11.0
0-day
58 个模型检测该样本为恶意!
重新分析
更多

4f4fa6f0f714f6b72c075147f4240c38f8dbe469153929b1f2721168971bbe58

69c1734fb1122e2dd882d7cd414999e7.exe

分析耗时

106s

最近分析

文件大小

156.0KB
静态报毒 动态报毒 AI SCORE=100 AIDETECTGBM BANKERX CLASSIC CONFIDENCE DOWNLOADER34 ELDORADO EMOTET GENCIRC GENERICKD GENETIC HFYG HGIASOOA HIGH CONFIDENCE HUBXZM JQX@ASKH1SMI JZHV JZHVGDN KDISM KRYPTIK LRCWX2OMSGI MALWARE@#DYVM2L9XXI2S S + TROJ SCORE STATIC AI SUSGEN SUSPICIOUS PE UNSAFE WOREFLINT ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRZ!69C1734FB112 20210219 6.0.6.653
Alibaba Trojan:Win32/Emotet.d45c3f4c 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20210219 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cdfdbc 20210219 1.0.0.1
CrowdStrike win/malicious_confidence_70% (W) 20210203 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619630663.903876
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619630648.965876
CryptGenKey
crypto_handle: 0x0028e4f8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x0028ed30
flags: 1
key: fúKúú5¡ƒXå¡=׊“
success 1 0
1619630664.215876
CryptExportKey
crypto_handle: 0x0028e4f8
crypto_export_handle: 0x0028e478
buffer: f¤§”£pç3ùjWÖêµ ‚‹¸HtzÊÀí€EÆ4g˜G±¨¨´mºlZ=šÿ=ý@RyÿE3‡žût£ª-¾z¬Çaßí~Š¥1zWƒŒ¶×GÎ|øJdŒŒ©Ív[bV²²
blob_type: 1
flags: 64
success 1 0
1619630690.778876
CryptExportKey
crypto_handle: 0x0028e4f8
crypto_export_handle: 0x0028e478
buffer: f¤Û?|Ç |ÃæÁ܎fááW Ñl±óg±óÑ+Ø5ÔMD¸h‹£ʒ/ã›xöÅÑȔ›Muctȝ›•¾=xòŸ¸Ã Lç)”6k+â;~#,˜f +“'~~^C£
blob_type: 1
flags: 64
success 1 0
1619630715.418876
CryptExportKey
crypto_handle: 0x0028e4f8
crypto_export_handle: 0x0028e478
buffer: f¤¾/?Õc»ÒŒšo½«–}Ï7ò<t{½†öFÀÙVnâ9ZºýAm³\ï €«pÆ1ž, %Râÿå[¨if‡x]iy³å=\yŠ[?!ƒÏ诤ï´Fûão¢lOڟ`
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:1947347964&cup2hreq=ed483abf1522a5eaa8210c6b4464d9af88ad20af23c82c88576074d9c88ba40c
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619601616&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=46f10c562ff05d0a&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619601616&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:1947347964&cup2hreq=ed483abf1522a5eaa8210c6b4464d9af88ad20af23c82c88576074d9c88ba40c
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1947347964&cup2hreq=ed483abf1522a5eaa8210c6b4464d9af88ad20af23c82c88576074d9c88ba40c
Allocates read-write-execute memory (usually to unpack itself) (5 个事件)
Time & API Arguments Status Return Repeated
1619630639.543626
NtAllocateVirtualMemory
process_identifier: 1476
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00320000
success 0 0
1619630639.559626
NtAllocateVirtualMemory
process_identifier: 1476
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
1619630698.621001
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004130000
success 0 0
1619630648.684876
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004d0000
success 0 0
1619630648.731876
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00500000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (3 个事件)
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619630639.559626
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 28672
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x003f1000
success 0 0
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619630640.731626
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\69c1734fb1122e2dd882d7cd414999e7.exe
newfilepath: C:\Windows\SysWOW64\NlsData0002\mtxex.exe
newfilepath_r: C:\Windows\SysWOW64\NlsData0002\mtxex.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\69c1734fb1122e2dd882d7cd414999e7.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619630664.903876
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process mtxex.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619630664.528876
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 118.2.218.1
host 5.9.227.244
host 51.254.140.91
Installs itself for autorun at Windows startup (1 个事件)
service_name mtxex service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\NlsData0002\mtxex.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619630646.575626
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x022d61e0
display_name: mtxex
error_control: 0
service_name: mtxex
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\NlsData0002\mtxex.exe"
filepath_r: "C:\Windows\SysWOW64\NlsData0002\mtxex.exe"
service_manager_handle: 0x022e5c00
desired_access: 2
service_type: 16
password:
success 36528608 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619630667.481876
RegSetValueExA
key_handle: 0x0000036c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619630667.481876
RegSetValueExA
key_handle: 0x0000036c
value: t†"V<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619630667.481876
RegSetValueExA
key_handle: 0x0000036c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619630667.481876
RegSetValueExW
key_handle: 0x0000036c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619630667.481876
RegSetValueExA
key_handle: 0x00000384
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619630667.481876
RegSetValueExA
key_handle: 0x00000384
value: t†"V<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619630667.481876
RegSetValueExA
key_handle: 0x00000384
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619630667.481876
RegSetValueExW
key_handle: 0x00000368
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\NlsData0002\mtxex.exe:Zone.Identifier
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectGBM.malware.02
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43777731
FireEye Generic.mg.69c1734fb1122e2d
McAfee Emotet-FRZ!69C1734FB112
Cylance Unsafe
Zillya Trojan.Emotet.Win32.28373
Sangfor Trojan.Win32.Emotet.ARK
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.d45c3f4c
K7GW Riskware ( 0040eff71 )
Cybereason malicious.fb1122
Arcabit Trojan.Generic.D29BFEC3
Cyren W32/Kryptik.BWH.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Malware.Emotet-9752361-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
BitDefender Trojan.GenericKD.43777731
NANO-Antivirus Trojan.Win32.Emotet.hubxzm
Paloalto generic.ml
Tencent Malware.Win32.Gencirc.10cdfdbc
Ad-Aware Trojan.GenericKD.43777731
Emsisoft Trojan.GenericKD.43777731 (B)
Comodo Malware@#dyvm2l9xxi2s
F-Secure Trojan.TR/AD.Emotet.kdism
DrWeb Trojan.DownLoader34.32049
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Emotet.cm
Sophos Mal/Generic-S + Troj/Emotet-CNC
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Banker.Emotet.ohp
Avira TR/AD.Emotet.kdism
Antiy-AVL Trojan[Banker]/Win32.Emotet
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.ARK!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.GenericKD.43777731
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4192122
BitDefenderTheta Gen:NN.ZexaF.34574.jqX@aSkh1Smi
ALYac Trojan.Agent.Emotet
MAX malware (ai score=100)
VBA32 Trojan.Woreflint
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 a variant of Win32/Kryptik.HFYG
Rising Trojan.Emotet!1.CBD1 (CLASSIC)
Yandex Trojan.Agent!lRCWX2OMSgI
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (6 个事件)
dead_host 172.217.160.110:443
dead_host 172.217.24.14:443
dead_host 51.254.140.91:7080
dead_host 5.9.227.244:8080
dead_host 192.168.56.101:49197
dead_host 118.2.218.1:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-04 03:41:24

