9.2
极危
46 个模型检测该样本为恶意!
重新分析
更多

3792e6f32cbf56c7c18e180c466f9f19a9c0e43b09d0d14ee807a41b200eed00

535849f1d3b20571c3cdb070d0ee22cc.exe

分析耗时

114s

最近分析

文件大小

546.7KB
静态报毒 动态报毒 100% A@7Y5GWX AI SCORE=79 AUTOG BUNDLER CLICKMEIN CLOUD CONFIDENCE COVUS DOWNLOADERGUIDE DOWNLOADGUIDE DOWNLOADSPONSOR ELDORADO FILEREPMALWARE FKFKJS GRAYWARE HIGH CONFIDENCE MALICIOUS PE MAUVAISE PUWADERS R015C0PFT19 R245289 S4338671 SCORE UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee PUP-FXK 20190630 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20190630 18.4.3895.0
Tencent 20190630 1.0.0.1
Kingsoft 20190630 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (D) 20190212 1.0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (3 个事件)
suspicious_features POST method with no referer header suspicious_request POST http://dlg-configs.buzzrin.de/config-from-production
suspicious_features POST method with no referer header suspicious_request POST http://dlg-messages.buzzrin.de/1/dg/3
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:2033713183&cup2hreq=8efb2fdb51a36d6572a52582fc06e89abdba3017e4199a5c8f4940c361856423
Performs some HTTP requests (10 个事件)
request HEAD http://dlg-configs.buzzrin.de/
request POST http://dlg-configs.buzzrin.de/config-from-production
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/audacity/1.0/default/campaigns/product+website/ui/audacity-flow-5-text-en-us.zip
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/audacity/1.0/default/campaigns/product+website/ui/progress.zip
request POST http://dlg-messages.buzzrin.de/1/dg/3
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/audacity/1.0/default/campaigns/product+website/ui/base.zip
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/audacity/1.0/default/campaigns/product+website/ui/last.zip
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.99&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1620931401&mv=u&mvi=1&pl=23&shardbypass=yes
request POST https://update.googleapis.com/service/update2?cup2key=10:2033713183&cup2hreq=8efb2fdb51a36d6572a52582fc06e89abdba3017e4199a5c8f4940c361856423
Sends data using the HTTP POST Method (3 个事件)
request POST http://dlg-configs.buzzrin.de/config-from-production
request POST http://dlg-messages.buzzrin.de/1/dg/3
request POST https://update.googleapis.com/service/update2?cup2key=10:2033713183&cup2hreq=8efb2fdb51a36d6572a52582fc06e89abdba3017e4199a5c8f4940c361856423
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620960742.382501
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00930000
success 0 0
1620960815.319124
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004150000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Creates executable files on the filesystem (4 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DLG\ui\common\last\js\jquery-1.10.2.min.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DLG\ui\common\progress\js\jquery-1.10.2.min.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DLG\ui\common\base\js\jquery-1.10.2.min.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DLG\ui\offers\3cc9566f4a803e726fe2ff36e63a6bc3\js\jquery-1.10.2.min.js
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620960745.819501
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.29363915702178 section {'size_of_data': '0x00021c00', 'virtual_address': '0x0005a000', 'entropy': 7.29363915702178, 'name': '.rdata', 'virtual_size': '0x00021a50'} description A section with a high entropy has been found
entropy 0.2504638218923933 description Overall entropy of this PE file is high
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620960744.757501
InternetOpenA
proxy_bypass:
access_type: 0
proxy_name:
flags: 268435456
