8.2
高危
该样本未表现出任何异常!
重新分析
更多

c580eb7b5681f48b10db4533e87f763e059e352b143310c6b44275407a215fc2

5f47a2fd131be300b09d2ed52d81e98d.exe

分析耗时

204s

最近分析

文件大小

12.8MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Checks if process is being debugged by a debugger (26 个事件)
Time & API Arguments Status Return Repeated
1620762828.968375
IsDebuggerPresent
failed 0 0
1620762828.968375
IsDebuggerPresent
failed 0 0
1620801942.865124
IsDebuggerPresent
failed 0 0
1620801942.974124
IsDebuggerPresent
failed 0 0
1620801953.599124
IsDebuggerPresent
failed 0 0
1620801953.740124
IsDebuggerPresent
failed 0 0
1620801953.740124
IsDebuggerPresent
failed 0 0
1620801953.880124
IsDebuggerPresent
failed 0 0
1620801953.958124
IsDebuggerPresent
failed 0 0
1620801954.036124
IsDebuggerPresent
failed 0 0
1620801954.036124
IsDebuggerPresent
failed 0 0
1620801954.036124
IsDebuggerPresent
failed 0 0
1620801956.099124
IsDebuggerPresent
failed 0 0
1620801958.255124
IsDebuggerPresent
failed 0 0
1620801964.802124
IsDebuggerPresent
failed 0 0
1620801965.099124
IsDebuggerPresent
failed 0 0
1620801965.365124
IsDebuggerPresent
failed 0 0
1620801968.740124
IsDebuggerPresent
failed 0 0
1620801969.911124
IsDebuggerPresent
failed 0 0
1620801971.365124
IsDebuggerPresent
failed 0 0
1620801974.646124
IsDebuggerPresent
failed 0 0
1620801976.677124
IsDebuggerPresent
failed 0 0
1620801984.630124
IsDebuggerPresent
failed 0 0
1620801931.630124
IsDebuggerPresent
failed 0 0
1620801931.630124
IsDebuggerPresent
failed 0 0
1620801931.661124
IsDebuggerPresent
failed 0 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
This executable has a PDB path (1 个事件)
pdb_path D:\Projects\GomPlayer_Tags\2.3.56.5320\project\map_pdb\GOM32R_vc120_ReleaseU.pdb
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome.dll
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620762829.109375
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .GOMSH
The file contains an unknown PE resource name possibly indicative of a packer (5 个事件)
resource name JPG
resource name PNG
resource name REGISTRY
resource name TXT
resource name None
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620801987.990124
__exception__
stacktrace: 
0xb92e04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

registers.r14: 4972001791488
registers.r9: 0
registers.rcx: 1404
registers.rsi: -6148914691236517206
registers.r10: 0
registers.rbx: 272493520
registers.rdi: 17302540
registers.r11: 272497440
registers.r8: 2009563532
registers.rdx: 1368
registers.rbp: 272493376
registers.r15: 272493880
registers.r12: 272494280
registers.rsp: 272493240
registers.rax: 12135936
registers.r13: 4972002738176
exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 a3 77
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xb92e04
success 0 0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:3578824793&cup2hreq=21a578d88c1adb1e0dba6560eef6ff1db0565db103331e17625f9ac6f228b51e
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2
Performs some HTTP requests (6 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3
request GET http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3
request POST https://update.googleapis.com/service/update2?cup2key=10:3578824793&cup2hreq=21a578d88c1adb1e0dba6560eef6ff1db0565db103331e17625f9ac6f228b51e
request POST https://update.googleapis.com/service/update2
Sends data using the HTTP POST Method (2 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3578824793&cup2hreq=21a578d88c1adb1e0dba6560eef6ff1db0565db103331e17625f9ac6f228b51e
