8.4
高危
42 个模型检测该样本为恶意!
重新分析
更多

85585b61cd1ef1a1bc94d15399398def031823da0ab24711bc2a845f9d1007fb

6e4124009fe2f110853fccab12eaa55a.exe

分析耗时

109s

最近分析

文件大小

547.5KB
静态报毒 动态报毒 100% A@7Y5GWX AI SCORE=72 AUTOG BUNDLER CLASSIC CLICKMEIN CONFIDENCE COVUS DOWNLOADERGUIDE DOWNLOADGUIDE DOWNLOADSPONSOR ELDORADO FKFKJS FREEMIUM GRAYWARE HIGH CONFIDENCE MALICIOUS PE MAUVAISE R002C0PH919 R245289 SCORE UNSAFE UNWADERS 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee PUP-FXK 20190809 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Tencent 20190809 1.0.0.1
Kingsoft 20190809 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (D) 20190212 1.0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 个事件)
suspicious_features POST method with no referer header suspicious_request POST http://dlg-configs.buzzrin.de/config-from-production
suspicious_features POST method with no referer header suspicious_request POST http://dlg-messages.buzzrin.de/1/dg/3
Performs some HTTP requests (7 个事件)
request HEAD http://dlg-configs.buzzrin.de/
request POST http://dlg-configs.buzzrin.de/config-from-production
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/progress.zip
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/computerbild-flow-5-text-en-us.zip
request POST http://dlg-messages.buzzrin.de/1/dg/3
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/base.zip
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/last.zip
Sends data using the HTTP POST Method (2 个事件)
request POST http://dlg-configs.buzzrin.de/config-from-production
request POST http://dlg-messages.buzzrin.de/1/dg/3
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620946605.15485
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00380000
success 0 0
1620955808.811897
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00000000047e0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Creates executable files on the filesystem (4 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DLG\ui\common\last\js\jquery-1.10.2.min.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DLG\ui\common\progress\js\jquery-1.10.2.min.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DLG\ui\common\base\js\jquery-1.10.2.min.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DLG\ui\offers\1522ef138ba104249c3934a80811f825\js\jquery-1.10.2.min.js
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620946608.46785
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.29363915702178 section {'size_of_data': '0x00021c00', 'virtual_address': '0x0005a000', 'entropy': 7.29363915702178, 'name': '.rdata', 'virtual_size': '0x00021a50'} description A section with a high entropy has been found
entropy 0.2504638218923933 description Overall entropy of this PE file is high
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620946607.27985
InternetOpenA
proxy_bypass:
access_type: 0
proxy_name:
flags: 268435456
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1620946607.84285
RegSetValueExA
key_handle: 0x00000354
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620946611.06085
RegSetValueExA
key_handle: 0x00000418
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620946611.06085
RegSetValueExA
key_handle: 0x00000418
value: p ¨×&H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620946611.06085
RegSetValueExA
key_handle: 0x00000418
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620946611.06085
RegSetValueExW
key_handle: 0x00000418
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620946611.06085
RegSetValueExA
key_handle: 0x0000042c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620946611.06085
RegSetValueExA
key_handle: 0x0000042c
value: p ¨×&H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620946611.06085
RegSetValueExA
key_handle: 0x0000042c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620946611.12385
RegSetValueExW
key_handle: 0x00000414
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620946612.38985
RegSetValueExA
key_handle: 0x00000290
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620946612.40485
RegSetValueExA
key_handle: 0x00000290
value: €ÓrØ&H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620946612.40485
RegSetValueExA
key_handle: 0x00000290
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620946612.40485
RegSetValueExW
key_handle: 0x00000290
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620946612.40485
RegSetValueExA
key_handle: 0x00000298
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620946612.40485
RegSetValueExA
key_handle: 0x00000298
value: €ÓrØ&H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620946612.40485
RegSetValueExA
key_handle: 0x00000298
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 216.58.200.46:443
File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 个事件)
MicroWorld-eScan Gen:Variant.Application.Bundler.DownloadGuide.48
CAT-QuickHeal Trojan.Mauvaise.SL1
McAfee PUP-FXK
K7AntiVirus Adware ( 004b92681 )
K7GW Adware ( 004b92681 )
Cybereason malicious.09fe2f
Cyren W32/S-b3be4cd0!Eldorado
Symantec PUA.DownloadSponsor
APEX Malicious
ClamAV Win.Malware.Downloadguide-6803841-0
Kaspersky not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen
BitDefender Gen:Variant.Application.Bundler.DownloadGuide.48
NANO-Antivirus Riskware.Win32.Covus.fkfkjs
Ad-Aware Gen:Variant.Application.Bundler.DownloadGuide.48
Emsisoft Gen:Variant.Application.Bundler.DownloadGuide.48 (B)
Comodo Application.Win32.DownloadGuide.A@7y5gwx
DrWeb Adware.ClickMeIn.9588
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Downloader.hh
FireEye Generic.mg.6e4124009fe2f110
Sophos Troj/AutoG-AF
SentinelOne DFI - Malicious PE
F-Prot W32/S-b3be4cd0!Eldorado
Jiangmin Downloader.DownloaderGuide.aqk
Webroot Pua.Freemium
Antiy-AVL GrayWare[AdWare]/Win32.DownloadGuide.dd
Microsoft Program:Win32/Unwaders.A!ml
Endgame malicious (high confidence)
ZoneAlarm not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen
AhnLab-V3 PUP/Win32.DownloadGuide.R245289
VBA32 Downloader.DownloaderGuide
MAX malware (ai score=72)
ESET-NOD32 a variant of Win32/DownloadGuide.D potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R002C0PH919
Rising Adware.DownloadGuide!1.A1DB (CLASSIC)
Yandex PUA.Downloader!
Ikarus PUA.DownloadGuide
eGambit Unsafe.AI_Score_99%
GData Win32.Application.DownloadGuide.T
CrowdStrike win/malicious_confidence_100% (D)
Qihoo-360 Win32/Virus.Downloader.27f
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-11-16 13:03:04