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1620960745.163501
RegSetValueExA
key_handle: 0x00000348
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620960748.398501
RegSetValueExA
key_handle: 0x0000040c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620960748.398501
RegSetValueExA
key_handle: 0x0000040c
value: Ðá«â9H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620960748.398501
RegSetValueExA
key_handle: 0x0000040c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620960748.398501
RegSetValueExW
key_handle: 0x0000040c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620960748.398501
RegSetValueExA
key_handle: 0x00000420
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620960748.398501
RegSetValueExA
key_handle: 0x00000420
value: Ðá«â9H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620960748.398501
RegSetValueExA
key_handle: 0x00000420
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620960748.460501
RegSetValueExW
key_handle: 0x00000408
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620960749.226501
RegSetValueExA
key_handle: 0x0000028c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620960749.226501
RegSetValueExA
key_handle: 0x0000028c
value: 9*ã9H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620960749.226501
RegSetValueExA
key_handle: 0x0000028c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620960749.226501
RegSetValueExW
key_handle: 0x0000028c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620960749.226501
RegSetValueExA
key_handle: 0x00000298
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620960749.226501
RegSetValueExA
key_handle: 0x00000298
value: 9*ã9H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620960749.226501
RegSetValueExA
key_handle: 0x00000298
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Generates some ICMP traffic
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.160.78:443
File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 个事件)
MicroWorld-eScan Gen:Variant.Application.Bundler.DownloadGuide.48
FireEye Generic.mg.535849f1d3b20571
CAT-QuickHeal PUA.Mauvaise.S4338671
Qihoo-360 Win32/Virus.Downloader.27f
McAfee PUP-FXK
Cylance Unsafe
K7GW Adware ( 004b92681 )
K7AntiVirus Adware ( 004b92681 )
Arcabit Trojan.Application.Bundler.DownloadGuide.48
TrendMicro TROJ_GEN.R015C0PFT19
F-Prot W32/S-e7937fa1!Eldorado
Symantec PUA.DownloadSponsor
Paloalto generic.ml
Kaspersky not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen
BitDefender Gen:Variant.Application.Bundler.DownloadGuide.48
NANO-Antivirus Riskware.Win32.Covus.fkfkjs
Endgame malicious (high confidence)
Emsisoft Gen:Variant.Application.Bundler.DownloadGuide.48 (B)
Comodo Application.Win32.DownloadGuide.A@7y5gwx
DrWeb Adware.ClickMeIn.9588
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Downloader.hh
Sophos Troj/AutoG-AF
Cyren W32/S-e7937fa1!Eldorado
Jiangmin Downloader.DownloaderGuide.aqk
MAX malware (ai score=79)
Antiy-AVL GrayWare[AdWare]/Win32.DownloadGuide.dd
Microsoft PUA:Win32/Puwaders.B!ml
ViRobot Adware.Downloadguide.559800.NJT
ZoneAlarm not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen
GData Win32.Application.DownloadGuide.T
AhnLab-V3 PUP/Win32.DownloadGuide.R245289
VBA32 Downloader.DownloaderGuide
Ad-Aware Gen:Variant.Application.Bundler.DownloadGuide.48
Malwarebytes Adware.Downloader
ESET-NOD32 a variant of Win32/DownloadGuide.D potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R015C0PFT19
Rising Adware.DownloadGuide!1.A1DB (CLOUD)
Yandex PUA.Downloader!
SentinelOne DFI - Malicious PE
eGambit Unsafe.AI_Score_99%
Fortinet Riskware/DownloaderGuide
AVG FileRepMalware [PUP]
Cybereason malicious.1d3b20
CrowdStrike win/malicious_confidence_100% (D)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-11-16 13:03:04