request POST https://update.googleapis.com/service/update2
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620762828.968375
NtProtectVirtualMemory
process_identifier: 648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77dcf000
success 0 0
1620762881.843625
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004130000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
An application raised an exception which may be indicative of an exploit crash (2 个事件)
Application Crash Process chrome.exe with pid 1948 crashed
Time & API Arguments Status Return Repeated
1620801987.990124
__exception__
stacktrace: 
0xb92e04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

registers.r14: 4972001791488
registers.r9: 0
registers.rcx: 1404
registers.rsi: -6148914691236517206
registers.r10: 0
registers.rbx: 272493520
registers.rdi: 17302540
registers.r11: 272497440
registers.r8: 2009563532
registers.rdx: 1368
registers.rbp: 272493376
registers.r15: 272493880
registers.r12: 272494280
registers.rsp: 272493240
registers.rax: 12135936
registers.r13: 4972002738176
exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 a3 77
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xb92e04
success 0 0
Steals private information from local Internet browsers (25 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF942cad.TMP
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-609B2E9F-79C.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\First Run
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Last Version
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Policy\User Policy
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
Foreign language identified in PE resource (50 out of 360 个事件)
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name JPG language LANG_KOREAN offset 0x00b65bd0 filetype JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 285x35, frames 3 sublanguage SUBLANG_KOREAN size 0x00000ca5
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
name PNG language LANG_KOREAN offset 0x00b86fc8 filetype PNG image data, 373 x 226, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_KOREAN size 0x0000bce6
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
One or more non-safelisted processes were created (2 个事件)
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,218120610648906123,18201786754046614906,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1092 /prefetch:2
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef2564f50,0x7fef2564f60,0x7fef2564f70
Resumed a suspended thread in a remote process potentially indicative of process injection (26 个事件)
Process injection Process 2956 resumed a thread in remote process 1948
Time & API Arguments Status Return Repeated
1620801995.411124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620801995.536124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620801995.615124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620801995.708124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620801995.818124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620801995.911124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620801996.021124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620801996.099124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802000.052124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802002.615124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802006.302124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802007.911124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802011.099124