7.2
高危
52 个模型检测该样本为恶意!
重新分析
更多

77bb9beb8318e0e3fd93efbb987a8109a83339e661437dbf2aa569a1ecbda8ec

48e651cba486043a9680685c3cef2969.exe

分析耗时

107s

最近分析

文件大小

330.5KB
静态报毒 动态报毒 AI SCORE=84 AIDETECT ATTRIBUTE BSCOPE CLOUD CONFIDENCE DEAS DECZK EMOTET EMOTETU GENCIRC GENERICKDZ GENETIC HIGH CONFIDENCE HIGHCONFIDENCE HQRZZF HYKCQX8A KCLOUD KTCYIUXL KVM003 LOADER MALWARE2 MALWARE@#2NPT4AV5S1S5W R346971 S + TROJ S18810661 SAVE SCORE STATIC AI SUSGEN SUSPICIOUS PE TRICK TRICKBO TRICKBOT TROJANPSW UNSAFE UQX@AMXCLHCI UQX@IMXCLHCI ZENPAK ZENPAKRI ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Trickbot.0ffc4036 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20210324 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cde60e 20210324 1.0.0.1
Kingsoft Win32.Heur.KVM003.a.(kcloud) 20210324 2017.9.26.565
McAfee Emotet-FSA!48E651CBA486 20210324 6.0.6.653
CrowdStrike win/malicious_confidence_90% (W) 20210203 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619472053.124395
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable has a PDB path (1 个事件)
pdb_path C:\Users\User\Desktop\Windows-classic-samples-master\Windows-classic-samples-master\Samples\Security\SecretAgreementWithPersistedKeys\cpp\Release\SecretAgreementWithPersistedKeys.pdb
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619472084.578395
__exception__
stacktrace: 
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
hook_in_monitor+0x45 lde-0x133 @ 0x747f42ea
New_ntdll_LdrGetProcedureAddress+0x43 New_ntdll_LdrLoadDll-0x156 @ 0x7480f7f3
GetProcAddress+0x60 GetModuleHandleA-0x80 kernelbase+0x4190 @ 0x7fefdc54190
SvchostPushServiceGlobals+0x471 WinHttpQueryOption-0x1a7b winhttp+0x1eb99 @ 0x7fef9efeb99
SvchostPushServiceGlobals+0x4fb WinHttpQueryOption-0x19f1 winhttp+0x1ec23 @ 0x7fef9efec23
WinHttpConnect+0x1ab WinHttpGetDefaultProxyConfiguration-0x1615 winhttp+0x13fe7 @ 0x7fef9ef3fe7

