SmartHawk

6.6

高危

48 个模型检测该样本为恶意！

重新分析

下载样本

b3550779f1211365321210344de50d32f4e0477c2817919474d0bf49574fcd01

45b74aacbd5a7c693f74caf83d2c1af2.exe

分析耗时

128s

最近分析

文件大小

7.1MB

静态报毒动态报毒 AI SCORE=100 ARTEMIS ATTRIBUTE DANGEROUSSIG ELSF EQFW GENCIRC HIGH CONFIDENCE HIGHCONFIDENCE KCLOUD MALCERT MALWARE@#20XFXJTGZR2WY OCCAMY PARALLAX PIHQE RUGMI SCORE SUSGEN SUSPIG16 TRICKBOT UNSAFE YZY0OJIT+7++MTVT 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!45B74AACBD5A	20210307	6.0.6.653
Alibaba	Exploit:Win32/Shellcode.95bef875	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:DangerousSig [Trj]	20210307	21.1.5827.0
Tencent	Malware.Win32.Gencirc.116f5c51	20210307	1.0.0.1
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)	20210307	2017.9.26.565
CrowdStrike		20210203	1.0

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.didata

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)

suspicious_features

POST method with no referer header

suspicious_request

POST https://update.googleapis.com/service/update2?cup2key=10:2258631393&cup2hreq=c097b327e13b3900d11f2c034c9b02407bc09f6f1a45d748ddc1177be2a63877

Performs some HTTP requests (5 个事件)

request	GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request	HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request	HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619496262&mv=m&mvi=1&pl=23&shardbypass=yes
request	HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=a293141b470de7aa&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619496262&mv=m
request	POST https://update.googleapis.com/service/update2?cup2key=10:2258631393&cup2hreq=c097b327e13b3900d11f2c034c9b02407bc09f6f1a45d748ddc1177be2a63877

Sends data using the HTTP POST Method (1 个事件)

request

POST https://update.googleapis.com/service/update2?cup2key=10:2258631393&cup2hreq=c097b327e13b3900d11f2c034c9b02407bc09f6f1a45d748ddc1177be2a63877

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619464093.375125 GetAdaptersAddresses	flags: 15 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Wscript.exe initiated network communications indicative of a script based payload download (6 个事件)

Time & API	Arguments	Status
1619464098.719125 WSASend	buffer: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com socket: 968	failed
1619464104.110125 WSASend	buffer: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com socket: 968	failed
1619464109.422125 WSASend	buffer: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com socket: 968	failed
1619464114.656125 WSASend	buffer: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com socket: 968	failed
1619464119.938125 WSASend	buffer: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com socket: 968	failed
1619464125.219125 WSASend	buffer: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com socket: 968	failed

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (6 个事件)

Time & API	Arguments	Status
1619464098.719125 WSASend	buffer: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com socket: 968	failed
1619464104.110125 WSASend	buffer: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com socket: 968	failed
1619464109.422125 WSASend	buffer: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com socket: 968	failed
1619464114.656125 WSASend	buffer: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com socket: 968	failed
1619464119.938125 WSASend	buffer: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com socket: 968	failed
1619464125.219125 WSASend	buffer: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com socket: 968	failed