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802013.583124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802016.474124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802019.599124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802024.036124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802028.927124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802033.911124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802039.599124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802042.771124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802047.521124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802054.911124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802062.021124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
1620802069.646124
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1948
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-25 08:36:13

Imports

Library WINMM.dll:
0xa7ac94 mixerGetDevCapsW
0xa7ac98 mixerGetLineInfoW
0xa7aca0 waveOutGetNumDevs
0xa7aca8 PlaySoundW
0xa7acac mixerGetID
0xa7acb0 mixerGetNumDevs
0xa7acb4 mixerClose
0xa7acb8 mixerOpen
Library KERNEL32.dll:
0xa7a2e8 TlsFree
0xa7a2ec GlobalReAlloc
0xa7a2f0 GlobalHandle
0xa7a2f4 LocalReAlloc
0xa7a2f8 GlobalFlags
0xa7a300 SetErrorMode
0xa7a304 SearchPathW
0xa7a308 ExitThread
0xa7a30c IsDebuggerPresent
0xa7a314 MoveFileExW
0xa7a318 ExitProcess
0xa7a31c GetModuleHandleExW
0xa7a320 RtlUnwind
0xa7a324 VirtualAlloc
0xa7a32c SetStdHandle
0xa7a330 GetStartupInfoW
0xa7a340 CreateSemaphoreW
0xa7a344 IsValidCodePage
0xa7a348 TlsSetValue
0xa7a34c GetConsoleMode
0xa7a350 ReadConsoleW
0xa7a354 SetFilePointerEx
0xa7a358 GetConsoleCP
0xa7a35c GetStringTypeW
0xa7a364 GetDateFormatW
0xa7a368 GetTimeFormatW
0xa7a36c LCMapStringW
0xa7a370 IsValidLocale
0xa7a374 EnumSystemLocalesW
0xa7a378 WriteConsoleW
0xa7a380 InterlockedExchange
0xa7a384 SwitchToThread
0xa7a388 lstrlenA
0xa7a38c VirtualFree
0xa7a398 InitializeSListHead
0xa7a39c MoveFileW
0xa7a3a0 DuplicateHandle
0xa7a3a4 TlsGetValue
0xa7a3a8 TlsAlloc
0xa7a3ac GetProfileIntW
0xa7a3b0 GlobalGetAtomNameW
0xa7a3b4 GetFileSizeEx
0xa7a3b8 ReplaceFileW
0xa7a3bc GetOEMCP
0xa7a3c0 GetThreadLocale
0xa7a3c4 SuspendThread
0xa7a3c8 lstrcmpA
0xa7a3cc ReleaseSemaphore
0xa7a3d0 GlobalMemoryStatus
0xa7a3e0 SizeofResource
0xa7a3e4 LockResource
0xa7a3e8 LoadResource
0xa7a3ec FindResourceW
0xa7a400 GetLastError
0xa7a408 RaiseException
0xa7a40c FreeLibrary
0xa7a410 GetCurrentProcess
0xa7a414 GetModuleHandleW
0xa7a418 LoadLibraryW
0xa7a41c Sleep
0xa7a420 GetModuleFileNameW
0xa7a424 GetProcAddress
0xa7a428 VirtualProtect
0xa7a42c CloseHandle
0xa7a430 lstrlenW
0xa7a434 MultiByteToWideChar
0xa7a438 lstrcmpW
0xa7a43c GlobalAlloc
0xa7a440 GlobalLock
0xa7a444 GlobalUnlock
0xa7a448 CreateDirectoryW
0xa7a44c GetFileAttributesW
0xa7a450 GetLocalTime
0xa7a454 GetDiskFreeSpaceExW
0xa7a458 DeleteFileW
0xa7a460 GetVersionExW
0xa7a464 OutputDebugStringW
0xa7a468 VerSetConditionMask
0xa7a46c VerifyVersionInfoW
0xa7a470 LocalFree
0xa7a474 WideCharToMultiByte
0xa7a478 CopyFileW
0xa7a47c GetNativeSystemInfo
0xa7a480 GetSystemInfo
0xa7a488 GlobalFindAtomW
0xa7a48c GlobalAddAtomW
0xa7a490 GlobalDeleteAtom
0xa7a498 EncodePointer
0xa7a49c GetVersionExA
0xa7a4a0 MoveFileA
0xa7a4b0 GetModuleHandleA
0xa7a4b4 SetFileAttributesA
0xa7a4b8 CreateDirectoryA
0xa7a4bc GetDriveTypeA
0xa7a4c0 FindNextFileA
0xa7a4c4 FindFirstFileA
0xa7a4c8 IsDBCSLeadByte
0xa7a4cc GetCPInfo
0xa7a4d0 GetFileType
0xa7a4d4 GetStdHandle
0xa7a4d8 SetFileTime
0xa7a4dc DeleteFileA
0xa7a4e0 AreFileApisANSI
