SetClassLongW
0x4146b8 SetClipboardData
0x4146bc SetCursor
0x4146c0 SetCursorPos
0x4146c4 SetFocus
0x4146c8 SetForegroundWindow
0x4146cc SetKeyboardState
0x4146d0 SetMenu
0x4146d4 SetMenuItemBitmaps
0x4146d8 SetMenuItemInfoW
0x4146dc SetParent
0x4146e0 SetPropW
0x4146e4 SetRect
0x4146e8 SetScrollInfo
0x4146ec SetScrollPos
0x4146f0 SetScrollRange
0x4146f4 SetTimer
0x4146fc SetWindowLongA
0x414700 SetWindowLongW
0x414704 SetWindowPlacement
0x414708 SetWindowPos
0x41470c SetWindowRgn
0x414710 SetWindowTextA
0x414714 SetWindowTextW
0x414718 SetWindowsHookExW
0x41471c ShowCaret
0x414720 ShowOwnedPopups
0x414724 ShowScrollBar
0x414728 ShowWindow
0x414734 TabbedTextOutW
0x414738 TrackPopupMenu
0x414740 TranslateMessage
0x414744 UnhookWindowsHookEx
0x414748 UnregisterClassA
0x41474c UnregisterClassW
0x414750 UpdateWindow
0x414754 ValidateRect
0x414758 WaitMessage
0x41475c WinHelpW
0x414760 WindowFromPoint
0x414764 DrawIcon
0x414768 DrawFrameControl
0x41476c DrawFocusRect
0x414770 DrawEdge
0x414774 DispatchMessageW
0x414778 DispatchMessageA
0x41477c DialogBoxParamA
0x414780 DestroyWindow
0x414784 DestroyMenu
0x414788 DestroyIcon
0x41478c DestroyCursor
0x414790 DeleteMenu
0x414794 DefWindowProcW
0x414798 DefMDIChildProcW
0x41479c DefFrameProcW
0x4147a0 CreateWindowExW
0x4147a4 CreatePopupMenu
0x4147a8 CreateMenu
0x4147ac CreateIconIndirect
0x4147b0 CreateIcon
0x4147bc CopyRect
0x4147c0 CopyImage
0x4147c4 CloseClipboard
0x4147c8 ClientToScreen
0x4147cc CheckMenuItem
0x4147d0 CharUpperW
0x4147d4 CharUpperBuffW
0x4147d8 CharNextW
0x4147dc CharNextA
0x4147e0 CharLowerW
0x4147e4 CharLowerBuffW
0x4147e8 CallWindowProcW
0x4147ec CallNextHookEx
0x4147f0 BeginPaint
0x4147f4 AdjustWindowRectEx
Library ADVAPI32.dll:
0x414000 RegQueryValueExA
0x414004 RegOpenKeyA
0x414018 FreeSid
0x414024 OpenProcessToken
0x414028 OpenThreadToken
0x41402c PrivilegeCheck
0x414030 RegCloseKey
0x414034 RegCreateKeyExW
0x414038 RegDeleteKeyA
0x41403c RegDeleteKeyW
0x414040 RegDeleteValueW
0x414044 RegLoadKeyW
0x414048 RegOpenKeyExA
0x41404c RegOpenKeyExW
0x414050 RegOpenKeyW
0x414054 RegQueryValueExW
0x414058 RegSetValueExW
0x41405c RegUnLoadKeyW
0x414068 ReportEventW
0x41406c SetServiceStatus
Library COMCTL32.dll:
0x41407c ImageList_Read
0x414080 ImageList_Write
0x414084 ImageList_GetIcon
Library IMM32.dll:
0x41408c ImmGetContext
0x414090 ImmGetOpenStatus
0x414094 ImmReleaseContext

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49193 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49194 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49189 203.208.40.66 update.googleapis.com 443
192.168.56.101 49192 203.208.41.65 redirector.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 55169 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 57367 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=c4b7d76792cc32fa&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619357775&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=c4b7d76792cc32fa&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619357775&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619357775&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619357775&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.