SmartHawk

7.8

高危

52 个模型检测该样本为恶意！

重新分析

下载样本

552c7cb8580448e09981920b7a555b473175992d02e67328b06dfad20d27752b

a822f5233862a51cb20cddeee5970280.exe

分析耗时

75s

最近分析

文件大小

220.1KB

静态报毒动态报毒 9CABEJHXFAE AI SCORE=85 ATTRIBUTE AUSL BANKERX CCMW CJRI CONFIDENCE ELDORADO EMOTET GENCIRC GENERICKDZ GENETIC HFQZ HIGH CONFIDENCE HIGHCONFIDENCE KRYPTIK QALEZ R002C0DI120 R348876 SCORE SUSGEN UNCLASSIFIEDMALWARE@0 UNSAFE ZENPAK 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Trojan:Win32/Emotet.31a21e58	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Kingsoft		20200907	2013.8.14.323
McAfee	Emotet-FRV!A822F5233862	20200907	6.0.6.653
Tencent	Malware.Win32.Gencirc.10cdec45	20200907	1.0.0.1
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0

Queries for the computername (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985524.453886 GetComputerNameA	computer_name: OSKAR-PC	success	1	0

Uses Windows APIs to generate a cryptographic key (5 个事件)

Time & API	Arguments	Status	Return
1620985508.547886 CryptGenKey	crypto_handle: 0x005eed50 algorithm_identifier: 0x0000660e () provider_handle: 0x006b61a8 flags: 1 key: f?"Ç¬íRGF8Ú	success	1
1620985524.485886 CryptExportKey	crypto_handle: 0x005eed50 crypto_export_handle: 0x006b6280 buffer: f¤7<Ð~ªAWª+û%\ Æ¹}`AðÎ«\×÷°5èñðÍÁ¿Ëtåßµ¹ôµ>Üjyr¾+¿Í\©Ê«Cp²lx+-àm"<SþÆ¢äwð²õcVØª9 blob_type: 1 flags: 64	success	1
1620985560.688886 CryptExportKey	crypto_handle: 0x005eed50 crypto_export_handle: 0x006b6280 buffer: f¤®Aå.´§Èpï[t)¢:¥L,®> (ºó}t¤I»sN¢3oQôÌÒ¯+÷PÉ8y`9OÞÃ yP´êa+:å>_ÇvKè[þq²_] blob_type: 1 flags: 64	success	1
1620985565.094886 CryptExportKey	crypto_handle: 0x005eed50 crypto_export_handle: 0x006b6280 buffer: f¤\¥Ôm«IÐñÌ¥©'Ä8çÿo¯ÌMsaÅ©Ó4ÐF\3\Ü 4AàÚãv!KØ]¦l29\|0HHco½ä5.à*ëòòõÿ«tÔQMeÃ<Wk blob_type: 1 flags: 64	success	1
1620985569.469886 CryptExportKey	crypto_handle: 0x005eed50 crypto_export_handle: 0x006b6280 buffer: f¤ÔºáÕ¶>nG®F®qÂñÕQHRfÕõ<ijIM¡ÿ×³ìÔf,TÖ=tíü±H¼M^w`%Uh³Ü ,ó[xgÛ´mkHã8Ôëg¼hp blob_type: 1 flags: 64	success	1

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)

suspicious_features

POST method with no referer header

suspicious_request

POST https://update.googleapis.com/service/update2?cup2key=10:2490412112&cup2hreq=f94aa2dc43843396bdb80a8f989b9b068bc6d213ba4fc35888f6b7bee2f459a7

Performs some HTTP requests (4 个事件)

request	HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request	HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620957147&mv=m&mvi=1&pl=23&shardbypass=yes
request	HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=3c622799960ae00c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620957147&mv=m&mvi=3
request	POST https://update.googleapis.com/service/update2?cup2key=10:2490412112&cup2hreq=f94aa2dc43843396bdb80a8f989b9b068bc6d213ba4fc35888f6b7bee2f459a7