0xa7a4e4 GetSystemTime
0xa7a4e8 GetTempPathA
0xa7a4f0 GetDiskFreeSpaceA
0xa7a4f4 CreateFileMappingA
0xa7a4f8 LockFileEx
0xa7a4fc HeapValidate
0xa7a500 HeapCreate
0xa7a504 GetFileAttributesA
0xa7a508 FormatMessageA
0xa7a50c UnlockFileEx
0xa7a514 LockFile
0xa7a518 FlushViewOfFile
0xa7a51c UnlockFile
0xa7a524 SetEndOfFile
0xa7a52c HeapCompact
0xa7a530 CreateMutexW
0xa7a534 GetFullPathNameA
0xa7a540 UnmapViewOfFile
0xa7a544 MapViewOfFile
0xa7a548 CreateFileMappingW
0xa7a54c SetFileAttributesW
0xa7a550 GetProcessId
0xa7a558 GetSystemDirectoryA
0xa7a55c SetDllDirectoryW
0xa7a560 CreateFileW
0xa7a564 DeviceIoControl
0xa7a568 LoadLibraryExW
0xa7a56c lstrcmpiW
0xa7a570 SetPriorityClass
0xa7a574 RemoveDirectoryW
0xa7a578 LocalAlloc
0xa7a57c LoadLibraryA
0xa7a580 ResumeThread
0xa7a584 GetACP
0xa7a588 GetLocaleInfoW
0xa7a58c GetLongPathNameW
0xa7a590 TerminateThread
0xa7a598 GetUserDefaultLCID
0xa7a59c CreateThread
0xa7a5a0 GetCurrentProcessId
0xa7a5a4 CompareStringW
0xa7a5a8 FindResourceExW
0xa7a5b0 GetFullPathNameW
0xa7a5b4 GlobalSize
0xa7a5b8 GetLogicalDrives
0xa7a5bc DeleteTimerQueueEx
0xa7a5c0 CreateTimerQueue
0xa7a5c4 GetDiskFreeSpaceW
0xa7a5c8 GetCommandLineW
0xa7a5d0 GetSystemDirectoryW
0xa7a5d8 GetFileTime
0xa7a5dc SetThreadPriority
0xa7a5e0 GetTempFileNameW
0xa7a5e4 GetTempPathW
0xa7a5e8 GetVersion
0xa7a5ec IsDBCSLeadByteEx
0xa7a5f0 FreeResource
0xa7a5f4 FindClose
0xa7a5f8 FindNextFileW
0xa7a5fc FindFirstFileW
0xa7a600 SetLastError
0xa7a610 ResetEvent
0xa7a614 SetEvent
0xa7a618 CreateEventW
0xa7a61c GetExitCodeProcess
0xa7a620 WaitForSingleObject
0xa7a624 lstrcpynW
0xa7a62c GetCurrentThread
0xa7a630 IsBadWritePtr
0xa7a634 VirtualQuery
0xa7a638 FormatMessageW
0xa7a640 FlushFileBuffers
0xa7a644 WriteFile
0xa7a648 CreateFileA
0xa7a654 ReadFile
0xa7a658 SetFilePointer
0xa7a65c GetFileSize
0xa7a664 GetDriveTypeW
0xa7a668 OutputDebugStringA
0xa7a66c DecodePointer
0xa7a670 HeapSize
0xa7a674 HeapDestroy
0xa7a678 GetProcessHeap
0xa7a67c HeapFree
0xa7a680 HeapAlloc
0xa7a684 HeapReAlloc
0xa7a68c Process32NextW
0xa7a690 Process32FirstW
0xa7a694 TerminateProcess
0xa7a698 OpenProcess
0xa7a6b4 GlobalFree
0xa7a6b8 lstrcpyW
0xa7a6bc WinExec
0xa7a6c0 MulDiv
0xa7a6c4 GetTickCount
0xa7a6c8 CreateProcessW
0xa7a6d0 GetCurrentThreadId
Library USER32.dll:
0xa7a7e8 ShowOwnedPopups
0xa7a7f4 IsZoomed
0xa7a7f8 ReuseDDElParam
0xa7a7fc UnpackDDElParam
0xa7a800 InsertMenuItemW
0xa7a804 WindowFromPoint
0xa7a808 SendDlgItemMessageA
0xa7a80c GetMessageW
0xa7a810 IsDialogMessageW
0xa7a814 IsDlgButtonChecked
0xa7a818 CheckDlgButton
0xa7a820 SetMenuItemBitmaps
0xa7a824 MonitorFromWindow
0xa7a828 WinHelpW
0xa7a82c GetScrollInfo
0xa7a830 SetScrollInfo
0xa7a834 MapWindowPoints
0xa7a838 GetScrollRange
0xa7a83c SetScrollRange
0xa7a840 GetScrollPos
0xa7a844 SetScrollPos
0xa7a848 ScrollWindow
0xa7a84c ValidateRect
0xa7a850 SetMenu
0xa7a854 EndDeferWindowPos
0xa7a858 DeferWindowPos
0xa7a85c BeginDeferWindowPos
0xa7a860 SetWindowPlacement
0xa7a864 GetMessageTime
0xa7a868 GetMessagePos
0xa7a870 GetLastActivePopup
0xa7a874 MapDialogRect
0xa7a878 GetAsyncKeyState
0xa7a87c GetMenuState
0xa7a880 CharToOemBuffA
0xa7a884 CharUpperA
0xa7a888 OemToCharA
0xa7a88c CharLowerA
0xa7a890 CharToOemA
0xa7a894 OemToCharBuffA
0xa7a898 SetLastErrorEx
0xa7a89c AnimateWindow
0xa7a8a0 ShowScrollBar
0xa7a8a4 UnregisterHotKey
0xa7a8a8 RegisterHotKey
0xa7a8ac GetKeyNameTextW
0xa7a8b0 MapVirtualKeyW
0xa7a8b4 InsertMenuA
0xa7a8b8 mouse_event
0xa7a8bc ExitWindowsEx
0xa7a8c4 ShowCursor
0xa7a8c8 SetActiveWindow
0xa7a8cc EnumDisplayDevicesW
0xa7a8d0 GetActiveWindow