Imports

Library KERNEL32.dll:
0x45a05c LocalAlloc
0x45a060 LoadLibraryA
0x45a064 CreateEventW
0x45a068 WaitForSingleObject
0x45a06c SetFilePointer
0x45a070 SetFilePointerEx
0x45a074 SetEndOfFile
0x45a078 GetFileSize
0x45a07c ReadFile
0x45a084 GetCurrentProcessId
0x45a088 GetTempFileNameW
0x45a08c GetTickCount
0x45a094 MapViewOfFile
0x45a098 HeapFree
0x45a09c FindClose
0x45a0a0 GetFullPathNameW
0x45a0a4 FindFirstFileW
0x45a0a8 FindNextFileW
0x45a0ac DebugBreak
0x45a0b0 OutputDebugStringW
0x45a0b4 lstrlenA
0x45a0b8 LoadLibraryW
0x45a0bc MulDiv
0x45a0c0 lstrcmpW
0x45a0c4 GlobalUnlock
0x45a0c8 GlobalLock
0x45a0cc GlobalAlloc
0x45a0d0 FlushFileBuffers
0x45a0d4 CloseHandle
0x45a0d8 CreateFileW
0x45a0dc WriteConsoleW
0x45a0e0 SetStdHandle
0x45a0e4 LCMapStringW
0x45a0e8 GetConsoleMode
0x45a0ec GetConsoleCP
0x45a0f4 RtlUnwind
0x45a0fc GetFileType
0x45a100 SetHandleCount
0x45a10c GetStringTypeW
0x45a110 IsValidCodePage
0x45a114 GetOEMCP
0x45a118 GetACP
0x45a11c GetCPInfo
0x45a120 TlsFree
0x45a124 TlsSetValue
0x45a128 TlsGetValue
0x45a12c TlsAlloc
0x45a130 GetStdHandle
0x45a134 WriteFile
0x45a138 HeapReAlloc
0x45a13c HeapCreate
0x45a140 ExitProcess
0x45a144 HeapSize
0x45a148 Sleep
0x45a14c IsDebuggerPresent
0x45a158 TerminateProcess
0x45a15c GetStartupInfoW
0x45a160 HeapSetInformation
0x45a164 GetCommandLineW
0x45a168 DecodePointer
0x45a16c EncodePointer
0x45a174 VirtualAlloc
0x45a178 VirtualFree
0x45a180 HeapAlloc
0x45a184 GetProcessHeap
0x45a190 lstrlenW
0x45a194 GetModuleFileNameW
0x45a198 LoadLibraryExW
0x45a19c FindResourceW
0x45a1a0 LoadResource
0x45a1a4 SizeofResource
0x45a1a8 MultiByteToWideChar
0x45a1ac lstrcmpiW
0x45a1b0 FreeLibrary
0x45a1b4 SetLastError
0x45a1b8 GetLastError
0x45a1bc RaiseException
0x45a1c0 GetCurrentThreadId
0x45a1c8 GetCurrentProcess
0x45a1cc GetModuleHandleW
0x45a1d0 GetProcAddress
0x45a1dc WideCharToMultiByte
Library USER32.dll:
0x45a244 DestroyWindow
0x45a248 LoadCursorW
0x45a24c CreateWindowExW
0x45a250 RegisterClassExW
0x45a254 SetTimer
0x45a258 KillTimer
0x45a25c DefWindowProcW
0x45a260 GetWindowLongW
0x45a264 GetClassInfoExW