Sends data using the HTTP POST Method (1 个事件)

request

POST https://update.googleapis.com/service/update2?cup2key=10:2490412112&cup2hreq=f94aa2dc43843396bdb80a8f989b9b068bc6d213ba4fc35888f6b7bee2f459a7

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985507.750886 NtAllocateVirtualMemory	process_identifier: 472 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00330000	success	0	0

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (10 个事件)

Time & API	Arguments	Status	Return
1620985508.281886 Process32NextW	process_name: pythonw.exe snapshot_handle: 0x00000114 process_identifier: 2504	success	1
1620985508.281886 Process32NextW	process_name: mobsync.exe snapshot_handle: 0x00000114 process_identifier: 880	success	1
1620985508.281886 Process32NextW	process_name: wsqmcons.exe snapshot_handle: 0x00000114 process_identifier: 2196	success	1
1620985508.281886 Process32NextW	process_name: sdclt.exe snapshot_handle: 0x00000114 process_identifier: 3056	success	1
1620985508.281886 Process32NextW	process_name: taskhost.exe snapshot_handle: 0x00000114 process_identifier: 2296	success	1
1620985508.281886 Process32NextW	process_name: a822f5233862a51cb20cddeee5970280.exe snapshot_handle: 0x00000114 process_identifier: 472	success	1
1620985524.469886 Process32NextW	process_name: GoogleUpdate.exe snapshot_handle: 0x00000120 process_identifier: 2764	success	1
1620985560.672886 Process32NextW	process_name: GoogleUpdate.exe snapshot_handle: 0x00000378 process_identifier: 3008	success	1
1620985569.469886 Process32NextW	process_name: inject-x86.exe snapshot_handle: 0x00000178 process_identifier: 2964	success	1
1620985569.469886 Process32NextW	process_name: mscorsvw.exe snapshot_handle: 0x00000178 process_identifier: 2948	success	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985524.953886 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Expresses interest in specific running processes (1 个事件)

process

a822f5233862a51cb20cddeee5970280.exe

Reads the systems User Agent and subsequently performs requests (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985524.610886 InternetOpenW	proxy_bypass: access_type: 0 proxy_name: flags: 0 user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	success	13369348	0

Communicates with host for which no DNS query was performed (5 个事件)

host	162.249.220.190
host	172.217.24.14
host	178.128.14.92
host	181.113.229.139
host	85.25.207.108

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1620985527.531886 RegSetValueExA	key_handle: 0x00000378 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1620985527.531886 RegSetValueExA	key_handle: 0x00000378 value: ðÖ»H× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1620985527.531886 RegSetValueExA	key_handle: 0x00000378 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1620985527.531886 RegSetValueExW	key_handle: 0x00000378 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1620985527.531886 RegSetValueExA	key_handle: 0x0000032c value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1620985527.531886 RegSetValueExA	key_handle: 0x0000032c value: ðÖ»H× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1620985527.531886 RegSetValueExA	key_handle: 0x0000032c value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1620985527.563886 RegSetValueExW	key_handle: 0x00000374 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.69617
FireEye	Trojan.GenericKDZ.69617
ALYac	Trojan.GenericKDZ.69617
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Trojan:Win32/Emotet.31a21e58
K7GW	Riskware ( 0040eff71 )
Arcabit	Trojan.Generic.D10FF1
Invincea	Troj/Emotet-CLO
Cyren	W32/Emotet.AQQ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Packed.Emotet-9481137-0
Kaspersky	Backdoor.Win32.Emotet.cjri
BitDefender	Trojan.GenericKDZ.69617
NANO-Antivirus	Virus.Win32.Gen.ccmw
Rising	Trojan.Kryptik!8.8 (TFE:5:9cabeJhxfaE)
Ad-Aware	Trojan.GenericKDZ.69617
TACHYON	Backdoor/W32.Emotet.225384
Comodo	.UnclassifiedMalware@0
F-Secure	Trojan.TR/Crypt.Agent.qalez
DrWeb	Trojan.Emotet.999
Zillya	Backdoor.Emotet.Win32.1130
TrendMicro	TROJ_GEN.R002C0DI120
Sophos	Troj/Emotet-CLO
Jiangmin	Backdoor.Emotet.sc
Avira	TR/Crypt.Agent.qalez
Antiy-AVL	Trojan/Win32.Kryptik
Microsoft	Trojan:Win32/Emotet.ARJ!MTB
ViRobot	Trojan.Win32.Z.Emotet.225384.SF
ZoneAlarm	Backdoor.Win32.Emotet.cjri
GData	Trojan.GenericKDZ.69617
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.Emotet.R348876
McAfee	Emotet-FRV!A822F5233862
MAX	malware (ai score=85)
VBA32	Backdoor.Emotet
Malwarebytes	Trojan.MalPack.TRE
ESET-NOD32	a variant of Win32/Kryptik.HFQZ
TrendMicro-HouseCall	TROJ_GEN.R002C0DI120
Tencent	Malware.Win32.Gencirc.10cdec45
Ikarus	Trojan-Banker.Emotet
MaxSecure	Trojan.Malware.105705889.susgen
Fortinet	W32/Zenpak.AUSL!tr
AVG	Win32:BankerX-gen [Trj]
Panda	Trj/Genetic.gen