0xa7a8d4 CreateMenu
0xa7a8d8 SetMenuItemInfoW
0xa7a8dc DeleteMenu
0xa7a8e0 RemoveMenu
0xa7a8e4 CheckMenuItem
0xa7a8e8 CheckMenuRadioItem
0xa7a8ec EnableMenuItem
0xa7a8f0 GetDoubleClickTime
0xa7a8f4 PostThreadMessageW
0xa7a8f8 PostQuitMessage
0xa7a8fc GetCapture
0xa7a900 GetNextDlgTabItem
0xa7a904 DrawEdge
0xa7a908 DrawFrameControl
0xa7a90c DrawFocusRect
0xa7a910 IsWindowEnabled
0xa7a914 MessageBeep
0xa7a918 NotifyWinEvent
0xa7a91c wsprintfA
0xa7a920 CharUpperW
0xa7a924 GetMenu
0xa7a928 AdjustWindowRectEx
0xa7a930 GetClassInfoW
0xa7a938 SubtractRect
0xa7a93c AppendMenuW
0xa7a940 GetWindowDC
0xa7a944 InflateRect
0xa7a948 SetForegroundWindow
0xa7a94c AttachThreadInput
0xa7a954 DestroyIcon
0xa7a958 LoadMenuW
0xa7a95c GetMenuItemInfoW
0xa7a960 ModifyMenuW
0xa7a964 GetUpdateRect
0xa7a968 GetMenuStringW
0xa7a96c EnumChildWindows
0xa7a970 GetDlgCtrlID
0xa7a974 GrayStringW
0xa7a978 DrawTextExW
0xa7a97c UpdateLayeredWindow
0xa7a980 SetRect
0xa7a984 GetWindowLongW
0xa7a988 SetWindowLongW
0xa7a98c TabbedTextOutW
0xa7a990 MonitorFromPoint
0xa7a994 GetMonitorInfoW
0xa7a998 MonitorFromRect
0xa7a99c CharNextW
0xa7a9a0 RedrawWindow
0xa7a9a8 InvalidateRgn
0xa7a9ac GetDesktopWindow
0xa7a9b4 LoadCursorFromFileW
0xa7a9b8 SetParent
0xa7a9bc GetClassLongW
0xa7a9c0 SetClassLongW
0xa7a9c4 DestroyCursor
0xa7a9c8 MessageBoxW
0xa7a9cc GetClassInfoExW
0xa7a9d0 RegisterClassExW
0xa7a9d4 UpdateWindow
0xa7a9d8 EqualRect
0xa7a9dc DestroyMenu
0xa7a9e0 TrackPopupMenu
0xa7a9e4 GetMenuItemCount
0xa7a9e8 GetSubMenu
0xa7a9ec GetKeyState
0xa7a9f0 GetWindow
0xa7a9f4 GetTopWindow
0xa7a9f8 GetCursor
0xa7a9fc CallNextHookEx
0xa7aa00 UnhookWindowsHookEx
0xa7aa04 SetWindowsHookExW
0xa7aa08 SendMessageTimeoutW
0xa7aa0c ClientToScreen
0xa7aa10 UnionRect
0xa7aa14 EnumWindows
0xa7aa18 GetClassNameW
0xa7aa1c SetRectEmpty
0xa7aa20 GetWindowPlacement
0xa7aa24 EndDialog
0xa7aa28 EndPaint
0xa7aa2c BeginPaint
0xa7aa30 MoveWindow
0xa7aa34 GetForegroundWindow
0xa7aa3c RemovePropW
0xa7aa40 SetPropW
0xa7aa44 GetSysColorBrush
0xa7aa4c CopyImage
0xa7aa54 GetSystemMenu
0xa7aa58 GetNextDlgGroupItem
0xa7aa5c GetMenuDefaultItem
0xa7aa60 GetIconInfo
0xa7aa64 EnableScrollBar
0xa7aa68 HideCaret
0xa7aa6c InvertRect
0xa7aa70 LockWindowUpdate
0xa7aa74 EnumDisplayMonitors
0xa7aa78 DrawStateW
0xa7aa7c IsMenu
0xa7aa80 GetComboBoxInfo
0xa7aa84 WaitMessage
0xa7aa88 GetKeyboardLayout
0xa7aa8c IsCharLowerW
0xa7aa90 MapVirtualKeyExW
0xa7aa94 GetPropW
0xa7aa98 SetDlgItemTextW
0xa7aa9c DispatchMessageW
0xa7aaa0 TranslateMessage
0xa7aaa4 PeekMessageW
0xa7aaa8 wvsprintfW
0xa7aaac ToUnicodeEx
0xa7aab0 GetKeyboardState
0xa7aab4 SetCursorPos
0xa7aab8 CopyIcon
0xa7aabc SetMenuDefaultItem
0xa7aac0 CharUpperBuffW
0xa7aac4 FrameRect
0xa7aac8 DrawMenuBar
0xa7aacc DefFrameProcW
0xa7aad0 DefMDIChildProcW
0xa7aad8 TrackMouseEvent
0xa7aadc BringWindowToTop
0xa7aae0 CallWindowProcW
0xa7aae4 SetFocus
0xa7aae8 LoadImageW
0xa7aaec CreateWindowExW
0xa7aaf0 DestroyWindow
0xa7aaf8 GetWindowTextW
0xa7aafc SetWindowPos
0xa7ab00 SetWindowTextW
0xa7ab04 ShowWindow
0xa7ab08 GetFocus
0xa7ab0c DrawIconEx
0xa7ab10 LoadBitmapW
0xa7ab14 LoadAcceleratorsW
0xa7ab18 IsIconic
0xa7ab1c DrawIcon
0xa7ab24 GetCursorInfo
0xa7ab2c EnableWindow
0xa7ab30 CopyRect
0xa7ab34 PostMessageW
0xa7ab38 DefWindowProcW
0xa7ab3c UnregisterClassW
0xa7ab40 GetClientRect
0xa7ab48 LoadCursorW
0xa7ab4c CreatePopupMenu
0xa7ab50 InsertMenuW
0xa7ab54 LoadIconW
0xa7ab58 RegisterClassW
0xa7ab5c GetWindowRect
0xa7ab60 GetWindowRgn
0xa7ab64 GetDlgItem
0xa7ab68 keybd_event
0xa7ab6c DrawTextW
0xa7ab70 SetWindowRgn
0xa7ab74 GetDC
