6.8
高危
55 个模型检测该样本为恶意!
重新分析
更多

56e2a716ae6fc8ed5c93d57954d0cbeedd5eb47baa263e1bf2d7c29003d08dfd

beecedc3f45407ae79e814bd6dbc51b2.exe

分析耗时

104s

最近分析

文件大小

149.0KB
静态报毒 动态报毒 100% AGEN AI SCORE=89 AIDETECT ATTRIBUTE BSCOPE CCMW CLICK CLOUD CONFIDENCE DOWNLOADER34 ENCPK GENERICKD GENERICRXLX HERT HFIU HIGH CONFIDENCE HIGHCONFIDENCE HXMBBIMA JQW@ASLZNIE KCLOUD KRYPTIK MALWARE2 MALWARE@#279MXBC1XWIU5 PKWQPEE PLAY PPZC R + MAL SAVE SCORE STATIC AI SUSGEN SUSPICIOUS PE UNSAFE WACATAC YMACCO ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Kryptik.63789963 20190527 0.3.0.5
Avast Win32:Malware-gen 20210315 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Undef.(kcloud) 20210316 2017.9.26.565
McAfee GenericRXLX-ZQ!BEECEDC3F454 20210315 6.0.6.653
Tencent Win32.Trojan.Generic.Play 20210316 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620899613.153751
IsDebuggerPresent
failed 0 0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:1499406221&cup2hreq=463b17e443e304012637fd5ebeb277dc5377543dbbf01bfa1bb5063cc7fc28dc
Performs some HTTP requests (5 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3
request GET http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3
request POST https://update.googleapis.com/service/update2?cup2key=10:1499406221&cup2hreq=463b17e443e304012637fd5ebeb277dc5377543dbbf01bfa1bb5063cc7fc28dc
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1499406221&cup2hreq=463b17e443e304012637fd5ebeb277dc5377543dbbf01bfa1bb5063cc7fc28dc
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620899610.513751
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 176128
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00430000
success 0 0
1620899610.513751
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 176128
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620899252.953645
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004040000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Creates hidden or system file (1 个事件)
Time & API Arguments Status Return Repeated
1620899623.231751
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000134
filepath: C:\Windows\Tasks\rwuedo.job
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Windows\Tasks\rwuedo.job
create_options: 100 (FILE_NON_DIRECTORY_FILE|FILE_SEQUENTIAL_ONLY|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 5 (FILE_SHARE_READ|FILE_SHARE_DELETE)
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 45.145.65.32
host 91.241.19.10
Installs itself for autorun at Windows startup (1 个事件)
file C:\Windows\Tasks\rwuedo.job
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader34.35162
MicroWorld-eScan Trojan.GenericKD.43799271
FireEye Generic.mg.beecedc3f45407ae
CAT-QuickHeal Trojan.Multi
ALYac Trojan.Agent.Wacatac
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2525000
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0056c0a41 )
Alibaba Trojan:Win32/Kryptik.63789963
K7GW Trojan ( 0056c0a41 )
Cybereason malicious.3f4540
BitDefenderTheta Gen:NN.ZexaF.34608.jqW@aSlZNie
Cyren W32/Trojan.PPZC-2273
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HFIU
APEX Malicious
Avast Win32:Malware-gen
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.GenericKD.43799271
NANO-Antivirus Virus.Win32.Gen.ccmw
Paloalto generic.ml
ViRobot Trojan.Win32.Z.Kryptik.152576.HU
Rising Trojan.Kryptik!8.8 (CLOUD)
Ad-Aware Trojan.GenericKD.43799271
Emsisoft Trojan.Crypt (A)
Comodo Malware@#279mxbc1xwiu5
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition GenericRXLX-ZQ!BEECEDC3F454
Sophos Mal/Generic-R + Mal/EncPk-APW
Ikarus Trojan.Win32.Crypt
Avira HEUR/AGEN.1136666
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Microsoft Trojan:Win32/Ymacco.AA56
AegisLab Trojan.Multi.Generic.4!c
GData Trojan.GenericKD.43799271
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Kryptik.C4194643
Acronis suspicious
McAfee GenericRXLX-ZQ!BEECEDC3F454
MAX malware (ai score=89)
VBA32 BScope.Backdoor.Click
Malwarebytes Trojan.Downloader
Tencent Win32.Trojan.Generic.Play
Yandex Trojan.Kryptik!PKWQpee/qRI
SentinelOne Static AI - Suspicious PE
eGambit Unsafe.AI_Score_99%
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 45.145.65.32:4119
dead_host 91.241.19.10:4119
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-26 02:23:58