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Agent.EQFW
McAfee	Artemis!45B74AACBD5A
Malwarebytes	Generic.Malware/Suspicious
Zillya	Trojan.Injector.Win32.725408
Sangfor	Trojan.Win32.Occamy.C
K7AntiVirus	Trojan ( 00565dff1 )
Alibaba	Exploit:Win32/Shellcode.95bef875
K7GW	Trojan ( 00565dff1 )
Cybereason	malicious.cbd5a7
Symantec	ML.Attribute.HighConfidence
Paloalto	generic.ml
Kaspersky	Exploit.Win32.Shellcode.pvy
BitDefender	Trojan.Agent.EQFW
Avast	Win32:DangerousSig [Trj]
Tencent	Malware.Win32.Gencirc.116f5c51
Ad-Aware	Trojan.Agent.EQFW
Sophos	Mal/Generic-S
Comodo	Malware@#20xfxjtgzr2wy
F-Secure	Trojan.TR/Injector.pihqe
DrWeb	BackDoor.Rat.268
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.45b74aacbd5a7c69
Emsisoft	MalCert.A (A)
Ikarus	Trojan-Downloader.Win32.Rugmi
GData	Trojan.Agent.EQFW
Jiangmin	Exploit.ShellCode.za
Webroot	W32.Trojan.Gen
Avira	TR/Injector.pihqe
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Exploit]/Win32.Shellcode
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Arcabit	Trojan.Agent.EQFW
ZoneAlarm	Exploit.Win32.Shellcode.pvy
Microsoft	Trojan:Win32/Trickbot
Cynet	Malicious (score: 85)
AhnLab-V3	Win-Trojan/Suspig16.Exp
ALYac	Backdoor.RAT.Parallax
VBA32	Exploit.Shellcode
Cylance	Unsafe
ESET-NOD32	a variant of Win32/Injector.ELSF
Rising	Exploit.Shellcode!8.2A (C64:YzY0OjiT+7++mtvT)
MaxSecure	Trojan.Malware.4472224.susgen
Fortinet	W32/ELSF!tr
AVG	Win32:DangerousSig [Trj]
Panda	Trj/TrickBot.A
Qihoo-360	Win32/Trojan.Exploit.d30

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)

dead_host	172.217.24.14:443
dead_host	216.58.200.238:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-04-30 00:13:45

Imports

Library ADVAPI32.DLL:

• 0xa35220 PrivilegeCheck

• 0xa35224 RegCloseKey

• 0xa35228 RegConnectRegistryW

• 0xa3522c RegCreateKeyExW

• 0xa35230 RegDeleteKeyW

• 0xa35234 RegDeleteValueW

• 0xa35238 RegEnumKeyExW

• 0xa3523c RegEnumValueW

• 0xa35240 RegFlushKey

• 0xa35244 RegLoadKeyW

• 0xa35248 RegOpenKeyExW

• 0xa3524c RegQueryInfoKeyW

• 0xa35250 RegQueryValueExW

• 0xa35254 RegQueryValueW

• 0xa35258 RegReplaceKeyW

• 0xa3525c RegRestoreKeyW

• 0xa35260 RegSaveKeyW

• 0xa35264 RegSetValueExW

• 0xa35268 RegUnLoadKeyW

• 0xa3526c RevertToSelf

Library KERNEL32.DLL:

• 0xa35504 CloseHandle

• 0xa35508 CompareStringA

• 0xa3550c CompareStringW

• 0xa35510 CopyFileW

• 0xa35514 CreateDirectoryW

• 0xa35518 CreateEventW

• 0xa3551c CreateFileA

• 0xa35520 CreateFileMappingW

• 0xa35524 CreateFileW

• 0xa35528 CreateThread

• 0xa3552c DeleteCriticalSection

• 0xa35530 DeleteFileA

• 0xa35534 DeleteFileW

• 0xa35538 EnterCriticalSection

• 0xa3553c EnumCalendarInfoW

• 0xa35540 EnumResourceNamesW

• 0xa35544 EnumSystemLocalesW

• 0xa35548 ExitProcess

• 0xa3554c ExitThread

• 0xa35550 FileTimeToDosDateTime

• 0xa35554 FileTimeToLocalFileTime

• 0xa35558 FileTimeToSystemTime

• 0xa3555c FindClose

• 0xa35560 FindFirstFileW

• 0xa35564 FindNextFileW

• 0xa35568 FindResourceW

• 0xa3556c FormatMessageW

• 0xa35570 FreeLibrary

• 0xa35574 FreeResource

• 0xa35578 GetACP

• 0xa3557c GetCPInfo

• 0xa35580 GetCPInfoExW

• 0xa35584 GetCommandLineW

• 0xa35588 GetComputerNameW

• 0xa3558c GetCurrentProcess

• 0xa35590 GetCurrentProcessId

• 0xa35594 GetCurrentThread

• 0xa35598 GetCurrentThreadId

• 0xa3559c GetDateFormatW

• 0xa355a0 GetDiskFreeSpaceW

• 0xa355a4 GetDriveTypeW

• 0xa355a8 GetEnvironmentStringsW

• 0xa355ac GetExitCodeThread

• 0xa355b0 GetFileAttributesA

• 0xa355b4 GetFileAttributesExW

• 0xa355b8 GetFileAttributesW

• 0xa355bc GetFileSize

• 0xa355c0 GetFileType

• 0xa355c4 GetFullPathNameW

• 0xa355c8 GetLastError

• 0xa355cc GetLocalTime

• 0xa355d0 GetLocaleInfoA

• 0xa355d4 GetLocaleInfoW

• 0xa355d8 GetLogicalDriveStringsW

• 0xa355dc GetModuleFileNameA

• 0xa355e0 GetModuleFileNameW

• 0xa355e4 GetModuleHandleA

• 0xa355e8 GetModuleHandleW

• 0xa355ec GetOEMCP

• 0xa355f0 GetPrivateProfileStringW

• 0xa355f4 GetProcAddress

• 0xa355f8 GetProcessHeap

• 0xa355fc GetStartupInfoA

• 0xa35600 GetStartupInfoW

• 0xa35604 GetStdHandle

• 0xa35608 GetStringTypeA

• 0xa3560c GetStringTypeW

• 0xa35610 GetSystemDefaultLangID

• 0xa35614 GetSystemDefaultUILanguage

• 0xa35618 GetSystemDirectoryW

• 0xa3561c GetSystemInfo

• 0xa35620 GetTempFileNameW

• 0xa35624 GetTempPathW

• 0xa35628 GetThreadLocale

• 0xa3562c GetThreadPriority

• 0xa35630 GetTickCount

• 0xa35634 GetTimeZoneInformation

• 0xa35638 GetUserDefaultLCID

• 0xa3563c GetUserDefaultUILanguage

• 0xa35640 GetVersion

• 0xa35644 GetVersionExA

• 0xa35648 GetVersionExW

• 0xa3564c GetVolumeInformationW

• 0xa35650 GlobalAddAtomW

• 0xa35654 GlobalAlloc

• 0xa35658 GlobalDeleteAtom

• 0xa3565c GlobalFindAtomW

• 0xa35660 GlobalFree

• 0xa35664 GlobalHandle

• 0xa35668 GlobalLock

• 0xa3566c GlobalSize

• 0xa35670 GlobalUnlock

• 0xa35674 HeapAlloc

• 0xa35678 HeapCreate

• 0xa3567c HeapDestroy

• 0xa35680 HeapFree

• 0xa35684 InitializeCriticalSection

• 0xa35688 IsDBCSLeadByteEx

• 0xa3568c IsDebuggerPresent

• 0xa35690 IsValidLocale

• 0xa35694 LCMapStringA

• 0xa35698 LCMapStringW

• 0xa3569c LeaveCriticalSection

• 0xa356a0 LoadLibraryA

• 0xa356a4 LoadLibraryExW

• 0xa356a8 LoadLibraryW

• 0xa356ac LoadModule

• 0xa356b0 LoadResource

• 0xa356b4 LocalAlloc

• 0xa356b8 LocalFree

• 0xa356bc LockResource

• 0xa356c0 MapViewOfFile

• 0xa356c4 MulDiv

• 0xa356c8 MultiByteToWideChar

• 0xa356cc OutputDebugStringW

• 0xa356d0 QueryDosDeviceW

• 0xa356d4 QueryPerformanceCounter

• 0xa356d8 QueryPerformanceFrequency

• 0xa356dc RaiseException

• 0xa356e0 ReadFile

• 0xa356e4 RemoveDirectoryW

• 0xa356e8 ResetEvent

• 0xa356ec ResumeThread

• 0xa356f0 RtlUnwind

• 0xa356f4 SetConsoleCtrlHandler

• 0xa356f8 SetEndOfFile

• 0xa356fc SetErrorMode

• 0xa35700 SetEvent

• 0xa35704 SetFilePointer

• 0xa35708 SetHandleCount

• 0xa3570c SetLastError

• 0xa35710 SetThreadLocale

• 0xa35714 SetThreadPriority

• 0xa35718 SizeofResource

• 0xa3571c Sleep

• 0xa35720 SuspendThread

• 0xa35724 SwitchToThread

• 0xa35728 TlsAlloc

• 0xa3572c TlsFree

• 0xa35730 TlsGetValue

• 0xa35734 TlsSetValue

• 0xa35738 TryEnterCriticalSection

• 0xa3573c UnhandledExceptionFilter

• 0xa35740 UnmapViewOfFile

• 0xa35744 VerSetConditionMask

• 0xa35748 VerifyVersionInfoW

• 0xa3574c VirtualAlloc

• 0xa35750 VirtualFree

• 0xa35754 VirtualProtect

• 0xa35758 VirtualQuery

• 0xa3575c VirtualQueryEx

• 0xa35760 WaitForMultipleObjectsEx

• 0xa35764 WaitForSingleObject

• 0xa35768 WideCharToMultiByte

• 0xa3576c WriteFile

• 0xa35770 WritePrivateProfileStringW

• 0xa35774 lstrcmpW

• 0xa35778 lstrlenW

• 0xa3577c InterlockedCompareExchange

• 0xa35780 InterlockedDecrement

• 0xa35784 InterlockedExchange

• 0xa35788 InterlockedIncrement

• 0xa3578c HeapSize

Exports

Ordinal	Address	Name
12	0x405c74	@$xp$26Shdocvw_tlb@TCppWebBrowser
6	0x404c14	@$xp$28Shdocvw_tlb@TCppShellWindows
4	0x404b0c	@$xp$29Shdocvw_tlb@TCppShellUIHelper
10	0x4054f4	@$xp$32Shdocvw_tlb@TCppInternetExplorer
8	0x404d70	@$xp$35Shdocvw_tlb@TInternetExplorerMedium
2	0x40494c	@$xp$36Shdocvw_tlb@TShellFavoritesNameSpace
18	0x409554	@@Foxuin@Finalize
17	0x409544	@@Foxuin@Initialize
302	0x8fca04	@@Shdocvw_ocx@Finalize
301	0x8fc9ec	@@Shdocvw_ocx@Initialize

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
r3---sn-j5o7dn7e.gvt1.com	CNAME r3.sn-j5o7dn7e.gvt1.com A 113.108.239.196	113.108.239.196
redirector.gvt1.com	A 203.208.41.65	203.208.41.33
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
r1---sn-j5o7dn7e.gvt1.com	A 113.108.239.194 CNAME r1.sn-j5o7dn7e.gvt1.com	113.108.239.194
www.download.windowsupdate.com	A 106.7.64.1 A 222.216.123.6 CNAME k256.gslb.ksyuncdn.com A 124.229.60.6 A 116.11.67.6 CNAME 2-01-3cf7-0009.cdx.cedexis.net A 124.229.53.1 A 115.231.33.1 A 119.96.211.1 CNAME www.download.windowsupdate.com.download.ks-cdn.com A 117.21.217.1 CNAME wu-fg-shim.trafficmanager.net	182.107.80.35
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com A 216.58.200.238	172.217.24.14
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
update.googleapis.com	A 203.208.41.98	203.208.40.98
teredo.ipv6.microsoft.com		127.0.0.1

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49191	113.108.239.194 r1---sn-j5o7dn7e.gvt1.com	80
192.168.56.101	49192	113.108.239.196 r3---sn-j5o7dn7e.gvt1.com	80
192.168.56.101	49179	119.96.211.1 www.download.windowsupdate.com	80
192.168.56.101	49190	203.208.41.65 redirector.gvt1.com	80
192.168.56.101	49188	203.208.41.98 update.googleapis.com	443

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50047	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56137	114.114.114.114	53
192.168.56.101	58164	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	60221	114.114.114.114	53
192.168.56.101	62502	114.114.114.114	53
192.168.56.101	64565	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49710	224.0.0.252	5355
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50433	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51660	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355

HTTP & HTTPS Requests

URI	Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619496262&mv=m&mvi=1&pl=23&shardbypass=yes	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619496262&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r1---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=a293141b470de7aa&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619496262&mv=m	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=a293141b470de7aa&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619496262&mv=m HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab	GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.