0xa7ab78 GetMenuItemID
0xa7ab7c ReleaseDC
0xa7ab80 GetCursorPos
0xa7ab84 IsRectEmpty
0xa7ab88 PtInRect
0xa7ab8c OffsetRect
0xa7ab90 SetCursor
0xa7ab94 IsWindow
0xa7ab98 SetTimer
0xa7ab9c IsWindowVisible
0xa7aba0 FindWindowW
0xa7aba4 FindWindowA
0xa7aba8 SetCapture
0xa7abac ReleaseCapture
0xa7abb0 FindWindowExW
0xa7abb4 wsprintfW
0xa7abb8 KillTimer
0xa7abbc InvalidateRect
0xa7abc0 GetParent
0xa7abc4 GetSystemMetrics
0xa7abc8 FillRect
0xa7abcc GetSysColor
0xa7abd0 SendMessageW
0xa7abd4 CloseClipboard
0xa7abd8 SetClipboardData
0xa7abdc EmptyClipboard
0xa7abe0 OpenClipboard
0xa7abe8 ScreenToClient
0xa7abec IsChild
0xa7abf0 IntersectRect
Library GDI32.dll:
0xa7a0f0 SaveDC
0xa7a0f4 GetTextExtentPointW
0xa7a0f8 SetMapMode
0xa7a0fc CreateFontA
0xa7a104 TextOutA
0xa7a108 BeginPath
0xa7a10c CloseFigure
0xa7a110 EndPath
0xa7a114 GetPath
0xa7a118 AbortPath
0xa7a11c SelectPalette
0xa7a120 RealizePalette
0xa7a124 CopyMetaFileW
0xa7a128 CreateDCW
0xa7a12c CreateBitmap
0xa7a130 CreateHatchBrush
0xa7a134 ExcludeClipRect
0xa7a138 GetObjectType
0xa7a13c GetViewportExtEx
0xa7a140 GetWindowExtEx
0xa7a144 IntersectClipRect
0xa7a148 ExtSelectClipRgn
0xa7a14c SetLayout
0xa7a150 GetLayout
0xa7a154 SetPolyFillMode
0xa7a158 SetROP2
0xa7a15c SetTextAlign
0xa7a160 RestoreDC
0xa7a164 SetViewportExtEx
0xa7a168 SetViewportOrgEx
0xa7a16c SetWindowExtEx
0xa7a170 SetWindowOrgEx
0xa7a174 OffsetViewportOrgEx
0xa7a178 OffsetWindowOrgEx
0xa7a17c ScaleViewportExtEx
0xa7a180 ScaleWindowExtEx
0xa7a184 PatBlt
0xa7a188 GetMapMode
0xa7a18c SetRectRgn
0xa7a190 DPtoLP
0xa7a194 LPtoDP
0xa7a198 GetTextColor
0xa7a19c GetCharWidthW
0xa7a1a0 CreatePalette
0xa7a1ac EnumFontFamiliesW
0xa7a1b0 GetTextCharsetInfo
0xa7a1b4 Polyline
0xa7a1b8 SetPixelV
0xa7a1bc ExtFloodFill
0xa7a1c0 SetPaletteEntries
0xa7a1c4 GetBoundsRect
0xa7a1c8 GetWindowOrgEx
0xa7a1cc GetViewportOrgEx
0xa7a1d0 GetTextFaceW
0xa7a1d4 GetClipBox
0xa7a1d8 GetCurrentObject
0xa7a1dc PtInRegion
0xa7a1e0 FrameRgn
0xa7a1e4 CreatePolygonRgn
0xa7a1e8 GetBkColor
0xa7a1ec Ellipse
0xa7a1f0 FillRgn
0xa7a1f8 SetPixel
0xa7a1fc LineTo
0xa7a200 MoveToEx
0xa7a204 EnumFontFamiliesExW
0xa7a208 Escape
0xa7a20c TextOutW
0xa7a210 RectVisible
0xa7a214 PtVisible
0xa7a218 OffsetRgn
0xa7a21c CombineRgn
0xa7a220 Rectangle
0xa7a224 CreatePen
0xa7a228 StretchDIBits
0xa7a22c CreateFontIndirectW
0xa7a230 GetObjectA
0xa7a238 CreateRoundRectRgn
0xa7a23c CreateEllipticRgn
0xa7a240 CreatePatternBrush
0xa7a244 GetDIBits
0xa7a248 GetDIBColorTable
0xa7a24c SetDIBColorTable
0xa7a250 ExtTextOutW
0xa7a254 SelectClipRgn
0xa7a258 SetBkMode
0xa7a25c GetRgnBox
0xa7a264 StretchBlt
0xa7a268 DeleteDC
0xa7a26c GetPixel
0xa7a270 GetTextMetricsW
0xa7a274 SetBkColor
0xa7a278 SetTextColor
0xa7a27c SelectObject
0xa7a280 BitBlt
0xa7a288 CreateCompatibleDC
0xa7a28c CreateRectRgn
0xa7a290 GetDeviceCaps
0xa7a294 CreateDIBitmap
0xa7a298 GetStockObject
0xa7a29c GetPaletteEntries
0xa7a2a0 DeleteObject
0xa7a2a4 CreateDIBSection
0xa7a2a8 CreateSolidBrush
0xa7a2ac GetObjectW
0xa7a2b4 CreateFontW
0xa7a2b8 Polygon
0xa7a2bc RoundRect
Library MSIMG32.dll:
0xa7a6dc AlphaBlend
0xa7a6e0 GradientFill
0xa7a6e4 TransparentBlt
Library COMDLG32.dll:
0xa7a0d8 GetSaveFileNameW
0xa7a0dc GetOpenFileNameW
Library WINSPOOL.DRV:
0xa7acc0 ClosePrinter
0xa7acc4 DocumentPropertiesW
0xa7acc8 OpenPrinterW
Library ADVAPI32.dll:
0xa7a000 RegOpenKeyExA
0xa7a004 RegOpenKeyExW
0xa7a008 RegSetValueExW
0xa7a00c RegDeleteKeyW
0xa7a010 RegCreateKeyW
0xa7a014 RegQueryValueExW
0xa7a018 OpenThreadToken
0xa7a01c OpenProcessToken
0xa7a020 GetTokenInformation
0xa7a028 GetFileSecurityW