Imports

Library KERNEL32.dll:
0x45a05c LocalAlloc
0x45a060 LoadLibraryA
0x45a064 CreateEventW
0x45a068 WaitForSingleObject
0x45a06c SetFilePointer
0x45a070 SetFilePointerEx
0x45a074 SetEndOfFile
0x45a078 GetFileSize
0x45a07c ReadFile
0x45a084 GetCurrentProcessId
0x45a088 GetTempFileNameW
0x45a08c GetTickCount
0x45a094 MapViewOfFile
0x45a098 HeapFree
0x45a09c FindClose
0x45a0a0 GetFullPathNameW
0x45a0a4 FindFirstFileW
0x45a0a8 FindNextFileW
0x45a0ac DebugBreak
0x45a0b0 OutputDebugStringW
0x45a0b4 lstrlenA
0x45a0b8 LoadLibraryW
0x45a0bc MulDiv
0x45a0c0 lstrcmpW
0x45a0c4 GlobalUnlock
0x45a0c8 GlobalLock
0x45a0cc GlobalAlloc
0x45a0d0 FlushFileBuffers
0x45a0d4 CloseHandle
0x45a0d8 CreateFileW
0x45a0dc WriteConsoleW
0x45a0e0 SetStdHandle
0x45a0e4 LCMapStringW
0x45a0e8 GetConsoleMode
0x45a0ec GetConsoleCP
0x45a0f4 RtlUnwind
0x45a0fc GetFileType
0x45a100 SetHandleCount
0x45a10c GetStringTypeW
0x45a110 IsValidCodePage
0x45a114 GetOEMCP
0x45a118 GetACP
0x45a11c GetCPInfo
0x45a120 TlsFree
0x45a124 TlsSetValue
0x45a128 TlsGetValue
0x45a12c TlsAlloc
0x45a130 GetStdHandle
0x45a134 WriteFile
0x45a138 HeapReAlloc
0x45a13c HeapCreate
0x45a140 ExitProcess
0x45a144 HeapSize
0x45a148 Sleep
0x45a14c IsDebuggerPresent
0x45a158 TerminateProcess
0x45a15c GetStartupInfoW
0x45a160 HeapSetInformation
0x45a164 GetCommandLineW
0x45a168 DecodePointer
0x45a16c EncodePointer
0x45a174 VirtualAlloc
0x45a178 VirtualFree
0x45a180 HeapAlloc
0x45a184 GetProcessHeap
0x45a190 lstrlenW
0x45a194 GetModuleFileNameW
0x45a198 LoadLibraryExW
0x45a19c FindResourceW
0x45a1a0 LoadResource
0x45a1a4 SizeofResource
0x45a1a8 MultiByteToWideChar
0x45a1ac lstrcmpiW
0x45a1b0 FreeLibrary
0x45a1b4 SetLastError
0x45a1b8 GetLastError
0x45a1bc RaiseException
0x45a1c0 GetCurrentThreadId
0x45a1c8 GetCurrentProcess
0x45a1cc GetModuleHandleW
0x45a1d0 GetProcAddress
0x45a1dc WideCharToMultiByte
Library USER32.dll:
0x45a244 DestroyWindow
0x45a248 LoadCursorW
0x45a24c CreateWindowExW
0x45a250 RegisterClassExW
0x45a254 SetTimer
0x45a258 KillTimer
0x45a25c DefWindowProcW
0x45a260 GetWindowLongW
0x45a264 GetClassInfoExW
0x45a268 SetWindowLongW
0x45a26c CallWindowProcW
0x45a274 BeginPaint
0x45a278 FillRect
0x45a27c EndPaint
0x45a280 IsChild
0x45a284 SetFocus
0x45a288 GetDlgItem
0x45a28c GetClassNameW
0x45a290 GetSysColor
0x45a294 RedrawWindow
0x45a29c InvalidateRect
0x45a2a0 GetDesktopWindow
0x45a2a4 GetFocus
0x45a2a8 UpdateWindow
0x45a2ac SetWindowTextW
0x45a2b0 GetWindowTextW
0x45a2b8 ClientToScreen
0x45a2bc ReleaseDC
0x45a2c0 GetDC
0x45a2c4 PostMessageW
0x45a2c8 ShowWindow
0x45a2cc IsWindowVisible
0x45a2d0 GetWindow
0x45a2d4 MonitorFromWindow
0x45a2d8 GetMonitorInfoW
0x45a2dc GetParent
0x45a2e0 GetClientRect
0x45a2e4 MapWindowPoints
0x45a2e8 SetWindowPos
0x45a2ec MoveWindow
0x45a2f0 GetWindowRect
0x45a2f4 IsWindow
0x45a2f8 SendMessageW
0x45a2fc LoadImageW
0x45a300 LoadIconW
0x45a304 PeekMessageW
0x45a308 GetMessageW
0x45a30c TranslateMessage
0x45a310 DispatchMessageW
0x45a314 CharNextW
0x45a318 UnregisterClassA
Library GDI32.dll:
0x45a034 CreateSolidBrush
0x45a038 GetStockObject
0x45a03c GetDeviceCaps
0x45a040 GetObjectW
0x45a044 SelectObject
0x45a048 DeleteDC
0x45a04c DeleteObject
0x45a050 CreateCompatibleDC
Library COMDLG32.dll:
0x45a028 GetSaveFileNameW
0x45a02c GetOpenFileNameW
Library ADVAPI32.dll:
0x45a000 RegQueryInfoKeyW
0x45a004 RegDeleteKeyW
0x45a008 RegDeleteValueW
0x45a00c RegEnumKeyExW
0x45a010 RegSetValueExW
0x45a014 RegQueryValueExW
0x45a018 RegCreateKeyExW
0x45a01c RegOpenKeyExW
0x45a020 RegCloseKey
Library SHELL32.dll:
0x45a22c Shell_NotifyIconW
0x45a230 CommandLineToArgvW
0x45a234 DoEnvironmentSubstW
Library ole32.dll:
0x45a320 OleInitialize
0x45a328 OleLockRunning
0x45a32c OleUninitialize
0x45a330 CoTaskMemAlloc
0x45a334 CoTaskMemRealloc
0x45a338 CoTaskMemFree
0x45a33c CoCreateInstance
Library OLEAUT32.dll:
0x45a1ec SysAllocString
0x45a1f0 VariantChangeType
0x45a1f4 VariantClear
0x45a1fc DispCallFunc
0x45a200 VarBstrCat
0x45a204 SysStringByteLen
0x45a20c LoadTypeLib
0x45a210 LoadRegTypeLib
0x45a214 VarUI4FromStr
0x45a218 SysStringLen
0x45a21c SysFreeString
0x45a220 VariantInit
0x45a224 VariantCopy
Library SHLWAPI.dll:
0x45a23c PathFileExistsW

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49176 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49177 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49181 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49182 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49196 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49195 203.208.41.98 update.googleapis.com 443
192.168.56.101 49178 23.102.27.88 dlg-messages.buzzrin.de 80
192.168.56.101 49186 23.102.27.88 dlg-messages.buzzrin.de 80
192.168.56.101 49187 23.102.27.88 dlg-messages.buzzrin.de 80
192.168.56.101 49189 23.102.27.88 dlg-messages.buzzrin.de 80
192.168.56.101 49174 23.102.60.206 dlg-configs.buzzrin.de 80
192.168.56.101 49175 23.102.60.206 dlg-configs.buzzrin.de 80
192.168.56.101 49197 58.63.233.66 r1---sn-j5o76n7l.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://az687722.vo.msecnd.net/public-source/downloadguide/audacity/1.0/default/campaigns/product+website/ui/audacity-flow-5-text-en-us.zip 
GET /public-source/downloadguide/audacity/1.0/default/campaigns/product+website/ui/audacity-flow-5-text-en-us.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close
http://dlg-messages.buzzrin.de/1/dg/3 
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-messages.buzzrin.de
Content-Length: 367
Connection: Close

{"BuildId":"f5645a65-4add-45a9-be93-d0974d50d9cd","Client":"freemium","DlgVersion":"3.1.0.201","Culture":"zh-CN","LocalTime":"2021-05-13T20:52:52+08:00","SessionId":"3abbf2fb-ebda-46b5-9142-3cabe2d89347","MessageName":"ProductShown","Product":"audacity","ProductVersion":"1.0","Region":"default","Campaign":"product+website","Offer":"","TrackBackUrl":"","SubId":null}
http://dlg-messages.buzzrin.de/1/dg/3 
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-messages.buzzrin.de
Content-Length: 373
Connection: Close

{"BuildId":"f5645a65-4add-45a9-be93-d0974d50d9cd","Client":"freemium","DlgVersion":"3.1.0.201","Culture":"zh-CN","LocalTime":"2021-05-13T20:52:29+08:00","SessionId":"3abbf2fb-ebda-46b5-9142-3cabe2d89347","MessageName":"ApplicationStarted","Product":"audacity","ProductVersion":"1.0","Region":"default","Campaign":"product+website","Offer":"","TrackBackUrl":"","SubId":null}
http://az687722.vo.msecnd.net/public-source/downloadguide/audacity/1.0/default/campaigns/product+website/ui/progress.zip 
GET /public-source/downloadguide/audacity/1.0/default/campaigns/product+website/ui/progress.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://dlg-messages.buzzrin.de/1/dg/3 
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-messages.buzzrin.de
Content-Length: 373
Connection: Close

{"BuildId":"f5645a65-4add-45a9-be93-d0974d50d9cd","Client":"freemium","DlgVersion":"3.1.0.201","Culture":"zh-CN","LocalTime":"2021-05-13T20:52:47+08:00","SessionId":"3abbf2fb-ebda-46b5-9142-3cabe2d89347","MessageName":"ApplicationVisible","Product":"audacity","ProductVersion":"1.0","Region":"default","Campaign":"product+website","Offer":"","TrackBackUrl":"","SubId":null}
http://az687722.vo.msecnd.net/public-source/downloadguide/audacity/1.0/default/campaigns/product+website/ui/last.zip 
GET /public-source/downloadguide/audacity/1.0/default/campaigns/product+website/ui/last.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close
http://dlg-configs.buzzrin.de/config-from-production 
POST /config-from-production HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-configs.buzzrin.de
Content-Length: 215
Connection: Close

{"os":"WinNT","osver":"6.1.7601 (Service Pack 1) SP: 1.0","lang":"zh-CN","uid":"f86f21bc-e5d8-4e58-9fce-2ae2b7f127ee","prod":"audacity/1.0/campaigns/product+website/","expiresOn":"2119-06-28T15:10:40.4199381+00:00"}
http://dlg-messages.buzzrin.de/1/dg/3 
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-messages.buzzrin.de
Content-Length: 384
Connection: Close

{"BuildId":"f5645a65-4add-45a9-be93-d0974d50d9cd","Client":"freemium","DlgVersion":"3.1.0.201","Culture":"zh-CN","LocalTime":"2021-05-13T20:52:47+08:00","SessionId":"3abbf2fb-ebda-46b5-9142-3cabe2d89347","MessageName":"LoadingPrerequisitesCompleted","Product":"audacity","ProductVersion":"1.0","Region":"default","Campaign":"product+website","Offer":"","TrackBackUrl":"","SubId":null}
http://az687722.vo.msecnd.net/public-source/downloadguide/audacity/1.0/default/campaigns/product+website/ui/base.zip 
GET /public-source/downloadguide/audacity/1.0/default/campaigns/product+website/ui/base.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.