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (5 个事件)

dead_host	85.25.207.108:8080
dead_host	162.249.220.190:80
dead_host	178.128.14.92:8080
dead_host	192.168.56.101:49178
dead_host	192.168.56.101:49182

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-21 19:07:38

Imports

Library KERNEL32.dll:

• 0x41b26c GetTimeZoneInformation

• 0x41b270 SetConsoleCtrlHandler

• 0x41b274 GetStringTypeW

• 0x41b278 GetStringTypeA

• 0x41b27c ReadFile

• 0x41b280 SetStdHandle

• 0x41b284 LoadLibraryA

• 0x41b288 GetOEMCP

• 0x41b28c GetACP

• 0x41b290 GetLocaleInfoW

• 0x41b294 CompareStringA

• 0x41b298 CompareStringW

• 0x41b29c ExitProcess

• 0x41b2a0 GetModuleHandleA

• 0x41b2a4 VirtualFree

• 0x41b2a8 IsBadCodePtr

• 0x41b2ac IsBadReadPtr

• 0x41b2b0 GetVersionExA

• 0x41b2b4 GetUserDefaultLCID

• 0x41b2b8 EnumSystemLocalesA

• 0x41b2bc GetLocaleInfoA

• 0x41b2c0 IsValidCodePage

• 0x41b2c4 IsValidLocale

• 0x41b2c8 GetCPInfo

• 0x41b2cc SetUnhandledExceptionFilter

• 0x41b2d0 CloseHandle

• 0x41b2d4 FlushFileBuffers

• 0x41b2d8 SetFilePointer

• 0x41b2dc WriteFile

• 0x41b2e0 GetFileType

• 0x41b2e4 GetStdHandle

• 0x41b2e8 SetHandleCount

• 0x41b2ec VirtualAlloc

• 0x41b2f0 OutputDebugStringA

• 0x41b2f4 EnterCriticalSection

• 0x41b2f8 Sleep

• 0x41b2fc InitializeCriticalSection

• 0x41b300 InterlockedExchange

• 0x41b304 DeleteCriticalSection

• 0x41b308 LeaveCriticalSection

• 0x41b30c InterlockedDecrement

• 0x41b310 InterlockedIncrement

• 0x41b314 MultiByteToWideChar

• 0x41b318 RtlUnwind

• 0x41b31c HeapAlloc

• 0x41b320 GetStartupInfoA

• 0x41b324 GetCommandLineA

• 0x41b328 GetVersion

• 0x41b32c HeapFree

• 0x41b330 RaiseException

• 0x41b334 FatalAppExitA

• 0x41b338 GetCurrentThreadId

• 0x41b33c TlsSetValue

• 0x41b340 TlsAlloc

• 0x41b344 TlsFree

• 0x41b348 SetLastError

• 0x41b34c TlsGetValue

• 0x41b350 GetLastError

• 0x41b354 GetCurrentThread

• 0x41b358 GetProcAddress

• 0x41b35c TerminateProcess

• 0x41b360 GetCurrentProcess

• 0x41b364 HeapReAlloc

• 0x41b368 HeapSize

• 0x41b36c WideCharToMultiByte

• 0x41b370 LCMapStringA

• 0x41b374 LCMapStringW

• 0x41b378 HeapDestroy

• 0x41b37c HeapCreate

• 0x41b380 IsBadWritePtr

• 0x41b384 UnhandledExceptionFilter

• 0x41b388 GetModuleFileNameA

• 0x41b38c FreeEnvironmentStringsA

• 0x41b390 FreeEnvironmentStringsW

• 0x41b394 GetEnvironmentStrings

• 0x41b398 GetEnvironmentStringsW

• 0x41b39c SetEnvironmentVariableA

Library USER32.dll:

• 0x41b3a4 GetDlgCtrlID

• 0x41b3a8 ReleaseDC

• 0x41b3ac GetDC

• 0x41b3b0 GetClientRect

• 0x41b3b4 GetDlgItem

• 0x41b3b8 EndDialog

• 0x41b3bc SendMessageA

• 0x41b3c0 ShowWindow

• 0x41b3c4 DialogBoxParamA

• 0x41b3c8 LoadIconA

• 0x41b3cc MessageBoxA