0xa7a030 SetFileSecurityA
0xa7a034 SetFileSecurityW
0xa7a03c CryptHashData
0xa7a040 CryptDestroyHash
0xa7a048 CryptCreateHash
0xa7a04c CryptReleaseContext
0xa7a050 RegEnumKeyW
0xa7a058 CryptGetHashParam
0xa7a05c RegSetValueExA
0xa7a060 RegSetValueW
0xa7a064 RegSetValueA
0xa7a068 RegQueryValueExA
0xa7a06c RegQueryValueA
0xa7a070 RegQueryInfoKeyA
0xa7a074 EqualSid
0xa7a078 RegOpenKeyA
0xa7a07c RegEnumValueA
0xa7a080 RegEnumKeyExA
0xa7a084 RegDeleteValueA
0xa7a088 RegDeleteKeyA
0xa7a08c RegCreateKeyExW
0xa7a090 RegCreateKeyExA
0xa7a094 RegCreateKeyA
0xa7a098 RegFlushKey
0xa7a09c RegQueryValueW
0xa7a0a0 RegOpenKeyW
0xa7a0a4 RegEnumValueW
0xa7a0a8 RegDeleteValueW
0xa7a0ac RegEnumKeyExW
0xa7a0b0 RegQueryInfoKeyW
0xa7a0b4 FreeSid
0xa7a0b8 RegCloseKey
Library SHELL32.dll:
0xa7a770 ShellExecuteW
0xa7a77c SHBrowseForFolderW
0xa7a784 Shell_NotifyIconW
0xa7a788 SHChangeNotify
0xa7a78c DragAcceptFiles
0xa7a790 DragQueryFileW
0xa7a794 DragFinish
0xa7a798 SHGetDesktopFolder
0xa7a7a0 SHGetFolderPathW
0xa7a7a4 ShellExecuteExW
0xa7a7a8 SHFileOperationW
0xa7a7ac SHGetFileInfoW
0xa7a7b0 SHAppBarMessage
0xa7a7b4 DragQueryPoint
Library COMCTL32.dll:
0xa7a0c0 _TrackMouseEvent
0xa7a0c4 ImageList_AddMasked
0xa7a0c8 ImageList_Draw
0xa7a0cc ImageList_Create
0xa7a0d0 ImageList_Add
Library SHLWAPI.dll:
0xa7a7bc PathFileExistsW
0xa7a7c0 PathFindFileNameW
0xa7a7c4 PathFindExtensionW
0xa7a7c8 StrCmpLogicalW
0xa7a7cc PathAddBackslashW
0xa7a7d0 PathRemoveFileSpecW
0xa7a7d4 PathIsUNCW
0xa7a7d8 PathStripToRootW
0xa7a7dc StrFormatKBSizeW
Library UxTheme.dll:
0xa7abf8 OpenThemeData
0xa7abfc CloseThemeData
0xa7ac00 DrawThemeBackground
0xa7ac04 GetThemePartSize
0xa7ac08 IsAppThemed
0xa7ac0c DrawThemeText
0xa7ac18 GetThemeColor
0xa7ac1c GetCurrentThemeName
0xa7ac20 GetThemeSysColor
0xa7ac24 GetWindowTheme
Library ole32.dll:
0xa7af6c DoDragDrop
0xa7af78 OleFlushClipboard
0xa7af88 CoDisconnectObject
0xa7af90 OleGetClipboard
0xa7af94 RevokeDragDrop
0xa7af98 RegisterDragDrop
0xa7afa0 CoInitializeEx
0xa7afb0 IsAccelerator
0xa7afb4 CoUninitialize
0xa7afbc CoTaskMemFree
0xa7afc0 CoTaskMemAlloc
0xa7afc4 StringFromGUID2
0xa7afc8 CoCreateInstance
0xa7afcc ReleaseStgMedium
0xa7afd0 OleDuplicateData
0xa7afd4 CoRevokeClassObject
0xa7afdc CoTaskMemRealloc
0xa7afe0 CoGetObject
0xa7afe4 CoInitialize
0xa7afe8 OleLoadFromStream
0xa7afec OleSaveToStream
0xa7aff0 StgCreateDocfile
0xa7aff4 StgOpenStorage
0xa7aff8 MkParseDisplayName
0xa7affc CreateBindCtx
0xa7b000 CoCreateGuid
0xa7b004 StringFromCLSID
0xa7b00c OleCreate
0xa7b010 CoFreeLibrary
0xa7b014 CoLoadLibrary
0xa7b018 OleInitialize
0xa7b01c CLSIDFromString
0xa7b020 CLSIDFromProgID
0xa7b024 CoGetClassObject
0xa7b028 OleLockRunning
0xa7b02c OleUninitialize
Library OLEAUT32.dll:
0xa7a6fc VariantClear
0xa7a700 VariantInit
0xa7a704 SafeArrayDestroy
0xa7a708 SafeArrayAccessData
0xa7a70c SafeArrayGetLBound
0xa7a710 SafeArrayGetUBound
0xa7a71c SysAllocStringLen
0xa7a724 SysStringByteLen
0xa7a728 SysStringLen
0xa7a730 LoadRegTypeLib
0xa7a734 LoadTypeLib
0xa7a738 VariantCopy
0xa7a73c VarUI4FromStr
0xa7a740 OleLoadPicturePath
0xa7a744 VariantChangeType
0xa7a750 VarBstrFromDate
0xa7a754 SysAllocString
0xa7a758 SysFreeString
Library oledlg.dll:
0xa7b034 OleUIBusyW
Library urlmon.dll:
Library gdiplus.dll:
0xa7ad44 GdiplusStartup
0xa7ad48 GdiplusShutdown
0xa7ad50 GdipCreateFromHDC
0xa7ad58 GdipDrawImageI
0xa7ad60 GdipDeleteFont
0xa7ad64 GdipMeasureString
0xa7ad6c GdipCreateFont
0xa7ad74 GdipCreateSolidFill
0xa7ad78 GdipDeleteBrush
0xa7ad7c GdipCloneBrush
0xa7ad80 GdipCreatePen1
0xa7ad84 GdipDeletePen