Imports

Library kernel32.dll:
0x429198 LoadLibraryA
0x42919c VirtualAlloc
0x4291a0 VirtualFree
0x4291a4 VirtualProtect
0x4291a8 GetProcAddress
0x4291ac GetProcessId
0x4291b0 GetTickCount
0x4291b4 GetConsoleCP
0x4291b8 lstrcmpA
0x4291bc GetACP
0x4291c0 SetTapePosition
0x4291c4 _lread
0x4291c8 SetSystemTime
0x4291cc GetProfileStringW
0x4291d8 GlobalGetAtomNameA
0x4291dc VirtualQuery
0x4291e0 AddAtomW
0x4291e4 VirtualProtectEx
0x4291e8 WriteConsoleW
0x4291ec SetConsoleTitleA
Library user32.dll:
0x429298 GetCursorPos
0x42929c ShowWindow
0x4292a4 ShowCursor
0x4292a8 CliImmSetHotKey
0x4292ac CheckMenuItem
0x4292b0 MapWindowPoints
0x4292b4 DdeDisconnectList
0x4292b8 PtInRect
0x4292bc MessageBoxTimeoutW
0x4292c4 RemoveMenu
0x4292c8 IsDialogMessage
0x4292cc LoadLocalFonts
0x4292d0 SetDeskWallpaper
0x4292d4 SetScrollPos
0x4292d8 ShowCaret
0x4292dc VRipOutput
0x4292e0 IsWindowVisible
0x4292e4 EnumDesktopWindows
0x4292e8 GetWindowWord
0x4292ec MessageBeep
0x4292f0 CheckRadioButton
0x4292f4 SetSysColorsTemp
0x4292f8 SetClassWord
0x4292fc MessageBoxExA
0x429300 GetClassLongA
0x429304 IMPSetIMEA
0x429308 EnumDisplayDevicesA
0x42930c FindWindowW
0x429310 MenuWindowProcA
0x429314 GetTaskmanWindow
0x429318 CharUpperW
0x42931c LoadRemoteFonts
0x429320 DdeQueryStringA
Library winspool.drv:
0x429390 AddFormA
0x429394 AddJobW
0x4293a0 EnumPrintersW
0x4293a4 DeleteFormW
0x4293ac GetPrinterDataA
0x4293b0 StartDocPrinterA
0x4293b8 DeletePrinterDataA
0x4293c0 DeleteMonitorW
0x4293c4 EndDocPrinter
0x4293cc DeleteMonitorA
0x4293d0 AddMonitorA
0x4293d4 EnumPortsA
0x4293dc ReadPrinter
0x4293e0 EnumMonitorsA
0x4293e8 DeletePrinterDataW
0x4293ec ConfigurePortW
0x4293f4 EnumPrinterDataW
Library imagehlp.dll:
0x429144 RemoveRelocations
0x429148 SymGetSymNext
0x42914c SymUnDName64
0x429158 SymGetLinePrev64
0x429160 MapAndLoad
0x429164 ImageUnload
0x429168 SymSetContext
0x429170 SymGetSearchPath
0x429178 SymGetModuleInfoW
0x42917c SymGetSymFromAddr
0x429188 SymLoadModule64
0x42918c FindExecutableImage
Library winmm.dll:
0x429328 midiInPrepareHeader
0x42932c mciSetDriverData
0x429334 auxSetVolume
0x429338 NotifyCallbackData
0x42933c waveOutRestart
0x429340 timeKillEvent
0x429344 mxd32Message
0x429348 midiInGetErrorTextW
0x429350 mmioFlush
0x429354 waveOutGetDevCapsA
0x429358 mciGetCreatorTask
0x42935c mciSetYieldProc
0x429360 midiInMessage
0x429364 waveOutGetDevCapsW
0x429370 midiStreamClose
0x429374 joyGetThreshold
0x429378 waveInGetDevCapsA
0x42937c waveOutBreakLoop
0x429380 waveOutPause
0x429384 midiOutOpen
0x429388 mmGetCurrentTask
Library gdi32.dll:
0x4290a8 DdEntry25
0x4290ac ExtTextOutA
0x4290b0 GdiAddGlsRecord
0x4290b4 GdiEntry4