Library GDI32.dll:

• 0x41b250 CreateSolidBrush

• 0x41b254 SelectObject

• 0x41b258 DeleteObject

• 0x41b25c DeleteDC

• 0x41b260 CreateCompatibleDC

• 0x41b264 CreateCompatibleBitmap

Library WINMM.dll:

• 0x41b3d4 mixerGetLineControlsA

• 0x41b3d8 mixerClose

• 0x41b3dc mixerSetControlDetails

• 0x41b3e0 mciGetErrorStringA

• 0x41b3e4 mixerGetLineInfoA

• 0x41b3e8 mixerOpen

• 0x41b3ec waveOutSetVolume

• 0x41b3f0 waveInStart

• 0x41b3f4 waveInAddBuffer

• 0x41b3f8 waveInPrepareHeader

• 0x41b3fc waveInOpen

• 0x41b400 waveInClose

• 0x41b404 waveInUnprepareHeader

• 0x41b408 waveInReset

• 0x41b40c waveOutGetVolume

• 0x41b410 mixerGetControlDetailsA

Library COMCTL32.dll:

• 0x41b248

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
r3---sn-j5o7dn7e.gvt1.com	CNAME r3.sn-j5o7dn7e.gvt1.com A 113.108.239.196	113.108.239.196
redirector.gvt1.com	A 203.208.41.33	203.208.41.33
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
r1---sn-j5o7dn7e.gvt1.com	A 113.108.239.194 CNAME r1.sn-j5o7dn7e.gvt1.com	113.108.239.194
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
update.googleapis.com	A 203.208.40.34	203.208.40.34
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49180	113.108.239.194 r1---sn-j5o7dn7e.gvt1.com	80
192.168.56.101	49181	113.108.239.196 r3---sn-j5o7dn7e.gvt1.com	80
192.168.56.101	49175	203.208.40.34 update.googleapis.com	443
192.168.56.101	49179	203.208.41.33 redirector.gvt1.com	80

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900

HTTP & HTTPS Requests

URI	Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620957147&mv=m&mvi=1&pl=23&shardbypass=yes	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620957147&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r1---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=3c622799960ae00c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620957147&mv=m&mvi=3	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=3c622799960ae00c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620957147&mv=m&mvi=3 HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com

URI

Data

http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe

HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com

http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620957147&mv=m&mvi=1&pl=23&shardbypass=yes

HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620957147&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=3c622799960ae00c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620957147&mv=m&mvi=3

HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=3c622799960ae00c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620957147&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.