0x45a268 SetWindowLongW
0x45a26c CallWindowProcW
0x45a274 BeginPaint
0x45a278 FillRect
0x45a27c EndPaint
0x45a280 IsChild
0x45a284 SetFocus
0x45a288 GetDlgItem
0x45a28c GetClassNameW
0x45a290 GetSysColor
0x45a294 RedrawWindow
0x45a29c InvalidateRect
0x45a2a0 GetDesktopWindow
0x45a2a4 GetFocus
0x45a2a8 UpdateWindow
0x45a2ac SetWindowTextW
0x45a2b0 GetWindowTextW
0x45a2b8 ClientToScreen
0x45a2bc ReleaseDC
0x45a2c0 GetDC
0x45a2c4 PostMessageW
0x45a2c8 ShowWindow
0x45a2cc IsWindowVisible
0x45a2d0 GetWindow
0x45a2d4 MonitorFromWindow
0x45a2d8 GetMonitorInfoW
0x45a2dc GetParent
0x45a2e0 GetClientRect
0x45a2e4 MapWindowPoints
0x45a2e8 SetWindowPos
0x45a2ec MoveWindow
0x45a2f0 GetWindowRect
0x45a2f4 IsWindow
0x45a2f8 SendMessageW
0x45a2fc LoadImageW
0x45a300 LoadIconW
0x45a304 PeekMessageW
0x45a308 GetMessageW
0x45a30c TranslateMessage
0x45a310 DispatchMessageW
0x45a314 CharNextW
0x45a318 UnregisterClassA
Library GDI32.dll:
0x45a034 CreateSolidBrush
0x45a038 GetStockObject
0x45a03c GetDeviceCaps
0x45a040 GetObjectW
0x45a044 SelectObject
0x45a048 DeleteDC
0x45a04c DeleteObject
0x45a050 CreateCompatibleDC
Library COMDLG32.dll:
0x45a028 GetSaveFileNameW
0x45a02c GetOpenFileNameW
Library ADVAPI32.dll:
0x45a000 RegQueryInfoKeyW
0x45a004 RegDeleteKeyW
0x45a008 RegDeleteValueW
0x45a00c RegEnumKeyExW
0x45a010 RegSetValueExW
0x45a014 RegQueryValueExW
0x45a018 RegCreateKeyExW
0x45a01c RegOpenKeyExW
0x45a020 RegCloseKey
Library SHELL32.dll:
0x45a22c Shell_NotifyIconW
0x45a230 CommandLineToArgvW
0x45a234 DoEnvironmentSubstW
Library ole32.dll:
0x45a320 OleInitialize
0x45a328 OleLockRunning
0x45a32c OleUninitialize
0x45a330 CoTaskMemAlloc
0x45a334 CoTaskMemRealloc
0x45a338 CoTaskMemFree
0x45a33c CoCreateInstance
Library OLEAUT32.dll:
0x45a1ec SysAllocString
0x45a1f0 VariantChangeType
0x45a1f4 VariantClear
0x45a1fc DispCallFunc
0x45a200 VarBstrCat
0x45a204 SysStringByteLen
0x45a20c LoadTypeLib
0x45a210 LoadRegTypeLib
0x45a214 VarUI4FromStr
0x45a218 SysStringLen
0x45a21c SysFreeString
0x45a220 VariantInit
0x45a224 VariantCopy
Library SHLWAPI.dll:
0x45a23c PathFileExistsW

