SmartHawk

9.6

极危

该样本未表现出任何异常！

重新分析

下载样本

f583607271148702c05bb7a0928c53bd72061f6eca394025cf921faaec54b331

5ee27486fe0f6575127038f099a33759.exe

分析耗时

127s

最近分析

文件大小

968.6KB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620794230.500124 IsDebuggerPresent		failed	0	0

This executable is signed

Tries to locate where the browsers are installed (3 个事件)

registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
registry	HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Mozilla Firefox
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620794201.515374 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.ndata

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)

suspicious_features

POST method with no referer header

suspicious_request

POST https://update.googleapis.com/service/update2?cup2key=10:4076652920&cup2hreq=b8e1f633288f1968873c1a044c704fbbebba4d3d7fdacc11f0737c8011d3d4dd

Performs some HTTP requests (24 个事件)

request	GET http://c6m7w2m9.ssl.hwcdn.net/playtech_compressed_assets/poker_dafa/index.7ze
request	GET http://fallback.playtech-installer.com/playtech_compressed_assets/poker_dafa/index.7ze
request	GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request	GET http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
request	GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
request	GET http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D
request	GET http://fallback.playtech-installer.com/playtech_compressed_assets/poker_dafa/templates/installer/new.7ze
request	GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D
request	GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEA9vgUi6vjWRQ%2F%2FlxBwzMK4%3D
request	HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request	HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620765144&mv=m&mvi=1&pl=23&shardbypass=yes
request	HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1c5bb0268270257&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620765144&mv=m&mvi=3
request	GET http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1c5bb0268270257&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620765144&mv=m&mvi=3