0x4290b8 DeleteDC
0x4290bc DdEntry27
0x4290c0 FONTOBJ_vGetInfo
0x4290c4 GetLogColorSpaceA
0x4290c8 LineTo
0x4290cc CreateDCW
0x4290d0 DdEntry19
0x4290dc EngPlgBlt
0x4290e0 GdiEntry13
0x4290e4 GdiDllInitialize
0x4290e8 GetKerningPairs
0x4290ec CreateCompatibleDC
0x4290f0 DeleteObject
0x4290f4 CreateICW
0x4290fc GdiIsMetaFileDC
0x429100 GetCharABCWidthsW
0x429104 GetEUDCTimeStampExW
0x429108 IntersectClipRect
0x42910c GetROP2
0x429114 GetPaletteEntries
0x429118 DdEntry55
0x42911c GetFontData
0x429120 DdEntry13
0x429124 GetEnhMetaFileW
0x429128 AddFontResourceExA
0x42912c GdiReleaseDC
0x429130 STROBJ_bEnum
0x429134 GdiReleaseLocalDC
0x429138 EudcLoadLinkW
Library oledlg.dll:
0x4291fc OleUIChangeIconW
0x429204 OleUIEditLinksA
0x429208 OleUIAddVerbMenuA
0x42920c OleUIAddVerbMenuW
0x429210 OleUIPasteSpecialW
0x429214 OleUIUpdateLinksA
0x42921c OleUIChangeIconA
0x429220 OleUIPromptUserW
0x429224 OleUIInsertObjectA
0x429228 OleUIEditLinksW
0x42922c OleUIChangeSourceA
0x429230 OleUIChangeSourceW
Library shlwapi.dll:
0x429238 StrStrNIW
0x42923c StrRStrIA
0x429240 StrFormatKBSizeA
0x429244 StrToIntW
0x429248 SHQueryValueExW
0x42924c PathSkipRootA
0x429254 PathMatchSpecA
0x429258 PathAddExtensionA
0x42925c UrlIsOpaqueW
0x429260 PathQuoteSpacesA
0x429264 StrChrNW
0x429268 StrCmpW
0x429270 StrRetToStrW
0x429274 PathIsSameRootA
0x429278 StrCpyW
0x42927c PathFindExtensionW
0x429280 StrFormatKBSizeW
0x429284 SHRegGetUSValueA
0x42928c SHQueryValueExA
0x429290 SHRegGetValueA
Library advapi32.dll:
0x42900c CryptDeriveKey
0x429010 WmiQueryAllDataW
0x429014 BackupEventLogW
0x429030 ClearEventLogW
0x429034 RegSaveKeyW
0x429038 InitializeSid
0x42903c GetMultipleTrusteeW
0x429040 SystemFunction022
0x429044 SystemFunction024
0x42904c AddAuditAccessAce
0x429054 GetTraceEnableFlags

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49179 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49180 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49178 203.208.41.33 redirector.gvt1.com 80
192.168.56.101 49176 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=66087-86062
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=45392-66086
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=30935-45391
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=6896-20259
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=86063-113663
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=20260-30934
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1ad76137c18832c8&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=0-6895
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870495&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.