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49175 104.41.149.192 dlg-configs.buzzrin.de 80
192.168.56.101 49176 104.41.149.192 dlg-configs.buzzrin.de 80
192.168.56.101 49177 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49178 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49180 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49181 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49179 23.102.27.88 dlg-messages.buzzrin.de 80
192.168.56.101 49188 23.102.27.88 dlg-messages.buzzrin.de 80
192.168.56.101 49189 23.102.27.88 dlg-messages.buzzrin.de 80
192.168.56.101 49191 23.102.27.88 dlg-messages.buzzrin.de 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://dlg-configs.buzzrin.de/config-from-production 
POST /config-from-production HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-configs.buzzrin.de
Content-Length: 219
Connection: Close

{"os":"WinNT","osver":"6.1.7601 (Service Pack 1) SP: 1.0","lang":"zh-CN","uid":"f86f21bc-e5d8-4e58-9fce-2ae2b7f127ee","prod":"computerbild/1.0/campaigns/product+website/","expiresOn":"2119-08-08T18:51:06.4818541+00:00"}
http://dlg-messages.buzzrin.de/1/dg/3 
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-messages.buzzrin.de
Content-Length: 371
Connection: Close

{"BuildId":"c0b5d71f-b25d-4033-abdc-fc1a4befe154","Client":"freemium","DlgVersion":"3.1.0.201","Culture":"zh-CN","LocalTime":"2021-05-13T18:36:33+08:00","SessionId":"b93024e0-47d5-4aa4-b3ce-d5991be5a8a6","MessageName":"ProductShown","Product":"computerbild","ProductVersion":"1.0","Region":"default","Campaign":"product+website","Offer":"","TrackBackUrl":"","SubId":null}
http://dlg-messages.buzzrin.de/1/dg/3 
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-messages.buzzrin.de
Content-Length: 388
Connection: Close

{"BuildId":"c0b5d71f-b25d-4033-abdc-fc1a4befe154","Client":"freemium","DlgVersion":"3.1.0.201","Culture":"zh-CN","LocalTime":"2021-05-13T18:36:28+08:00","SessionId":"b93024e0-47d5-4aa4-b3ce-d5991be5a8a6","MessageName":"LoadingPrerequisitesCompleted","Product":"computerbild","ProductVersion":"1.0","Region":"default","Campaign":"product+website","Offer":"","TrackBackUrl":"","SubId":null}
http://az687722.vo.msecnd.net/public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/base.zip 
GET /public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/base.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close
http://az687722.vo.msecnd.net/public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/progress.zip 
GET /public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/progress.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close
http://az687722.vo.msecnd.net/public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/last.zip 
GET /public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/last.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close
http://dlg-messages.buzzrin.de/1/dg/3 
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-messages.buzzrin.de
Content-Length: 377
Connection: Close

{"BuildId":"c0b5d71f-b25d-4033-abdc-fc1a4befe154","Client":"freemium","DlgVersion":"3.1.0.201","Culture":"zh-CN","LocalTime":"2021-05-13T18:36:28+08:00","SessionId":"b93024e0-47d5-4aa4-b3ce-d5991be5a8a6","MessageName":"ApplicationVisible","Product":"computerbild","ProductVersion":"1.0","Region":"default","Campaign":"product+website","Offer":"","TrackBackUrl":"","SubId":null}
http://dlg-configs.buzzrin.de/ 
HEAD / HTTP/1.1
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-configs.buzzrin.de
Content-Length: 0
Cache-Control: no-cache
http://az687722.vo.msecnd.net/public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/computerbild-flow-5-text-en-us.zip 
GET /public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/computerbild-flow-5-text-en-us.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close
http://dlg-messages.buzzrin.de/1/dg/3 
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-messages.buzzrin.de
Content-Length: 377
Connection: Close

{"BuildId":"c0b5d71f-b25d-4033-abdc-fc1a4befe154","Client":"freemium","DlgVersion":"3.1.0.201","Culture":"zh-CN","LocalTime":"2021-05-13T18:36:13+08:00","SessionId":"b93024e0-47d5-4aa4-b3ce-d5991be5a8a6","MessageName":"ApplicationStarted","Product":"computerbild","ProductVersion":"1.0","Region":"default","Campaign":"product+website","Offer":"","TrackBackUrl":"","SubId":null}

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.