0xa7ad88 GdipFillRectangleI
0xa7ad8c GdipDrawRectangleI
0xa7ad90 GdipDrawString
0xa7ad94 GdipDrawImage
0xa7ad9c GdipGraphicsClear
0xa7adb4 GdipFillPolygonI
0xa7adc4 GdipDrawPath
0xa7adcc GdipClosePathFigure
0xa7add0 GdipAddPathLineI
0xa7add4 GdipGetPropertyItem
0xa7addc GdipDrawEllipseI
0xa7ade0 GdipCreatePen2
0xa7ade4 GdipAddPathArcI
0xa7adf4 GdipDeletePath
0xa7ae00 GdipBitmapGetPixel
0xa7ae0c GdipFillPath
0xa7ae10 GdipSaveImageToFile
0xa7ae14 GdipDrawLineI
0xa7ae18 GdipImageRotateFlip
0xa7ae20 GdipCreatePath
0xa7ae2c GdipFillEllipseI
0xa7ae4c GdipGetFontHeight
0xa7ae50 GdipFillRectangle
0xa7ae58 GdipDeleteRegion
0xa7ae5c GdipCreateRegion
0xa7ae60 GdipGetClip
0xa7ae64 GdipSetClipRegion
0xa7ae78 GdipDrawImageRectI
0xa7ae84 GdipGetLogFontW
0xa7ae88 GdipSetEmpty
0xa7ae90 GdipGetRegionHRgn
0xa7aea0 GdipCloneFontFamily
0xa7aeac GdipAddPathString
0xa7aeb0 GdipDrawImageRect
0xa7aeb8 GdipSetPenMode
0xa7aec4 GdipCreateMatrix
0xa7aec8 GdipDeleteMatrix
0xa7aed0 GdipRotateMatrix
0xa7aed8 GdipSetPenDashStyle
0xa7aedc GdipSetPathFillMode
0xa7aee4 GdipTransformRegion
0xa7aef4 GdipGetRegionBounds
0xa7aef8 GdipScaleMatrix
0xa7aefc GdipTransformPath
0xa7af00 GdipAddPathPath
0xa7af08 GdipSetPenLineJoin
0xa7af0c GdipWidenPath
0xa7af14 GdipWarpPath
0xa7af1c GdipGetImagePalette
0xa7af28 GdipDeleteGraphics
0xa7af3c GdipDisposeImage
0xa7af40 GdipCloneImage
0xa7af44 GdipAlloc
0xa7af48 GdipFree
0xa7af54 GdipBitmapLockBits
0xa7af58 GdipGetImageWidth
0xa7af5c GdipGetImageHeight
0xa7af64 GdipTranslateMatrix
Library CRYPT32.dll:
0xa7a0e4 CertGetNameStringW
0xa7a0e8 CryptUnprotectData
Library WININET.dll:
0xa7ac3c InternetCloseHandle
0xa7ac40 InternetSetCookieW
0xa7ac44 InternetCreateUrlW
0xa7ac48 InternetCrackUrlA
0xa7ac4c HttpEndRequestW
0xa7ac54 HttpOpenRequestW
0xa7ac58 HttpQueryInfoW
0xa7ac60 InternetGetCookieW
0xa7ac64 InternetOpenW
0xa7ac6c HttpSendRequestExW
0xa7ac70 InternetCrackUrlW
0xa7ac74 InternetReadFile
0xa7ac78 InternetConnectW
0xa7ac80 InternetSetOptionW
0xa7ac84 HttpSendRequestW
0xa7ac88 InternetWriteFile
Library WS2_32.dll:
0xa7ace4 gethostbyaddr
0xa7ace8 getservbyport
0xa7acec ntohs
0xa7acf0 recv
0xa7acf4 WSAAsyncSelect
0xa7acf8 getservbyname
0xa7acfc send
0xa7ad00 ntohl
0xa7ad04 inet_ntoa
0xa7ad08 closesocket
0xa7ad0c socket
0xa7ad10 htons
0xa7ad14 inet_addr
0xa7ad18 connect
0xa7ad1c gethostbyname
0xa7ad20 WSAStartup
0xa7ad24 gethostname
0xa7ad28 WSACleanup
0xa7ad2c WSASetLastError
0xa7ad30 WSAGetLastError
0xa7ad34 htonl

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49191 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49192 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49190 203.208.41.33 redirector.gvt1.com 80
192.168.56.101 49189 203.208.41.66 update.googleapis.com 443
192.168.56.101 49199 203.208.41.66 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 55169 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=231213-429083
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=186506-231212
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=429084-640325
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=0-7764
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=640326-979630
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=32348-43703
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=1295050-1310831
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f1811374cec6f1ed&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620772817&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=19113-32347
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.