| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | Artemis!752F40989DBE | 20200920 | 6.0.6.653 |
| Alibaba | 20190527 | 0.3.0.5 | |
| Baidu | 20190318 | 1.0.0.2 | |
| Avast | Win32:Adware-gen [Adw] | 20200920 | 18.4.3895.0 |
| Tencent | 20200920 | 1.0.0.1 | |
| Kingsoft | 20200920 | 2013.8.14.323 | |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1620780034.199249 IsDebuggerPresent |
failed | 0 | 0 | |
|
1620780034.246249 IsDebuggerPresent |
failed | 0 | 0 |
| section | .vmp0 |
| packer | Armadillo v1.71 |
| resource name | EXTERNAL |
| resource name | None |
| suspicious_features | POST method with no referer header | suspicious_request | POST https://update.googleapis.com/service/update2?cup2key=10:2373200852&cup2hreq=d008bbf973d2c3f7242a743426c6bafccd830648b955479ba6e359bfdb1950d9 | ||||||
| request | GET http://ad.vrbrothers.com/qmacro/v9/ad-mymacro.xml |
| request | GET http://hi.vrbrothers.com/xjl/mmcount.aspx?mm=000026A461DB0941E18975812691ED421FE3AF588380BE09B1012CB6775955C31999E50C696E2EF04F7F6738&randcode=000069F9A267380A9AF85809AAAB7A7201183AA6D2F4C00CDBF3ED51CB1347FB316A60A38596BBEF5D7A4196E972F6F21E813BF3D4CA16C88024569B91A9AAA2D58C76AD7AD840561D4E6FD3A41F63FC4F336738 |
| request | GET http://down.vrbrothers.com/qmacro/up_mymacro/liveupdate8.dat |
| request | HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe |
| request | HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620750979&mv=m&mvi=1&pl=23&shardbypass=yes |
| request | HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=11d34bd67f3d2857&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620750979&mv=m&mvi=3 |
| request | POST https://update.googleapis.com/service/update2?cup2key=10:2373200852&cup2hreq=d008bbf973d2c3f7242a743426c6bafccd830648b955479ba6e359bfdb1950d9 |
| request | POST https://update.googleapis.com/service/update2?cup2key=10:2373200852&cup2hreq=d008bbf973d2c3f7242a743426c6bafccd830648b955479ba6e359bfdb1950d9 |
| name | EXTERNAL | language | LANG_CHINESE | offset | 0x002d2c84 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000007d0 | ||||||||||||||||||
| name | RT_CURSOR | language | LANG_CHINESE | offset | 0x002d3454 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000134 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x003bf56c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000182e2 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x003bf56c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000182e2 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x003bf56c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000182e2 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x003bf56c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000182e2 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x003bf56c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000182e2 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x003bf56c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000182e2 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x003bf56c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000182e2 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x003bf56c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000182e2 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x003bf56c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000182e2 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00432650 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00432650 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00432650 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00432650 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00432650 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00432650 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00432650 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00432650 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00432650 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_MENU | language | LANG_CHINESE | offset | 0x00432ab8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000010e | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x00434300 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000110 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x00435ab8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000017e | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x00435ab8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000017e | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x00435ab8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000017e | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x00435ab8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000017e | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x00435ab8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000017e | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x00435ab8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000017e | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x00435ab8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000017e | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x00435ab8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000017e | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x00435ab8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000017e | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x00435ab8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000017e | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x00435ab8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000017e | ||||||||||||||||||
| name | RT_GROUP_CURSOR | language | LANG_CHINESE | offset | 0x00435c38 | filetype | Lotus unknown worksheet or configuration, revision 0x1 | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000014 | ||||||||||||||||||
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\FILE.DLL |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\REMOTEANSWER.DLL |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cfgdll.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\REGDLL.DLL |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\WINDOW.DLL |
| file | C:\Users\Administrator.Oskar-PC\AppData\Roaming\mymacro\qdisp.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\SYS.DLL |
| cmdline | "C:\Windows\System32\cmd.exe" /c attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\*.ini /s /d |
| cmdline | "C:\Windows\System32\cmd.exe" /c attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\*.dll /s /d |
| cmdline | "C:\Windows\System32\cmd.exe" /c attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin /s /d |
| cmdline | "C:\Windows\System32\cmd.exe" /c attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\*.* /s /d |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\REGDLL.DLL |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\SYS.DLL |
| file | C:\Users\Administrator.Oskar-PC\AppData\Roaming\mymacro\qdisp.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\FILE.DLL |
| file | C:\Users\Administrator.Oskar-PC\AppData\Roaming\qmacro\shield\SD001.dat |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\WINDOW.DLL |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cfgdll.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\REMOTEANSWER.DLL |
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1620780033.949249 GetAdaptersAddresses |
flags:
0
family: 0 |
failed | 111 | 0 |
| entropy | 7.998473493703505 | section | {'size_of_data': '0x00165000', 'virtual_address': '0x0016d000', 'entropy': 7.998473493703505, 'name': '.vmp0', 'virtual_size': '0x00164748'} | description | A section with a high entropy has been found | |||||||||
| entropy | 0.35311572700296734 | description | Overall entropy of this PE file is high | |||||||||||
| cmdline | attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\*.dll /s /d |
| cmdline | "C:\Windows\System32\cmd.exe" /c attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\*.ini /s /d |
| cmdline | "C:\Windows\System32\cmd.exe" /c attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\*.dll /s /d |
| cmdline | cmd /c attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\*.* /s /d |
| cmdline | attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\*.* /s /d |
| cmdline | "C:\Windows\System32\cmd.exe" /c attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin /s /d |
| cmdline | cmd /c attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin /s /d |
| cmdline | attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\*.ini /s /d |
| cmdline | cmd /c attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\*.ini /s /d |
| cmdline | cmd /c attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\*.dll /s /d |
| cmdline | "C:\Windows\System32\cmd.exe" /c attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin\*.* /s /d |
| cmdline | attrib +s +a +h C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\plugin /s /d |
| section | .vmp0 | description | Section name indicates VMProtect | ||||||
| host | 172.217.24.14 | |||
| Bkav | W32.AIDetectVM.malware1 |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Adware.GenericKD.3616647 |
| FireEye | Generic.mg.752f40989dbe9165 |
| CAT-QuickHeal | Trojan.MauvaiseRI.S5253574 |
| McAfee | Artemis!752F40989DBE |
| Cylance | Unsafe |
| VIPRE | Trojan.Win32.Generic!BT |
| Sangfor | Malware |
| K7AntiVirus | Adware ( 004dc2771 ) |
| K7GW | Riskware ( 0040eff71 ) |
| Cybereason | malicious.89dbe9 |
| Arcabit | Adware.Generic.D372F87 |
| Symantec | Trojan.Gen.MBT |
| APEX | Malicious |
| Avast | Win32:Adware-gen [Adw] |
