4.8
中危
61 个模型检测该样本为恶意!
重新分析
更多

a4c3cdf018c6171d6e553f875c4d4ed15d9149a04c5be3ebc1003874b7b70c2c

9d5e610d5be7a899d4216b99a9659fb5.exe

分析耗时

252s

最近分析

文件大小

692.0KB
静态报毒 动态报毒 100% AI SCORE=83 AIDETECTVM ANDROM AXJW BSCOPE BUNIH3 CLASSIC CONFIDENCE DELF DELPHI DELPHILESS ENDZ ENEZ FAREIT GENETIC HIGH CONFIDENCE HTTHIR IGENT INJECT3 KRYPTIK LOKI LOKIBOT MALWARE2 MALWARE@#1JFEHW5NGTUK2 QVM05 RGW@AS1CH@LI SCORE SHQTH SUSGEN SUSPICIOUS PE UNSAFE X2094 YZDY ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Injector.193 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201027 18.4.3895.0
Kingsoft 20201027 2013.8.14.323
McAfee Fareit-FYT!9D5E610D5BE7 20201027 6.0.6.653
行为判定
动态指标
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m
request GET http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619788997.443
NtAllocateVirtualMemory
process_identifier: 2972
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005a0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.435682555416108 section {'size_of_data': '0x00023400', 'virtual_address': '0x0008f000', 'entropy': 7.435682555416108, 'name': '.rsrc', 'virtual_size': '0x000232ac'} description A section with a high entropy has been found
entropy 0.2040520984081042 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Delf.FareIt.Gen.13
FireEye Generic.mg.9d5e610d5be7a899
CAT-QuickHeal Backdoor.Androm
ALYac Trojan.Delf.FareIt.Gen.13
Cylance Unsafe
Zillya Trojan.Injector.Win32.767863
SUPERAntiSpyware Trojan.Agent/Gen-Loki
Sangfor Malware
K7AntiVirus Trojan ( 0056d8fd1 )
Alibaba Trojan:Win32/Injector.193
K7GW Trojan ( 0056d8fd1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Delf.FareIt.Gen.13
Cyren W32/Injector.YZDY-6062
Symantec Infostealer.Lokibot!43
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Trojan.Delf.FareIt.Gen.13
NANO-Antivirus Trojan.Win32.Androm.htthir
Paloalto generic.ml
AegisLab Trojan.Win32.Androm.m!c
Ad-Aware Trojan.Delf.FareIt.Gen.13
Emsisoft Trojan.Delf.FareIt.Gen.13 (B)
Comodo Malware@#1jfehw5ngtuk2
F-Secure Dropper.DR/Delphi.shqth
DrWeb Trojan.Inject3.54069
VIPRE Trojan.Win32.Generic!BT
Invincea Mal/Generic-S
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc
MaxSecure Trojan.Malware.300983.susgen
Sophos Mal/Generic-S
Ikarus Trojan.Inject
Jiangmin Backdoor.Androm.axjw
Webroot W32.Trojan.Gen
Avira DR/Delphi.shqth
Antiy-AVL Trojan[Backdoor]/Win32.Androm
Microsoft Trojan:Win32/Lokibot.AM!MTB
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
GData Trojan.Delf.FareIt.Gen.13
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
McAfee Fareit-FYT!9D5E610D5BE7
MAX malware (ai score=83)
VBA32 BScope.Trojan.Kryptik
Malwarebytes Trojan.MalPack
Zoner Trojan.Win32.93101
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.27.142:443
dead_host 172.217.24.14:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x482164 VirtualFree
0x482168 VirtualAlloc
0x48216c LocalFree
0x482170 LocalAlloc
0x482174 GetVersion
0x482178 GetCurrentThreadId
0x482184 VirtualQuery
0x482188 WideCharToMultiByte
0x482190 MultiByteToWideChar
0x482194 lstrlenA
0x482198 lstrcpynA
0x48219c LoadLibraryExA