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=lc%2FDRl0hMFcb%2B2ZveOYd9a25zyg3qKOSvAjA%2BUMc4G%2FZvpDsIbm%2B5kfzNiPFdfQKRHQLZmfkD5gqnwzwew0v0DMVC805NyWjzYDGXcS9p4OlKMdbS4VTP0kBK7EatS6NYhKYl7wT5pS4eraxEMm751KR8P8tFQELigxGHvt6BVCLfS4H12b%2BaH5%2Fa0Yf21zsoPUme%2BTFkrrON1mE%2BDNw7kMKKQM8HfLXDMpWDJ5%2FDsNBirWgiunEGXetoAVmUD%2FYqiaSUZb0K0ZJPy6BEAvh7t4tGC4Iu0KNfWBM5iVs6Pp5cDjl8tDVMvifPJQoePybb%2FEmvEQVPUDyD4mXhnWO50dnjLnzDDn1zYskcV9bYdRu3J%2FSTgr0v5WBrwvJD06bi3sSnbQrZScJyT05TMGd4LKzxz4R6pTQrE%2BMA%2FCVGTOnZpvcj8cSaHiGaI5F12%2FhdLo11dBIl%2BiCKfPJ%2FSzd0%2FKSeugAfEr6eLitXtNZr9onzUrAyhbQ1uPkLCV06U5oc1t2bGwIMUUJpdgrHMShrXlL%2BjeD%2FzBVsFLOSP%2BY5b2ly1ivOzVzUFxJpRt%2BCpg5g2txIbPIUlesAeO%2FDMs2DkwcW4D0kuTQFooQ39dul3xxxhL4uyTv3oK3wPVEoXldykdQljFZq8g6ILdVdwQ6jlnmrWUpxxJ%2FDHs7AyU37gU%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=Q68wZ6mLN7Yv8l8YtMMYEtIimugY8MWvSZFWylX9WPAvu%2BPUxMeincMoshin68nULcF1ySBBRL%2Bfm0Jn1obNAVjwX9JeQstHuqqpwjl%2FGWUJe2HR1KsHA0yJUeS7D%2F0QQaDD1bSDwt9%2BtkIrnq8jQTvGl3BSR9XeTgZssUT1WVJ9vIIW2ZR1MZJ83%2FJlhKH3NIdNx%2FDTr6nS%2B1PrK%2BG9CeaT57Gj9kPU0IyN2RKlF3Co%2BugqBWZkGpa5J%2B2vL%2BS5TZxojaMlxoLk5xsBaJEvqATiyXS%2FEpC9Dy1gJtmLlXHVwY%2FbZ4yNefo%2BJGzOMkiR5cEtHr%2FGRE2%2FoppUry6PtZJiNfUOzzFL8rN0y%2FBc8Xf8thHUgdToVnJUpOr40hjq8q46M47NRL5hnefICVf8vNf218%2FQQTeVufg4wlGBMFv6%2B8NKAFRShr%2BjeK%2F0XHuQJS6WRC9qlRO%2FQWcPU%2BvWW%2FajMRAPOXuqCq%2FpyTbUBfj8HSlxyT7nRsrp6BSn%2BQTGS20phSxlE2PLDSNfoKUabPuDxudBJlq2yecbcXkhd%2FGMm%2Flpu2rG%2FqyZqNJBWmnoDrUlFJ9uKsafeRMmD6l%2FUe8KELmFi8G4cUdgxuBYeAQ3NxjvkkXZnhKJNX4f2Mqa0W80%2B1jRsMlElgCp88JkxYi8p5J%2BRgRASzECFg7nvNE%3D
request	GET https://c6m7w2m9.ssl.hwcdn.net/playtech_compressed_assets/poker_dafa/templates/installer/new.7ze
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=Q4IWTG2dW5W%2BDe5mAzuo6eQPr1klz8Boupahjzx1tIIQGcMwirtmjcYMM3UAtdToxpYoKRiYHpcP9lc1U64OGas%2Bxc9xJ7TwLDj5wv0iSlGqnQNk8Mtoo7Hu0tfX30VjZCtQMxWAbxuI8su1U%2BhztWwZVFHmqvIoiIcq0sSNAIBSVXKlHyDn%2BLlrDC8nKb9zneZJdGT%2B78%2Fy1N%2FKJadkrKq1aftwIbkGHuJ3neIC9ypdMU5sIL2%2F2OsEpeJCD8KQcfWg%2BCi42vF3%2Fp9gdHKF6rI100At1hRTDsUfblVLiRBrKQm46hxOWHGduMDKViUMWEgGoUq8H%2B2%2BskcZStQJ%2F2JiduYuc7nIEZh4I857%2B8FkA%2FFElt7T7dstIbkOZ%2Blie8UmzSd%2FJgGZv9UK%2F9Pl%2Brb7hgNWiMCQBOG0TPRqdMzNwrOXA6NALJEM0K1TmGtIxnL5ZHW6HwvEKtxU0eYEwNGuLdeQvSRWRp9fvmnJRCKKtdkhmWYKLAKWE%2BG2Q%2BmIVdNR%2F1Hq%2Fr%2FgjfPSFYy0iHNk23slj%2FYbeKFl%2BJlIFu69Dl7%2BVTV0AMUxUAZTVdvi2h0prEF8YEgSqKCtQMZIZOAuRv3TO2yOp%2Bida6xpSSy%2BxOsPdHikVJ%2FAX2VVYAS%2FKlpQkjRfBb0J%2F1%2Fgmoa2KhYpk8LCWMlFg5YGUhHa%2FJc%3D
