SmartHawk

6.4

高危

48 个模型检测该样本为恶意！

重新分析

下载样本

b21758fba6bb9ac8b4b683e3337403393280861553a605737d17ec961bc8b96d

489561f1e92c6bd08fc7ca16cdfa8518.exe

分析耗时

177s

最近分析

文件大小

330.7KB

静态报毒动态报毒 100% AI SCORE=86 AIDETECTVM ATTRIBUTE BSCOPE CLASSIC CONFIDENCE DECZK ELDORADO EMOTET GENCIRC GENERICKDZ GENETIC HIGH CONFIDENCE HIGHCONFIDENCE HQTUIG HYNAMER KTCYIUXL MALWARE1 MALWARE@#218BVBPARE38L QVM41 R + TROJ R346971 RANSOMWARE SUSPICIOUS PE TRICK TRICKBO TRICKBOT UNSAFE UQX@AMXCLHCI ZENPAK ZEXAF ZUSY 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Emotet-FSA!489561F1E92C	20201023	6.0.6.653
Alibaba	Trojan:Win32/Trickbot.d45f9206	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20201023	18.4.3895.0
Tencent	Malware.Win32.Gencirc.10cde60e	20201023	1.0.0.1
Kingsoft		20201023	2013.8.14.323
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

Queries for the computername (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619518781.618145 GetComputerNameW	computer_name: OSKAR-PC	success	1	0

This executable has a PDB path (1 个事件)

pdb_path

C:\Users\User\Desktop\Windows-classic-samples-master\Windows-classic-samples-master\Samples\Security\SecretAgreementWithPersistedKeys\cpp\Release\SecretAgreementWithPersistedKeys.pdb

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)

suspicious_features

POST method with no referer header

suspicious_request

POST https://update.googleapis.com/service/update2?cup2key=10:1813270273&cup2hreq=075410ec8004a225ec32e447b1e2eead53a2ebd74ba1efab3e4fabc8954d8d8d

Performs some HTTP requests (5 个事件)

request	HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request	HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619490020&mv=m&mvi=1&pl=23&shardbypass=yes
request	HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=ffc5a65d214b5fa3&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619490020&mv=m
request	GET http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=ffc5a65d214b5fa3&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619490020&mv=m
request	POST https://update.googleapis.com/service/update2?cup2key=10:1813270273&cup2hreq=075410ec8004a225ec32e447b1e2eead53a2ebd74ba1efab3e4fabc8954d8d8d

Sends data using the HTTP POST Method (1 个事件)

request

POST https://update.googleapis.com/service/update2?cup2key=10:1813270273&cup2hreq=075410ec8004a225ec32e447b1e2eead53a2ebd74ba1efab3e4fabc8954d8d8d

Allocates read-write-execute memory (usually to unpack itself) (9 个事件)

Time & API	Arguments	Status
1619519166.005876 NtAllocateVirtualMemory	process_identifier: 1416 region_size: 212992 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00930000	success
1619519166.068876 NtAllocateVirtualMemory	process_identifier: 1416 region_size: 204800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x009b0000	success
1619519166.068876 NtProtectVirtualMemory	process_identifier: 1416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 204800 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x009f1000	success
1619519198.255876 NtAllocateVirtualMemory	process_identifier: 1416 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x021c0000	success
1619519198.255876 NtAllocateVirtualMemory	process_identifier: 1416 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x10000000	success
1619519198.255876 NtAllocateVirtualMemory	process_identifier: 1416 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x10001000	success
1619519198.271876 NtAllocateVirtualMemory	process_identifier: 1416 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x021d0000	success
1619519198.271876 NtAllocateVirtualMemory	process_identifier: 1416 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x021e0000	success
1619519198.271876 NtAllocateVirtualMemory	process_identifier: 1416 region_size: 147456 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x021f0000	success

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619519166.068876 Process32NextW	process_name: SearchFilterHost.exe snapshot_handle: 0x0000002c process_identifier: 944	success	1	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.666678938622542

section

{'size_of_data': '0x0004fa00', 'virtual_address': '0x00005000', 'entropy': 7.666678938622542, 'name': '.rsrc', 'virtual_size': '0x0004f8b0'}

description

A section with a high entropy has been found

entropy

0.9680851063829787

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (3 个事件)

Time & API	Arguments	Status	Return
1619518769.056145 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1
1619518774.447145 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1
1619518778.087145 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1

Communicates with host for which no DNS query was performed (2 个事件)

host	172.217.24.14
host	203.208.41.65

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.310686
FireEye	Generic.mg.489561f1e92c6bd0
CAT-QuickHeal	Trojan.Zenpak
McAfee	Emotet-FSA!489561F1E92C
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 00561b741 )
Alibaba	Trojan:Win32/Trickbot.d45f9206
K7GW	Trojan ( 00561b741 )
Cybereason	malicious.e4cc9e
Arcabit	Trojan.Zusy.D4BD9E
Cyren	W32/Hynamer.A.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Zenpak.pef
BitDefender	Gen:Variant.Zusy.310686
NANO-Antivirus	Trojan.Win32.Trick.hqtuig
Avast	Win32:Malware-gen
Tencent	Malware.Win32.Gencirc.10cde60e
Ad-Aware	Gen:Variant.Zusy.310686
Comodo	Malware@#218bvbpare38l
DrWeb	Trojan.Trick.46562
VIPRE	Trojan.Win32.Generic!BT
Invincea	Mal/Generic-R + Troj/Trickbo-YF
McAfee-GW-Edition	BehavesLike.Win32.Ransomware.fc
Sophos	Troj/Trickbo-YF
SentinelOne	DFI - Suspicious PE
Jiangmin	Trojan.Banker.Emotet.oan
Avira	TR/AD.TrickBot.deczk
Microsoft	Trojan:Win32/Trickbot.VC!MTB
AegisLab	Trojan.Win32.Zusy.4!c
ZoneAlarm	HEUR:Trojan.Win32.Zenpak.pef
GData	Gen:Variant.Zusy.310686
AhnLab-V3	Trojan/Win32.Trickbot.R346971
BitDefenderTheta	Gen:NN.ZexaF.34570.uqX@amxCLHci
MAX	malware (ai score=86)
VBA32	BScope.Backdoor.Emotet
ESET-NOD32	Win32/TrickBot.CR
Rising	Trojan.TrickBot!1.CA23 (CLASSIC)
Yandex	Trojan.TrickBot!ktCYIUxL/Mo
Ikarus	Trojan.Win32.Trickbot
Fortinet	W32/GenericKDZ.6887!tr
AVG	Win32:Malware-gen
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Generic/HEUR/QVM41.2.10FB.Malware.Gen

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	216.58.200.238:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-04 21:40:55

Imports

Library ncrypt.dll:

• 0x403110 NCryptOpenStorageProvider

• 0x403114 NCryptOpenKey

• 0x403118 NCryptDeleteKey

• 0x40311c NCryptCreatePersistedKey

• 0x403120 NCryptSetProperty

• 0x403124 NCryptFinalizeKey

• 0x403128 NCryptExportKey

• 0x40312c BCryptOpenAlgorithmProvider

• 0x403130 BCryptGenerateKeyPair

• 0x403134 BCryptFinalizeKeyPair

• 0x403138 BCryptExportKey

• 0x40313c NCryptImportKey

• 0x403140 NCryptSecretAgreement

• 0x403144 NCryptDeriveKey

• 0x403148 BCryptImportKeyPair

• 0x40314c BCryptSecretAgreement

• 0x403150 BCryptDeriveKey

• 0x403154 NCryptFreeObject

• 0x403158 BCryptDestroyKey

• 0x40315c BCryptCloseAlgorithmProvider

• 0x403160 BCryptDestroySecret

Library KERNEL32.dll:

• 0x403008 GetCurrentThreadId

• 0x40300c GetTickCount

• 0x403010 QueryPerformanceCounter

• 0x403014 IsDebuggerPresent

• 0x403018 SetUnhandledExceptionFilter

• 0x40301c GetCurrentProcessId

• 0x403020 GetCurrentProcess

• 0x403024 TerminateProcess

• 0x403028 InterlockedCompareExchange

• 0x40302c Sleep

• 0x403030 InterlockedExchange

• 0x403034 UnhandledExceptionFilter

• 0x403038 GetSystemTimeAsFileTime

• 0x40303c ExitProcess

• 0x403040 FreeConsole

• 0x403044 GetProcessHeap

• 0x403048 HeapAlloc

• 0x40304c HeapFree

• 0x403050 LoadLibraryExA

Library ADVAPI32.dll:

• 0x403000 CryptAcquireContextA

Library MSVCP90.dll:

• 0x403058 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

• 0x40305c ?uncaught_exception@std@@YA_NXZ

• 0x403060 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

• 0x403064 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z

• 0x403068 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

• 0x40306c ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

• 0x403070 ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z

• 0x403074 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

• 0x403078 ?_Lock@_Mutex@std@@QAEXXZ

• 0x40307c ?_Unlock@_Mutex@std@@QAEXXZ

• 0x403080 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

Library MSVCR90.dll:

• 0x403088 _unlock

• 0x40308c __dllonexit

• 0x403090 _lock

• 0x403094 _onexit

• 0x403098 _decode_pointer

• 0x40309c _except_handler4_common

• 0x4030a0 _invoke_watson

• 0x4030a4 _controlfp_s

• 0x4030a8 ?terminate@@YAXXZ

• 0x4030ac wprintf

• 0x4030b0 _time64

• 0x4030b4 __CxxFrameHandler3

• 0x4030b8 atoi

• 0x4030bc rand

• 0x4030c0 srand

• 0x4030c4 memcpy

• 0x4030c8 _amsg_exit

• 0x4030cc __wgetmainargs

• 0x4030d0 _cexit

• 0x4030d4 _exit

• 0x4030d8 _XcptFilter

• 0x4030dc exit

• 0x4030e0 __winitenv

• 0x4030e4 _initterm

• 0x4030e8 _initterm_e

• 0x4030ec _configthreadlocale

• 0x4030f0 __setusermatherr

• 0x4030f4 _adjust_fdiv

• 0x4030f8 __p__commode

• 0x4030fc __p__fmode

• 0x403100 _encode_pointer

• 0x403104 __set_app_type

• 0x403108 _crt_debugger_hook

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
r3---sn-j5o7dn7e.gvt1.com	CNAME r3.sn-j5o7dn7e.gvt1.com A 113.108.239.196	113.108.239.196
redirector.gvt1.com	A 203.208.41.33	203.208.41.33
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
r1---sn-j5o7dn7e.gvt1.com	A 113.108.239.194 CNAME r1.sn-j5o7dn7e.gvt1.com	113.108.239.194
clients2.google.com	CNAME clients.l.google.com A 216.58.200.238	172.217.24.14
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
update.googleapis.com	A 203.208.41.34	203.208.41.34
teredo.ipv6.microsoft.com		127.0.0.1

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49187	113.108.239.194 r1---sn-j5o7dn7e.gvt1.com	80
192.168.56.101	49188	113.108.239.196 r3---sn-j5o7dn7e.gvt1.com	80
192.168.56.101	49186	203.208.41.33 redirector.gvt1.com	80
192.168.56.101	49185	203.208.41.34 update.googleapis.com	443

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	54260	114.114.114.114	53
192.168.56.101	54991	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	60088	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	60221	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	53380	224.0.0.252	5355
192.168.56.101	56743	224.0.0.252	5355

HTTP & HTTPS Requests

URI	Data
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=ffc5a65d214b5fa3&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619490020&mv=m	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=ffc5a65d214b5fa3&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619490020&mv=m HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=ffc5a65d214b5fa3&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619490020&mv=m	GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=ffc5a65d214b5fa3&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619490020&mv=m HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT Range: bytes=7523-20026 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=ffc5a65d214b5fa3&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619490020&mv=m	GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=ffc5a65d214b5fa3&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619490020&mv=m HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT Range: bytes=0-7522 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619490020&mv=m&mvi=1&pl=23&shardbypass=yes	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619490020&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.