Imports

Library KERNEL32.dll:
0x408058 GetModuleFileNameA
0x408060 VirtualFree
0x408064 HeapCreate
0x408068 HeapDestroy
0x40806c HeapSize
0x408070 GetCurrentProcess
0x408078 HeapReAlloc
0x40807c HeapFree
0x408080 ExitProcess
0x408084 GetVersion
0x408088 GetCommandLineA
0x40808c GetStartupInfoA
0x408090 GetModuleHandleA
0x408094 HeapAlloc
0x408098 WideCharToMultiByte
0x4080a4 SetHandleCount
0x4080a8 GetStdHandle
0x4080ac GetFileType
0x4080b0 RtlUnwind
0x4080b4 WriteFile
0x4080b8 MultiByteToWideChar
0x4080bc GetStringTypeA
0x4080c0 GetStringTypeW
0x4080c4 GetProcAddress
0x4080c8 GetCPInfo
0x4080cc GetACP
0x4080d0 GetOEMCP
0x4080d4 LoadLibraryA
0x4080d8 LCMapStringA
0x4080dc VirtualAlloc
0x4080e0 LoadLibraryW
0x4080e4 TerminateProcess
0x4080e8 LCMapStringW
Library USER32.dll:
0x4080f0 DefWindowProcA
0x4080f4 GetClientRect
0x4080f8 InvalidateRect
0x4080fc DestroyWindow
0x408100 BeginPaint
0x408104 DrawTextA
0x408108 EndPaint
0x40810c PostQuitMessage
0x408110 CreateWindowExA
0x408114 ShowWindow
0x408118 LoadIconA
0x40811c RegisterClassExA
0x408120 LoadStringA
0x408124 LoadAcceleratorsA
0x408128 GetMessageA
0x408130 TranslateMessage
0x408134 DispatchMessageA
0x408138 GetSysColorBrush
0x40813c GetSysColor
0x408140 FillRect
0x408144 ReleaseCapture
0x408148 PtInRect
0x40814c LoadCursorA
0x408150 SetCursor
0x408154 UpdateWindow
0x408158 SetCapture
0x40815c CheckRadioButton
0x408160 SetDlgItemInt
0x408164 GetSystemMenu
0x408168 AppendMenuA
0x40816c SetMenuDefaultItem
0x408170 GetDC
0x408174 DrawEdge
0x408178 IsDlgButtonChecked
0x40817c ReleaseDC
0x408180 EndDialog
0x408184 DialogBoxParamA
Library GDI32.dll:
0x408000 Rectangle
0x408004 BeginPath
0x408008 MoveToEx
0x40800c LineTo
0x408010 EndPath
0x408014 StrokeAndFillPath
0x408018 CreateBrushIndirect
0x40801c Ellipse
0x408020 CreatePen
0x408024 SetROP2
0x408028 CreateSolidBrush
0x40802c SelectObject
0x408030 SetBkColor
0x408034 DeleteObject
0x408038 LPtoDP
0x40803c GetPixel
0x408040 RealizePalette
0x408044 SelectPalette
0x40804c StretchDIBits

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49198 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49200 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49196 203.208.41.97 redirector.gvt1.com 80
192.168.56.101 49195 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55169 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 60911 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 54991 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=46f10c562ff05d0a&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619601616&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=46f10c562ff05d0a&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619601616&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619601616&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619601616&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.