request	GET https://cachepkr-banner.141p0lcb.com/download/poker/client_update_urls.php
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=f7J6f0%2FWng3vo5Fg%2Fvualk7viBxrB8OhKyXQNqvFKeJYE71X%2FKt5FxT5%2Fz4ZIWg4%2FxJuowzY4Ek3qKv3VICkVvbvqHAgeyu3mgyEnOn7ra8I03zKRpBPg4z07VcsXhcsOwW9O2bgfu43eOEjSd%2Bqd9UslQ2JYB%2BdakrGvLJE78LRh4iTG0Ayl%2FYCPO%2BCh9nHI9kzHltY7wmR59QZEjbI%2FqXPfFiI58imzHbvzNKqn1jKPWsgebG1hkENoNB4ylApIqJ4nnLYrrI6ZcNDnyA6NKnSh3e3%2Bg80q47W9UKkcRDWRuoE7drQuBACJQkvzpllHwavodsFlF7Ds5xN2qFbWNi9Hp4tnk4bBleqhUSp2CZIyXCmiJqOgReqo26m2phhheoFhv2zfIXoJDOYgvwVL4M13tg8ncXFVrucrvoXvcbrsZyO%2BaA0xmYsgz5BDUKCrUhBSH28OwuaD4uroHnRZ7%2FBkrPb4bB6tzEgTLHnAXrpawoCjeE28reENuN6Fpw0XmG9176Obhf40f1ZZLcP8CuCocE3CwNO0xORb8jrePJDZSxw3JVQDY2Go7IWgi9iQR1Jt2FECwDCq4LBDU%2F6YhaaiSL%2BN8bnezc0Hsn9Yn1slVERCBgOV65BhtRqO4d4y2BuaGUN8jo%2FbzvMUrpp4HrmxeHlRcZFci9zjYepeaQ%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=I3I3G0RyHx%2FakFIgrWHkumXqWxQwhgGadQBxwDxZ1mnuc3tlU5iQayQ%2BvbbGwh0J8wVRehPRHADI7bJJ3MjHN7gdY97YgUGWbQruj8VqHVUZtHODX7%2Bq2VnCJvOUSsxH9ptZaUn4Tm5eouaNaGNdXN8buaxhAdrSzRGPENkmyyuwG9m4TZCZrosfhy7bnwpPx2hjF%2F4sJ9TWl3J6%2Bs%2FDF3iIPa07mqy7z%2B0QyE8cONRVgfrVR0T4OG2U%2BATXK5S83YqGqJvLWQOo4ICInZe%2BLcdiqgc%2Bw1rwd%2B2KfqmysTPoX5u%2FxSaCtJ6U82B7ona2kv%2FJUeFnc2R8srmGkPA6ILLMmbM9VS154HaxHt9tKK39wvP033%2FUbv29eVEpJezMfjmrtj2mKY4FkAnilsMTH%2FtyUbzhPTyDm6nYqOuVwYeCh%2BTY8GfN27lcxqdLI1kxWuudoZthzsndWTT%2F58kzHL9HUTJYsDVMwh8w7azS%2BuEXeWu1aK7ckFQSAHj2jFhefH%2F8FgsSu2PCWY5OBy3DIAdj0Si6AaimmsJjHd6NKjECNyCwIvNRgRtpTScgx3J0%2F%2FZA1GN0m6%2F%2BbkpQT4l2pFYPqHpdjYXHCQC32SkKrJRiAhF0Tu5i1edD9zVgyOJRl%2F72TJ9V0C2GjMYlL0tBuXGwIhvFLxBog5vtOWsK4So%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=lRC7JW5z%2FxDbZufkWcUWMMVBH3n9ybH9%2FX4qLBxItacdPsiTY0Bgbmfi22sSeSY%2B%2BtPHtt%2Fx7jAFbBMhSkuj1LhRprnvxJ6cjwPQNHF0syUf3oVMW2lZi%2Bur%2FbdsfK8RkO%2B7VJpieiJtppK%2BEYf3hL7AM3D1pw4TcgPWUigzfe7BFvwtJ6GQktyLgMoj%2FQj91%2FyB8kcJ%2Fb653R%2FVv1OGyswZ7bWq4BsiU9ow%2BWS5PA1OdkNM9LY%2BuOkiLvEonfahbSdR5cSDCvzS0Usy%2F0SCFrxCXex3VvHFZD3jvjwSAgtiOywZDP1%2FIjF7QvIbGc4kZxHy3FRugXCbEYLVEwYYQdV3XG69IomtA0jk3m2DlUfD2VTBWZdf8GKvAcJW1ckYNLKPyT30HxLcsINMlFCtKztSwx8Aa7BPUVS5xCAN1uP0WAOEJZQUnXni3thml9oOu74V4pEb6X6olt0dqRIX%2BKIECCZOCBh19TIHnLKj5JlK0B3FUjuPFol7eo0f%2F5s4YAk6W25uBMaVbqOfA%2FBb54H7c12gSBSUCcQ6BWEDYe4%2FFS2HDe%2BaYBQaWdzAlIRMS%2BjiWlclBZ%2BdRg8ANzpqOgK4K%2BBO3UB8jIlAPAVOn4j53F3HnJQ%2FCSd%2F%2BH%2FbiIQX47Y9ZsXHXA0DPzslo19b7Y9xwVKCE2WNQm77ZZ7OExQ%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=AfuSX6EVrGJAr3nNaml4YrGPNtXMU7p9k6C3uNnufPCERosWPb%2FWaeYlGL%2FMdwA4%2Fj2IS7KnS2OzA8u4LQVCcD4W5BJC1uE%2FbKSlFfp%2FTR1vbo3ByCxx2j2OPAmhbFQn8uYqQSRJ0wZz%2BtTqBDR2oGCcRiIFZMDfsDHvE0WOscR%2B9cAvS%2FLC32qhadRzbuUBtm0un0KA5NPS1775eGSrAtH0PZsh20MXXmhaCwW2vX0HY2cWLigSktHCD4zv%2F0WMC1NAigJDSVyIsxA0NMaf%2FjS3TtriG2gxw0Cg%2F9CF899fib3fDrtwXq7lliP7ZPHvns6J%2BxAssTyAZsZdmpK8yqadV8rp8ZRFBFC5vp7IVeXXSYSHEdOnhCibvqtgzLTXnx6dskzesZRJKTmsXMWIuSv4MjlupnH2z3srRVMmf4BF3FcD1OGbEGdSucFJ2%2FXgta5PTd3fdDwn8266JtRCV6sbpNr8dFa278d8ST2GVK82FX1WGU36ixJVjs5OudAf6w5zVQErS01WLrVbBaeUyt8j0cTfDrWMFxO2qBYsOq10Hi9NgbG8Bu%2Bf%2B5Pojw4zcf2J7%2BNA7JmPJg3jPqc5KeXByvKQ9Q0shAqXFCenwm9BqL531myTeP%2Fc9qTXf%2FcZ0ZYQhbt2Ys6K6YXON0pc4M0VCA4dNPvqmBPn26wuwuA%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=hUeeeQtH9K0Ry3VVx28zat4JsKDbinYnrj7cTAlobKCmadSWuChDQYkuelZBuUg0fBlYneq5cQEtnPixGvtkEk7MjC2LieLfTj4f9L5ZQJ7r0xbhPznn1xmrMs28gYqzb2hzPhUirYF%2FSGSTRfoOxad2KAK428AMjDksysIJU7sDWcTHWOdb45RLC3cA40SqBE%2BRG0nbSq9xJsx9Uff3jvjf1X65otigxoHfqrdRmY%2B4ntLGqpKxsUfpgt7j5erSEy0hA2hi8LJ%2B8jwVcE7V5CVvlxfEPVON0iXtxYC%2FlNL7LEzUfXOWu7r8a%2BYE0lEK%2BQ7HYTde7dUO6VVLR%2FR4l3S5obscFCIaFYA9Dvg4GFm5Em24VOCCiCYz5iuYCDWgcwwxtsIchIYKBKiN62ri4iqlCfRWroU0aAQeJme1KOVqzdoV%2FM0x%2Bb5xNzyGUISzOD7D8b2GAfv30C0kclXPPQAzQG7z0xyA6hX4SSlDelnOl9lcnoswkKm5URh2QsqIY%2FqFPUD4zKLk22V36QDXdwGfBLoEDKW0H%2BGiKS1sfSdQBe7LlqgGEz9HEYCsAxIOFb7F1KnTPlOrMMilPmkGgz1YFrOjhQzfQL9VBwpaBJCfx6rPD29eaH%2F7Rbsu2YvUdAN45J%2BEJu5DCurhaeuwg7eZ3dZmiOWyYxwGUzBncTo%3D
request	POST https://update.googleapis.com/service/update2?cup2key=10:4076652920&cup2hreq=b8e1f633288f1968873c1a044c704fbbebba4d3d7fdacc11f0737c8011d3d4dd

