9.2
极危
50 个模型检测该样本为恶意!
重新分析
更多

44804cb7260341503e1251c90e22bd2a281bbd396c7545199e557379da24c6ed

58b17ca3e380c472896c69025a6771a4.exe

分析耗时

125s

最近分析

文件大小

961.9KB
静态报毒 动态报毒 ADWAREFILETOUR AGEN AI SCORE=80 APPLICUNWNT@#2FGK9PL73PKKR ARTEMIS CONFIDENCE CSDI CSDIMONETIZE EOREZO EZDPIZ GENERICKD HIGH CONFIDENCE INNOSETUP INSTALLCORE LKPI MJYS QCN6NHHY1NQ QVM42 R002C0WI320 R350583 SCORE SXYF UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!58B17CA3E380 20201230 6.0.6.653
Alibaba AdWare:Win32/Generic.f128001d 20190527 0.3.0.5
Avast Win32:Adware-gen [Adw] 20201230 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20201230 2017.9.26.565
Tencent Msil.Adware.Csdi.Sxyf 20201230 1.0.0.1
CrowdStrike win/malicious_confidence_80% (D) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (13 个事件)
Time & API Arguments Status Return Repeated
1620768460.323374
IsDebuggerPresent
failed 0 0
1620768470.230625
IsDebuggerPresent
failed 0 0
1620768470.402625
IsDebuggerPresent
failed 0 0
1620768479.448625
IsDebuggerPresent
failed 0 0
1620768479.589625
IsDebuggerPresent
failed 0 0
1620768479.636625
IsDebuggerPresent
failed 0 0
1620768479.683625
IsDebuggerPresent
failed 0 0
1620768479.698625
IsDebuggerPresent
failed 0 0
1620768479.823625
IsDebuggerPresent
failed 0 0
1620768479.917625
IsDebuggerPresent
failed 0 0
1620768467.08925
IsDebuggerPresent
failed 0 0
1620768467.08925
IsDebuggerPresent
failed 0 0
1620768467.16725
IsDebuggerPresent
failed 0 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome.dll
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620768461.355625
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:1264719826&cup2hreq=8ac21e053f14e3f23d89f9d905103d8154550c07220ab0350a6e2686d6168f59
Performs some HTTP requests (5 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739233&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=af296016180a9523&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739473&mv=m&mvi=3
request GET http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=af296016180a9523&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739473&mv=m&mvi=3
request POST https://update.googleapis.com/service/update2?cup2key=10:1264719826&cup2hreq=8ac21e053f14e3f23d89f9d905103d8154550c07220ab0350a6e2686d6168f59
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1264719826&cup2hreq=8ac21e053f14e3f23d89f9d905103d8154550c07220ab0350a6e2686d6168f59
Allocates read-write-execute memory (usually to unpack itself) (5 个事件)
Time & API Arguments Status Return Repeated
1620768460.230374
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620768460.230374
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 45056
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00401000
success 0 0
1620768460.230374
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 192512
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00410000
success 0 0
1620768460.667625
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e60000
success 0 0
1620768523.339374
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004050000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Steals private information from local Internet browsers (15 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\First Run
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-609AB9ED-6B0.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RFcb097a.TMP
Creates executable files on the filesystem (3 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\is-UR33V.tmp\psvince.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\is-UR33V.tmp\itdownload.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\is-UR33V.tmp\idp.dll
Drops an executable to the user AppData folder (4 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\is-UR33V.tmp\psvince.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\is-8OI6B.tmp\58b17ca3e380c472896c69025a6771a4.tmp
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\is-UR33V.tmp\idp.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\is-UR33V.tmp\itdownload.dll
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (5 个事件)
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Creates a windows hook that monitors keyboard input (keylogger) (1 个事件)
Time & API Arguments Status Return Repeated
1620768473.167374
SetWindowsHookExW
thread_identifier: 0
callback_function: 0x00000000ff35ae10
module_address: 0x00000000ff2b0000
hook_identifier: 13 (WH_KEYBOARD_LL)
success 393683 0
One or more non-safelisted processes were created (1 个事件)
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef2264f50,0x7fef2264f60,0x7fef2264f70
File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)
Elastic malicious (high confidence)
DrWeb Adware.Eorezo.1011
MicroWorld-eScan Trojan.GenericKD.43834936
FireEye Trojan.GenericKD.43834936
CAT-QuickHeal Trojan.Csdimonetize
McAfee Artemis!58B17CA3E380
Cylance Unsafe
Sangfor Malware
K7AntiVirus Adware ( 00519ead1 )
Alibaba AdWare:Win32/Generic.f128001d
K7GW Adware ( 00519ead1 )
Cybereason malicious.3e380c
Arcabit Trojan.Generic.D29CDE38
Cyren W32/Trojan.LKPI-8753
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win32/Adware.Agent.NSU