0x4821a0 GetThreadLocale
0x4821a4 GetStartupInfoA
0x4821a8 GetProcAddress
0x4821ac GetModuleHandleA
0x4821b0 GetModuleFileNameA
0x4821b4 GetLocaleInfoA
0x4821b8 GetLastError
0x4821c0 GetCommandLineA
0x4821c4 FreeLibrary
0x4821c8 FindFirstFileA
0x4821cc FindClose
0x4821d0 ExitProcess
0x4821d4 WriteFile
0x4821dc RtlUnwind
0x4821e0 RaiseException
0x4821e4 GetStdHandle
Library user32.dll:
0x4821ec GetKeyboardType
0x4821f0 LoadStringA
0x4821f4 MessageBoxA
0x4821f8 CharNextA
Library advapi32.dll:
0x482200 RegQueryValueExA
0x482204 RegOpenKeyExA
0x482208 RegCloseKey
Library oleaut32.dll:
0x482210 SysFreeString
0x482214 SysReAllocStringLen
0x482218 SysAllocStringLen
Library kernel32.dll:
0x482220 TlsSetValue
0x482224 TlsGetValue
0x482228 LocalAlloc
0x48222c GetModuleHandleA
Library advapi32.dll:
0x482234 RegQueryValueExA
0x482238 RegOpenKeyExA
0x48223c RegCloseKey
Library kernel32.dll:
0x482244 lstrcpyA
0x482248 WriteFile
0x48224c WaitForSingleObject
0x482250 VirtualQuery
0x482254 VirtualProtect
0x482258 VirtualAlloc
0x48225c Sleep
0x482260 SizeofResource
0x482264 SetThreadLocale
0x482268 SetFilePointer
0x48226c SetEvent
0x482270 SetErrorMode
0x482274 SetEndOfFile
0x482278 ResetEvent
0x48227c ReadFile
0x482280 MulDiv
0x482284 LockResource
0x482288 LoadResource
0x48228c LoadLibraryA
0x482298 GlobalUnlock
0x48229c GlobalReAlloc
0x4822a0 GlobalHandle
0x4822a4 GlobalLock
0x4822a8 GlobalFree
0x4822ac GlobalFindAtomA
0x4822b0 GlobalDeleteAtom
0x4822b4 GlobalAlloc
0x4822b8 GlobalAddAtomA
0x4822c0 GetVersionExA
0x4822c4 GetVersion
0x4822c8 GetTickCount
0x4822cc GetThreadLocale
0x4822d0 GetSystemInfo
0x4822d4 GetStringTypeExA
0x4822d8 GetStdHandle
0x4822dc GetProcAddress
0x4822e0 GetModuleHandleA
0x4822e4 GetModuleFileNameA
0x4822e8 GetLogicalDrives
0x4822ec GetLocaleInfoA
0x4822f0 GetLocalTime
0x4822f4 GetLastError
0x4822f8 GetFullPathNameA
0x4822fc GetFileAttributesA
0x482300 GetDriveTypeA
0x482304 GetDiskFreeSpaceA
0x482308 GetDateFormatA
0x48230c GetCurrentThreadId
0x482310 GetCurrentProcessId
0x482314 GetCPInfo
0x482318 GetACP
0x48231c FreeResource
0x482320 InterlockedExchange
0x482324 FreeLibrary
0x482328 FormatMessageA
0x48232c FindResourceA
0x482330 FindNextFileA
0x482334 FindFirstFileA
0x482338 FindClose
0x482344 EnumCalendarInfoA
0x482350 CreateThread
0x482354 CreateFileA
0x482358 CreateEventA
0x48235c CompareStringA
0x482360 CloseHandle
Library mpr.dll:
0x482368 WNetGetConnectionA
Library version.dll:
0x482370 VerQueryValueA
0x482378 GetFileVersionInfoA
Library gdi32.dll:
0x482380 UnrealizeObject
0x482384 StretchBlt
0x482388 SetWindowOrgEx
0x48238c SetWinMetaFileBits
0x482390 SetViewportOrgEx
0x482394 SetTextColor
0x482398 SetStretchBltMode
0x48239c SetROP2
0x4823a0 SetPixel
0x4823a4 SetEnhMetaFileBits
0x4823a8 SetDIBColorTable
0x4823ac SetBrushOrgEx
0x4823b0 SetBkMode
0x4823b4 SetBkColor
0x4823b8 SelectPalette
0x4823bc SelectObject
0x4823c0 SelectClipRgn
0x4823c4 SaveDC
0x4823c8 RestoreDC
0x4823cc Rectangle
0x4823d0 RectVisible
0x4823d4 RealizePalette
0x4823d8 Polyline
0x4823dc PlayEnhMetaFile
0x4823e0 PatBlt
0x4823e4 MoveToEx
0x4823e8 MaskBlt
0x4823ec LineTo
0x4823f0 IntersectClipRect
0x4823f4 GetWindowOrgEx
0x4823f8 GetWinMetaFileBits
0x4823fc GetTextMetricsA
0x482408 GetStockObject
0x48240c GetPixel
0x482410 GetPaletteEntries
0x482414 GetObjectA
0x482420 GetEnhMetaFileBits
0x482424 GetDeviceCaps
0x482428 GetDIBits
0x48242c GetDIBColorTable
0x482430 GetDCOrgEx
0x482438 GetClipBox
0x48243c GetBrushOrgEx
0x482440 GetBitmapBits
0x482444 ExtTextOutA
0x482448 ExcludeClipRect
0x48244c DeleteObject
0x482450 DeleteEnhMetaFile
0x482454 DeleteDC
0x482458 CreateSolidBrush
0x48245c CreatePenIndirect
0x482460 CreatePalette
0x482468 CreateFontIndirectA
0x48246c CreateDIBitmap
0x482470 CreateDIBSection
0x482474 CreateCompatibleDC
0x48247c CreateBrushIndirect
0x482480 CreateBitmap
0x482484 CopyEnhMetaFileA
0x482488 BitBlt
Library user32.dll:
0x482490 CreateWindowExA
0x482494 WindowFromPoint
0x482498 WinHelpA
0x48249c WaitMessage
0x4824a0 UpdateWindow
0x4824a4 UnregisterClassA
0x4824a8 UnhookWindowsHookEx
0x4824ac TranslateMessage
0x4824b4 TrackPopupMenu
0x4824bc ShowWindow
0x4824c0 ShowScrollBar
0x4824c4 ShowOwnedPopups
0x4824c8 ShowCursor
0x4824cc SetWindowsHookExA
0x4824d0 SetWindowTextA
0x4824d4 SetWindowPos
0x4824d8 SetWindowPlacement
0x4824dc SetWindowLongA
0x4824e0 SetTimer
0x4824e4 SetScrollRange
0x4824e8 SetScrollPos
0x4824ec SetScrollInfo
0x4824f0 SetRect
0x4824f4 SetPropA
0x4824f8 SetParent
0x4824fc SetMenuItemInfoA
0x482500 SetMenu
0x482504 SetForegroundWindow
0x482508 SetFocus
0x48250c SetCursor
0x482510 SetClassLongA
0x482514 SetCapture
0x482518 SetActiveWindow
0x48251c SendMessageA
0x482520 ScrollWindow
0x482524 ScreenToClient
0x482528 RemovePropA
0x48252c RemoveMenu
0x482530 ReleaseDC
0x482534 ReleaseCapture
0x482540 RegisterClassA
0x482544 RedrawWindow
0x482548 PtInRect
0x48254c PostQuitMessage
0x482550 PostMessageA
0x482554 PeekMessageA
0x482558 OffsetRect
0x48255c OemToCharA
0x482560 MessageBoxA
0x482564 MapWindowPoints
0x482568 MapVirtualKeyA
0x48256c LoadStringA
0x482570 LoadKeyboardLayoutA
0x482574 LoadIconA
0x482578 LoadCursorA
0x48257c LoadBitmapA
0x482580 KillTimer
0x482584 IsZoomed
0x482588 IsWindowVisible
0x48258c IsWindowEnabled
0x482590 IsWindow
0x482594 IsRectEmpty
0x482598 IsIconic
0x48259c IsDialogMessageA
0x4825a0 IsChild
0x4825a4 InvalidateRect
0x4825a8 IntersectRect
0x4825ac InsertMenuItemA
0x4825b0 InsertMenuA
0x4825b4 InflateRect
0x4825bc GetWindowTextA
0x4825c0 GetWindowRect
0x4825c4 GetWindowPlacement
0x4825c8 GetWindowLongA
0x4825cc GetWindowDC
0x4825d0 GetTopWindow
0x4825d4 GetSystemMetrics
0x4825d8 GetSystemMenu
0x4825dc GetSysColorBrush
0x4825e0 GetSysColor
0x4825e4 GetSubMenu
0x4825e8 GetScrollRange
0x4825ec GetScrollPos
0x4825f0 GetScrollInfo
0x4825f4 GetPropA
0x4825f8 GetParent
0x4825fc GetWindow
0x482600 GetMenuStringA
0x482604 GetMenuState
0x482608 GetMenuItemInfoA
0x48260c GetMenuItemID
0x482610 GetMenuItemCount
0x482614 GetMenu
0x482618 GetLastActivePopup
0x48261c GetKeyboardState
0x482624 GetKeyboardLayout
0x482628 GetKeyState
0x48262c GetKeyNameTextA
0x482630 GetIconInfo
0x482634 GetForegroundWindow
0x482638 GetFocus
0x48263c GetDlgItem
0x482640 GetDesktopWindow
0x482644 GetDCEx
0x482648 GetDC
0x48264c GetCursorPos
0x482650 GetCursor
0x482654 GetClipboardData
0x482658 GetClientRect
0x48265c GetClassNameA
0x482660 GetClassLongA
0x482664 GetClassInfoA
0x482668 GetCapture
0x48266c GetActiveWindow
0x482670 FrameRect
0x482674 FindWindowA
0x482678 FillRect
0x48267c EqualRect
0x482680 EnumWindows
0x482684 EnumThreadWindows
0x482688 EndPaint
0x48268c EndDeferWindowPos
0x482690 EnableWindow
0x482694 EnableScrollBar
0x482698 EnableMenuItem
0x48269c DrawTextA
0x4826a0 DrawMenuBar
0x4826a4 DrawIconEx
0x4826a8 DrawIcon
0x4826ac DrawFrameControl
0x4826b0 DrawFocusRect
0x4826b4 DrawEdge
0x4826b8 DispatchMessageA
0x4826bc DestroyWindow
0x4826c0 DestroyMenu
0x4826c4 DestroyIcon
0x4826c8 DestroyCursor
0x4826cc DeleteMenu
0x4826d0 DeferWindowPos
0x4826d4 DefWindowProcA
0x4826d8 DefMDIChildProcA
0x4826dc DefFrameProcA
0x4826e0 CreatePopupMenu
0x4826e4 CreateMenu
0x4826e8 CreateIcon
0x4826ec ClientToScreen
0x4826f0 CheckMenuItem
0x4826f4 CallWindowProcA
0x4826f8 CallNextHookEx
0x4826fc BeginPaint
0x482700 BeginDeferWindowPos
0x482704 CharNextA
0x482708 CharLowerBuffA
0x48270c CharLowerA
0x482710 CharUpperBuffA
0x482714 CharToOemA
0x482718 AdjustWindowRectEx
Library kernel32.dll:
0x482724 Sleep
Library oleaut32.dll:
0x48272c SafeArrayPtrOfIndex
0x482730 SafeArrayGetUBound
0x482734 SafeArrayGetLBound
0x482738 SafeArrayCreate
0x48273c VariantChangeType
0x482740 VariantCopy
0x482744 VariantClear
0x482748 VariantInit
Library comctl32.dll:
0x482758 ImageList_Write
0x48275c ImageList_Read
0x48276c ImageList_DragMove
0x482770 ImageList_DragLeave
0x482774 ImageList_DragEnter
0x482778 ImageList_EndDrag
0x48277c ImageList_BeginDrag
0x482780 ImageList_Remove
0x482784 ImageList_DrawEx
0x482788 ImageList_Replace
0x48278c ImageList_Draw
0x48279c ImageList_Add
0x4827a4 ImageList_Destroy
0x4827a8 ImageList_Create
Library comdlg32.dll:
0x4827b0 GetOpenFileNameA
Library kernel32.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49179 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49180 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49177 203.208.40.98 update.googleapis.com 443
192.168.56.101 49183 203.208.40.98 update.googleapis.com 443
192.168.56.101 49178 203.208.41.65 redirector.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 55169 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60911 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62191 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50433 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=118342-206244
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=384478-742131
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=34737-55056
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=0-7845
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=206245-384477
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=55057-75200
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=b2128975cfbd9f63&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619759779&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=7846-19861
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.