Sends data using the HTTP POST Method (1 个事件)

request

POST https://update.googleapis.com/service/update2?cup2key=10:4076652920&cup2hreq=b8e1f633288f1968873c1a044c704fbbebba4d3d7fdacc11f0737c8011d3d4dd

Allocates read-write-execute memory (usually to unpack itself) (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620794204.766124 NtAllocateVirtualMemory	process_identifier: 3000 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02bc0000	success	0	0
1620794263.485001 NtAllocateVirtualMemory	process_identifier: 1424 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00000000041b0000	success	0	0

Checks whether any human activity is being performed by constantly checking whether the foreground window changed

Steals private information from local Internet browsers (2 个事件)

registry	HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox
registry	HKEY_CURRENT_USER\Software\Mozilla\Mozilla Firefox

Creates executable files on the filesystem (2 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\51CACBD39622481B95103E516529E5CF\new\js\template.js
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsr86B1.tmp\internal5ee27486fe0f6575127038f099a33759.exe

Drops an executable to the user AppData folder (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsr86B1.tmp\internal5ee27486fe0f6575127038f099a33759.exe

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620794205.625124 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (4 个事件)

Time & API	Arguments	Status	Return
1620794229.063124 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1
1620794229.078124 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1
1620794229.078124 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1
1620794229.094124 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1

Queries for potentially installed applications (6 个事件)

Time & API	Arguments	Status	Return
1620794202.875124 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000001 key_handle: 0x00000000 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	failed	2
1620794202.875124 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x000000dc regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	success	0
1620794215.891124 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000001 key_handle: 0x00000000 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	failed	2
1620794215.891124 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000884 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	success	0
1620794215.907124 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000001 key_handle: 0x00000000 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	failed	2
1620794215.907124 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x0000050c regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	success	0

Reads the systems User Agent and subsequently performs requests (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620794215.922124 InternetOpenW	proxy_bypass: access_type: 0 proxy_name: flags: 0 user_agent: Playtech WinClient Downloader/1.0	success	13369372	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Attempts to create or modify system certificates (1 个事件)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)

Time & API	Arguments	Status
1620794209.141124 RegSetValueExA	key_handle: 0x000004d4 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1620794209.141124 RegSetValueExA	key_handle: 0x000004d4 value: @?ÝF× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1620794209.141124 RegSetValueExA	key_handle: 0x000004d4 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1620794209.157124 RegSetValueExW	key_handle: 0x000004d4 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1620794209.157124 RegSetValueExA	key_handle: 0x000004f0 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1620794209.157124 RegSetValueExA	key_handle: 0x000004f0 value: @?ÝF× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1620794209.157124 RegSetValueExA	key_handle: 0x000004f0 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1620794209.219124 RegSetValueExW	key_handle: 0x000004d0 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success
1620794209.860124 RegSetValueExA	key_handle: 0x0000053c value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1620794209.860124 RegSetValueExA	key_handle: 0x0000053c value: 09?ÝF× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1620794209.860124 RegSetValueExA	key_handle: 0x0000053c value: 0 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1620794209.860124 RegSetValueExW	key_handle: 0x0000053c value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1620794209.875124 RegSetValueExA	key_handle: 0x0000054c value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1620794209.875124 RegSetValueExA	key_handle: 0x0000054c value: 09?ÝF× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1620794209.875124 RegSetValueExA	key_handle: 0x0000054c value: 0 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)

dead_host	172.217.160.110:443
dead_host	172.217.24.14:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2012-02-19 23:01:49

Imports

Library ADVAPI32.dll:

• 0x429340 RegCloseKey

• 0x429344 RegCreateKeyExA

• 0x429348 RegDeleteKeyA

• 0x42934c RegDeleteValueA

• 0x429350 RegEnumKeyA

• 0x429354 RegEnumValueA

• 0x429358 RegOpenKeyExA

• 0x42935c RegQueryValueExA

• 0x429360 RegSetValueExA

Library COMCTL32.DLL:

• 0x429368 ImageList_AddMasked

• 0x42936c ImageList_Create

• 0x429370 ImageList_Destroy

• 0x429374 InitCommonControls

Library GDI32.dll:

• 0x42937c CreateBrushIndirect

• 0x429380 CreateFontIndirectA

• 0x429384 DeleteObject

• 0x429388 GetDeviceCaps

• 0x42938c SelectObject

• 0x429390 SetBkColor

• 0x429394 SetBkMode

• 0x429398 SetTextColor

Library KERNEL32.dll:

• 0x4293a0 CloseHandle

• 0x4293a4 CompareFileTime

• 0x4293a8 CopyFileA

• 0x4293ac CreateDirectoryA

• 0x4293b0 CreateFileA

• 0x4293b4 CreateProcessA

• 0x4293b8 CreateThread

• 0x4293bc DeleteFileA

• 0x4293c0 ExitProcess

• 0x4293c4 ExpandEnvironmentStringsA

• 0x4293c8 FindClose

• 0x4293cc FindFirstFileA

• 0x4293d0 FindNextFileA

• 0x4293d4 FreeLibrary

• 0x4293d8 GetCommandLineA

• 0x4293dc GetCurrentProcess

• 0x4293e0 GetDiskFreeSpaceA

• 0x4293e4 GetExitCodeProcess

• 0x4293e8 GetFileAttributesA

• 0x4293ec GetFileSize

• 0x4293f0 GetFullPathNameA

• 0x4293f4 GetLastError

• 0x4293f8 GetModuleFileNameA

• 0x4293fc GetModuleHandleA

• 0x429400 GetPrivateProfileStringA

• 0x429404 GetProcAddress

• 0x429408 GetShortPathNameA

• 0x42940c GetSystemDirectoryA

• 0x429410 GetTempFileNameA

• 0x429414 GetTempPathA

• 0x429418 GetTickCount

• 0x42941c GetVersion

• 0x429420 GetWindowsDirectoryA

• 0x429424 GlobalAlloc

• 0x429428 GlobalFree

• 0x42942c GlobalLock

• 0x429430 GlobalUnlock

• 0x429434 LoadLibraryA

• 0x429438 LoadLibraryExA

• 0x42943c MoveFileA

• 0x429440 MulDiv

• 0x429444 MultiByteToWideChar

• 0x429448 ReadFile

• 0x42944c RemoveDirectoryA

• 0x429450 SearchPathA

• 0x429454 SetCurrentDirectoryA

• 0x429458 SetErrorMode

• 0x42945c SetFileAttributesA

• 0x429460 SetFilePointer

• 0x429464 SetFileTime

• 0x429468 Sleep

• 0x42946c WaitForSingleObject

• 0x429470 WriteFile

• 0x429474 WritePrivateProfileStringA

• 0x429478 lstrcatA

• 0x42947c lstrcmpA

• 0x429480 lstrcmpiA

• 0x429484 lstrcpynA

• 0x429488 lstrlenA

Library ole32.dll:

• 0x429490 CoCreateInstance

• 0x429494 CoTaskMemFree

• 0x429498 OleInitialize

• 0x42949c OleUninitialize

Library SHELL32.DLL:

• 0x4294a4 SHBrowseForFolderA

• 0x4294a8 SHFileOperationA

• 0x4294ac SHGetFileInfoA

• 0x4294b0 SHGetPathFromIDListA

• 0x4294b4 SHGetSpecialFolderLocation

• 0x4294b8 ShellExecuteA

Library USER32.dll:

• 0x4294c0 AppendMenuA

• 0x4294c4 BeginPaint

• 0x4294c8 CallWindowProcA

• 0x4294cc CharNextA

• 0x4294d0 CharPrevA

• 0x4294d4 CheckDlgButton

• 0x4294d8 CloseClipboard

• 0x4294dc CreateDialogParamA

• 0x4294e0 CreatePopupMenu

• 0x4294e4 CreateWindowExA

• 0x4294e8 DefWindowProcA

• 0x4294ec DestroyWindow

• 0x4294f0 DialogBoxParamA

• 0x4294f4 DispatchMessageA

• 0x4294f8 DrawTextA

• 0x4294fc EmptyClipboard

• 0x429500 EnableMenuItem

• 0x429504 EnableWindow

• 0x429508 EndDialog

• 0x42950c EndPaint

• 0x429510 ExitWindowsEx

• 0x429514 FillRect

• 0x429518 FindWindowExA

• 0x42951c GetClassInfoA

• 0x429520 GetClientRect

• 0x429524 GetDC

• 0x429528 GetDlgItem

• 0x42952c GetDlgItemTextA

• 0x429530 GetMessagePos

• 0x429534 GetSysColor

• 0x429538 GetSystemMenu

• 0x42953c GetSystemMetrics

• 0x429540 GetWindowLongA

• 0x429544 GetWindowRect

• 0x429548 InvalidateRect

• 0x42954c IsWindow

• 0x429550 IsWindowEnabled

• 0x429554 IsWindowVisible

• 0x429558 LoadBitmapA

• 0x42955c LoadCursorA

• 0x429560 LoadImageA

• 0x429564 MessageBoxIndirectA

• 0x429568 OpenClipboard

• 0x42956c PeekMessageA

• 0x429570 PostQuitMessage

• 0x429574 RegisterClassA

• 0x429578 ScreenToClient

• 0x42957c SendMessageA

• 0x429580 SendMessageTimeoutA

• 0x429584 SetClassLongA

• 0x429588 SetClipboardData

• 0x42958c SetCursor

• 0x429590 SetDlgItemTextA

• 0x429594 SetForegroundWindow

• 0x429598 SetTimer

• 0x42959c SetWindowLongA

• 0x4295a0 SetWindowPos

• 0x4295a4 SetWindowTextA

• 0x4295a8 ShowWindow

• 0x4295ac SystemParametersInfoA

• 0x4295b0 TrackPopupMenu

• 0x4295b4 wsprintfA

Library VERSION.dll:

• 0x4295bc GetFileVersionInfoA

• 0x4295c0 GetFileVersionInfoSizeA

• 0x4295c4 VerQueryValueA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
ocsp.sectigo.com	A 151.139.128.14	151.139.128.14
r3---sn-j5o7dn7e.gvt1.com	CNAME r3.sn-j5o7dn7e.gvt1.com A 113.108.239.196	113.108.239.196
ocsp.comodoca.com	A 151.139.128.14	151.139.128.14
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
t8u4n6u7.ssl.hwcdn.net	A 205.185.208.154	205.185.208.154
c6m7w2m9.ssl.hwcdn.net	A 205.185.208.154	205.185.208.154
fallback.playtech-installer.com	CNAME s3-website-eu-west-1.amazonaws.com CNAME pt-installer.s3-website-eu-west-1.amazonaws.com A 52.218.53.172	52.218.56.92
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com A 172.217.160.78	216.58.200.46
cachepkr-banner.141p0lcb.com	A 14.0.44.247 CNAME p69754.cdnga.net A 14.0.44.211	14.0.44.211
ocsp.usertrust.com	A 151.139.128.14	151.139.128.14
www.download.windowsupdate.com	A 124.225.105.97 CNAME 2-01-3cf7-0009.cdx.cedexis.net CNAME www.download.windowsupdate.com.cdn.dnsv1.com CNAME windowsupdate.sched.s11.tdnsv5.com CNAME 3573033.pack.cdntip.com CNAME wu-fg-shim.trafficmanager.net	116.11.67.6
r1---sn-j5o7dn7e.gvt1.com	A 113.108.239.194 CNAME r1.sn-j5o7dn7e.gvt1.com	113.108.239.194
redirector.gvt1.com	A 203.208.41.65	113.108.239.161
update.googleapis.com	A 203.208.41.98	113.108.239.162
ocsp.digicert.com	CNAME cs9.wac.phicdn.net A 117.18.237.29	93.184.220.29
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49214	113.108.239.194 r1---sn-j5o7dn7e.gvt1.com	80
192.168.56.101	49215	113.108.239.196 r3---sn-j5o7dn7e.gvt1.com	80
192.168.56.101	49198	117.18.237.29 ocsp.digicert.com	80
14.0.44.211	443	192.168.56.101	49197
192.168.56.101	49186	124.225.105.97 www.download.windowsupdate.com	80
192.168.56.101	49187	124.225.105.97 www.download.windowsupdate.com	80
192.168.56.101	49203	14.0.44.211 cachepkr-banner.141p0lcb.com	443
192.168.56.101	49188	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49189	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49190	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49191	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49193	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49194	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49213	203.208.41.65 redirector.gvt1.com	80
192.168.56.101	49212	203.208.41.98 update.googleapis.com	443
192.168.56.101	49181	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	80
192.168.56.101	49182	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49183	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49195	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49196	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50433	114.114.114.114	53
192.168.56.101	50849	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	53210	114.114.114.114	53
192.168.56.101	53380	114.114.114.114	53
192.168.56.101	53500	114.114.114.114	53
192.168.56.101	53661	114.114.114.114	53
192.168.56.101	54178	114.114.114.114	53
192.168.56.101	54260	114.114.114.114	53
192.168.56.101	54991	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	56743	114.114.114.114	53
192.168.56.101	57236	114.114.114.114	53
192.168.56.101	57367	114.114.114.114	53
192.168.56.101	58070	114.114.114.114	53
192.168.56.101	58970	114.114.114.114	53
192.168.56.101	60088	114.114.114.114	53
192.168.56.101	60221	114.114.114.114	53

HTTP & HTTPS Requests

URI	Data
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEA9vgUi6vjWRQ%2F%2FlxBwzMK4%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEA9vgUi6vjWRQ%2F%2FlxBwzMK4%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab	GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com
http://fallback.playtech-installer.com/playtech_compressed_assets/poker_dafa/index.7ze	GET /playtech_compressed_assets/poker_dafa/index.7ze HTTP/1.1 Accept: / C: \Users\Administrator.Oskar-PC\AppData\Local\Temp\51CACBD39622481B95103E516529E5CF\index.7ze User-Agent: Playtech WinClient Downloader/1.0 Host: fallback.playtech-installer.com Connection: Keep-Alive Cache-Control: no-cache
http://c6m7w2m9.ssl.hwcdn.net/playtech_compressed_assets/poker_dafa/index.7ze	GET /playtech_compressed_assets/poker_dafa/index.7ze HTTP/1.1 Accept: / C: \Users\Administrator.Oskar-PC\AppData\Local\Temp\51CACBD39622481B95103E516529E5CF\index.7ze User-Agent: Playtech WinClient Downloader/1.0 Host: c6m7w2m9.ssl.hwcdn.net Connection: Keep-Alive Cache-Control: no-cache
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.usertrust.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com
http://fallback.playtech-installer.com/playtech_compressed_assets/poker_dafa/templates/installer/new.7ze	GET /playtech_compressed_assets/poker_dafa/templates/installer/new.7ze HTTP/1.1 Accept: / C: \Users\Administrator.Oskar-PC\AppData\Local\Temp\51CACBD39622481B95103E516529E5CF\new (1).7z User-Agent: Playtech WinClient Downloader/1.0 Host: fallback.playtech-installer.com Connection: Keep-Alive Cache-Control: no-cache
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1c5bb0268270257&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620765144&mv=m&mvi=3	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1c5bb0268270257&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620765144&mv=m&mvi=3 HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1c5bb0268270257&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620765144&mv=m&mvi=3	GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1c5bb0268270257&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620765144&mv=m&mvi=3 HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT Range: bytes=0-6886 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.