registers.r14: -7155628004640524791
registers.r9: 1955190784
registers.rcx: 0
registers.rsi: 3797536
registers.r10: 0
registers.rbx: 0
registers.rdi: 0
registers.r11: 0
registers.r8: 5
registers.rdx: 2
registers.rbp: 0
registers.r15: 27996953
registers.r12: 3877680
registers.rsp: 2483472
registers.rax: 1
registers.r13: 443
exception.instruction_r: 48 8b 01 4a 89 44 c6 78 4d 85 e4 74 08 4b 89 8c
exception.symbol: RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a
exception.instruction: mov rax, qword ptr [rcx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 105050
exception.address: 0x77b69a5a
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 个事件)
suspicious_features Connection to IP address suspicious_request GET https://195.123.241.90/ono61/OSKAR-PC_W617601.33B7D77BBFFBB77B3F1373BD5B3FB17B/5/spk/
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:663883475&cup2hreq=e27e31b000e619f28cb25cf1853606acd01509abb4a6ab1aa9c5327bd20a3171
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619443472&mv=m&mvi=1&pl=23&shardbypass=yes
request GET https://195.123.241.90/ono61/OSKAR-PC_W617601.33B7D77BBFFBB77B3F1373BD5B3FB17B/5/spk/
request POST https://update.googleapis.com/service/update2?cup2key=10:663883475&cup2hreq=e27e31b000e619f28cb25cf1853606acd01509abb4a6ab1aa9c5327bd20a3171
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:663883475&cup2hreq=e27e31b000e619f28cb25cf1853606acd01509abb4a6ab1aa9c5327bd20a3171
Allocates read-write-execute memory (usually to unpack itself) (9 个事件)
Time & API Arguments Status Return Repeated
1619472470.230751
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 212992
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003c0000
success 0 0
1619472470.339751
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 204800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004a0000
success 0 0
1619472470.339751
NtProtectVirtualMemory
process_identifier: 2032
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 204800
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004e1000
success 0 0
1619472471.870751
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00780000
success 0 0
1619472471.870751
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x10000000
success 0 0
1619472471.870751
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x10001000
success 0 0
1619472472.230751
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00790000
success 0 0
1619472472.230751
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007a0000
success 0 0
1619472472.230751
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007b0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.666678938622542 section {'size_of_data': '0x0004fa00', 'virtual_address': '0x00005000', 'entropy': 7.666678938622542, 'name': '.rsrc', 'virtual_size': '0x0004f8b0'} description A section with a high entropy has been found
entropy 0.9680851063829787 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (3 个事件)
Time & API Arguments Status Return Repeated
1619472043.109395
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619472045.640395
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619472049.968395
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 195.123.241.90
host 45.138.158.32
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.EmotetU.Gen.uqX@imxCLHci
FireEye Generic.mg.48e651cba486043a
CAT-QuickHeal Trojan.ZenpakRI.S18810661
ALYac Trojan.EmotetU.Gen.uqX@imxCLHci
Cylance Unsafe
Zillya Trojan.Emotet.Win32.23344
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00561b741 )
Alibaba Trojan:Win32/Trickbot.0ffc4036
K7GW Trojan ( 00561b741 )
Cybereason malicious.ba4860
Cyren W32/Trojan.DEAS-4121
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Trojan.Win32.Zenpak.pef
BitDefender Trojan.EmotetU.Gen.uqX@imxCLHci
NANO-Antivirus Trojan.Win32.Trick.hqrzzf
Tencent Malware.Win32.Gencirc.10cde60e
Ad-Aware Trojan.EmotetU.Gen.uqX@imxCLHci
Sophos Mal/Generic-S + Troj/Trickbo-YF
Comodo Malware@#2npt4av5s1s5w
DrWeb Trojan.Trick.46562
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition Emotet-FSA!48E651CBA486
MaxSecure Trojan.Malware.74649578.susgen
Emsisoft Trojan.EmotetU.Gen.uqX@imxCLHci (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Banker.Emotet.oan
Avira TR/AD.TrickBot.deczk
Kingsoft Win32.Heur.KVM003.a.(kcloud)
Gridinsoft Trojan.Win32.TrickBot.oa
Microsoft Trojan:Win32/Trickbot.VC!MTB
GData Trojan.EmotetU.Gen.uqX@imxCLHci
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Trickbot.R346971
McAfee Emotet-FSA!48E651CBA486
MAX malware (ai score=84)
VBA32 BScope.Backdoor.Emotet
Malwarebytes Trojan.Loader
ESET-NOD32 Win32/TrickBot.CR
Rising Trojan.TrickBot!1.CA23 (CLOUD)
Yandex Trojan.TrickBot!ktCYIUxL/Mo
Ikarus Trojan.Win32.Trickbot
Fortinet W32/GenericKDZ.6887!tr
BitDefenderTheta Gen:NN.ZexaF.34628.uqX@amxCLHci
AVG Win32:Malware-gen
Panda Trj/Genetic.gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 45.138.158.32:443
dead_host 216.58.200.238:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-04 21:40:55

Imports

Library ncrypt.dll:
0x403114 NCryptOpenKey
0x403118 NCryptDeleteKey
0x403120 NCryptSetProperty
0x403124 NCryptFinalizeKey
0x403128 NCryptExportKey
0x403138 BCryptExportKey
0x40313c NCryptImportKey
0x403144 NCryptDeriveKey
0x403148 BCryptImportKeyPair
0x403150 BCryptDeriveKey
0x403154 NCryptFreeObject
0x403158 BCryptDestroyKey
0x403160 BCryptDestroySecret
Library KERNEL32.dll:
0x403008 GetCurrentThreadId
0x40300c GetTickCount
0x403014 IsDebuggerPresent
0x40301c GetCurrentProcessId
0x403020 GetCurrentProcess
0x403024 TerminateProcess
0x40302c Sleep
0x403030 InterlockedExchange
0x40303c ExitProcess
0x403040 FreeConsole
0x403044 GetProcessHeap
0x403048 HeapAlloc
0x40304c HeapFree
0x403050 LoadLibraryExA
Library ADVAPI32.dll:
Library MSVCP90.dll:
Library MSVCR90.dll:
0x403088 _unlock
0x40308c __dllonexit
0x403090 _lock
0x403094 _onexit
0x403098 _decode_pointer
0x4030a0 _invoke_watson
0x4030a4 _controlfp_s
0x4030a8 ?terminate@@YAXXZ
0x4030ac wprintf
0x4030b0 _time64
0x4030b4 __CxxFrameHandler3
0x4030b8 atoi
0x4030bc rand
0x4030c0 srand
0x4030c4 memcpy
0x4030c8 _amsg_exit
0x4030cc __wgetmainargs
0x4030d0 _cexit
0x4030d4 _exit
0x4030d8 _XcptFilter
0x4030dc exit
0x4030e0 __winitenv
0x4030e4 _initterm
0x4030e8 _initterm_e
0x4030ec _configthreadlocale
0x4030f0 __setusermatherr
0x4030f4 _adjust_fdiv
0x4030f8 __p__commode
0x4030fc __p__fmode
0x403100 _encode_pointer
0x403104 __set_app_type
0x403108 _crt_debugger_hook

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49189 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49182 195.123.241.90 443
192.168.56.101 49188 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49187 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619443472&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619443472&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.