APEX Malicious
Avast Win32:Adware-gen [Adw]
Kaspersky not-a-virus:AdWare.MSIL.Csdi.gen
BitDefender Trojan.GenericKD.43834936
NANO-Antivirus Trojan.InnoSetup.Dwn.ezdpiz
ViRobot Adware.Eorezo.984977
Ad-Aware Trojan.GenericKD.43834936
Emsisoft Trojan.GenericKD.43834936 (B)
Comodo ApplicUnwnt@#2fgk9pl73pkkr
F-Secure Heuristic.HEUR/AGEN.1101524
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0WI320
McAfee-GW-Edition BehavesLike.Win32.AdwareFileTour.dc
Jiangmin AdWare.MSIL.mjys
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1101524
MAX malware (ai score=80)
Gridinsoft Adware.Win32.Agent.vb
Microsoft Adware:Win32/CsdiMonetize
AegisLab Adware.MSIL.Csdi.2!c
ZoneAlarm not-a-virus:AdWare.MSIL.Csdi.gen
GData Trojan.GenericKD.43834936
Cynet Malicious (score: 100)
AhnLab-V3 PUP/Win32.InstallCore.R350583
VBA32 Adware.Eorezo
Malwarebytes Adware.Csdimonetize
TrendMicro-HouseCall TROJ_GEN.R002C0WI320
Tencent Msil.Adware.Csdi.Sxyf
Yandex PUA.Agent!QCN6nHhy1NQ
Fortinet Adware/Csdi
AVG Win32:Adware-gen [Adw]
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_80% (D)
Qihoo-360 Generic/HEUR/QVM42.3.989F.Malware.Gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x40e0c4 VirtualFree
0x40e0c8 VirtualAlloc
0x40e0cc LocalFree
0x40e0d0 LocalAlloc
0x40e0d4 WideCharToMultiByte
0x40e0d8 TlsSetValue
0x40e0dc TlsGetValue
0x40e0e0 MultiByteToWideChar
0x40e0e4 GetModuleHandleA
0x40e0e8 GetLastError
0x40e0ec GetCommandLineA
0x40e0f0 WriteFile
0x40e0f4 SetFilePointer
0x40e0f8 SetEndOfFile
0x40e0fc RtlUnwind
0x40e100 ReadFile
0x40e104 RaiseException
0x40e108 GetStdHandle
0x40e10c GetFileSize
0x40e110 GetSystemTime
0x40e114 GetFileType
0x40e118 ExitProcess
0x40e11c CreateFileA
0x40e120 CloseHandle
Library user32.dll:
0x40e128 MessageBoxA
Library oleaut32.dll:
0x40e130 VariantChangeTypeEx
0x40e134 VariantCopyInd
0x40e138 VariantClear
0x40e13c SysStringLen
0x40e140 SysAllocStringLen
Library advapi32.dll:
0x40e148 RegQueryValueExA
0x40e14c RegOpenKeyExA
0x40e150 RegCloseKey
0x40e154 OpenProcessToken
Library kernel32.dll:
0x40e160 WriteFile
0x40e164 VirtualQuery
0x40e168 VirtualProtect
0x40e16c VirtualFree
0x40e170 VirtualAlloc
0x40e174 Sleep
0x40e178 SizeofResource
0x40e17c SetLastError
0x40e180 SetFilePointer
0x40e184 SetErrorMode
0x40e188 SetEndOfFile
0x40e18c RemoveDirectoryA
0x40e190 ReadFile
0x40e194 LockResource
0x40e198 LoadResource
0x40e19c LoadLibraryA
0x40e1a0 IsDBCSLeadByte
0x40e1a8 GetVersionExA
0x40e1ac GetVersion
0x40e1b4 GetSystemInfo
0x40e1b8 GetSystemDirectoryA
0x40e1c0 GetProcAddress
0x40e1c4 GetModuleHandleA
0x40e1c8 GetModuleFileNameA
0x40e1cc GetLocaleInfoA
0x40e1d0 GetLastError
0x40e1d4 GetFullPathNameA
0x40e1d8 GetFileSize
0x40e1dc GetFileAttributesA
0x40e1e0 GetExitCodeProcess
0x40e1e8 GetCurrentProcess
0x40e1ec GetCommandLineA
0x40e1f0 GetACP
0x40e1f4 InterlockedExchange
0x40e1f8 FormatMessageA
0x40e1fc FindResourceA
0x40e200 DeleteFileA
0x40e204 CreateProcessA
0x40e208 CreateFileA
0x40e20c CreateDirectoryA
0x40e210 CloseHandle
Library user32.dll:
0x40e218 TranslateMessage
0x40e21c SetWindowLongA
0x40e220 PeekMessageA
0x40e228 MessageBoxA
0x40e22c LoadStringA
0x40e230 ExitWindowsEx
0x40e234 DispatchMessageA
0x40e238 DestroyWindow
0x40e23c CreateWindowExA
0x40e240 CallWindowProcA
0x40e244 CharPrevA
Library comctl32.dll:
0x40e24c InitCommonControls
Library advapi32.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49197 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49198 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49193 203.208.40.34 update.googleapis.com 443
192.168.56.101 49196 203.208.41.65 redirector.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355
192.168.56.101 54260 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=af296016180a9523&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739473&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=af296016180a9523&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739473&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=20451-35925
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=af296016180a9523&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739473&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=af296016180a9523&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739473&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739233&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739233&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=af296016180a9523&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739473&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=af296016180a9523&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739473&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=0-7886
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=af296016180a9523&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739473&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=af296016180a9523&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620739473&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=7887-20450
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.