| Kaspersky | not-a-virus:HEUR:AdWare.Win32.Generic |
| BitDefender | Adware.GenericKD.3616647 |
| NANO-Antivirus | Trojan.Win32.KeyLogger.cujkij |
| Paloalto | generic.ml |
| Ad-Aware | Adware.GenericKD.3616647 |
| Comodo | TrojWare.Win32.Sufbotool.MJ@51y6at |
| DrWeb | Trojan.KeyLogger.39547 |
| Zillya | Trojan.Sufbotool.Win32.2 |
| Invincea | VR Brothers (PUA) |
| Sophos | VR Brothers (PUA) |
| SentinelOne | DFI - Malicious PE |
| Jiangmin | Trojan/Sufbotool.a |
| Webroot | W32.Backdoor.Gen |
| Microsoft | Trojan:Win32/Wacatac.C!ml |
| ZoneAlarm | not-a-virus:HEUR:AdWare.Win32.Generic |
| GData | Win32.Adware.VrBrothers.C |
| Acronis | suspicious |
| ALYac | Adware.GenericKD.3616647 |
| MAX | malware (ai score=100) |
| VBA32 | BScope.Trojan.Keyloggerger |
| Malwarebytes | Adware.VRBrothers |
| ESET-NOD32 | a variant of Win32/Adware.VrBrothers.AE potentially unwanted |
| Rising | Trojan.Generic@ML.88 (RDML:VYaW2Kt3xxEMTtyWeH/fvg) |
| Yandex | PUA.VrBrothers! |
| Ikarus | Trojan.Win32.Sufbotool |
| eGambit | Generic.Adware |
| Fortinet | Adware/Generic |
| MaxSecure | Adware.not.a.virus.WIN32.AdWare.DealPly.gen_186280 |
| AVG | Win32:Adware-gen [Adw] |
| Panda | Trj/CI.A |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Qihoo-360 | Win32/Virus.Adware.b51 |
| dead_host | 216.58.200.46:443 |
| dead_host | 172.217.24.14:443 |
| dead_host | 172.217.160.78:443 |
| Ordinal | Address | Name |
|---|---|---|
| 1 | 0x4b4e30 | ?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B |
No hosts contacted.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49216 | 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com | 80 |
| 192.168.56.101 | 49217 | 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com | 80 |
| 192.168.56.101 | 49195 | 117.27.139.134 ad.vrbrothers.com | 80 |
| 192.168.56.101 | 49196 | 117.27.139.134 ad.vrbrothers.com | 80 |
| 192.168.56.101 | 49197 | 117.27.139.134 ad.vrbrothers.com | 80 |
| 192.168.56.101 | 49214 | 203.208.40.98 update.googleapis.com | 443 |
| 192.168.56.101 | 49215 | 203.208.41.33 redirector.gvt1.com | 80 |
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49235 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51963 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53657 | 114.114.114.114 | 53 |
| 192.168.56.101 | 54178 | 114.114.114.114 | 53 |
| 192.168.56.101 | 54260 | 114.114.114.114 | 53 |
| 192.168.56.101 | 55169 | 114.114.114.114 | 53 |
| 192.168.56.101 | 55368 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56743 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57236 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 60215 | 114.114.114.114 | 53 |
| 192.168.56.101 | 60221 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61522 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62912 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 50002 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 50534 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51808 | 224.0.0.252 | 5355 |
| URI | Data |
|---|---|
| http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=11d34bd67f3d2857&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620750979&mv=m&mvi=3 | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=11d34bd67f3d2857&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620750979&mv=m&mvi=3 HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com |
| http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com |
| http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620750979&mv=m&mvi=1&pl=23&shardbypass=yes | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620750979&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r1---sn-j5o7dn7e.gvt1.com |
| http://hi.vrbrothers.com/xjl/mmcount.aspx?mm=000026A461DB0941E18975812691ED421FE3AF588380BE09B1012CB6775955C31999E50C696E2EF04F7F6738&randcode=000069F9A267380A9AF85809AAAB7A7201183AA6D2F4C00CDBF3ED51CB1347FB316A60A38596BBEF5D7A4196E972F6F21E813BF3D4CA16C88024569B91A9AAA2D58C76AD7AD840561D4E6FD3A41F63FC4F336738 | GET /xjl/mmcount.aspx?mm=000026A461DB0941E18975812691ED421FE3AF588380BE09B1012CB6775955C31999E50C696E2EF04F7F6738&randcode=000069F9A267380A9AF85809AAAB7A7201183AA6D2F4C00CDBF3ED51CB1347FB316A60A38596BBEF5D7A4196E972F6F21E813BF3D4CA16C88024569B91A9AAA2D58C76AD7AD840561D4E6FD3A41F63FC4F336738 HTTP/1.1 User-Agent: 752f40989dbe9165b539a76e264ccf39 Host: hi.vrbrothers.com |
| http://ad.vrbrothers.com/qmacro/v9/ad-mymacro.xml | GET /qmacro/v9/ad-mymacro.xml HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ad.vrbrothers.com Connection: Keep-Alive |
| http://down.vrbrothers.com/qmacro/up_mymacro/liveupdate8.dat | GET /qmacro/up_mymacro/liveupdate8.dat HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: down.vrbrothers.com Connection: Keep-Alive |
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts