6.2
高危
51 个模型检测该样本为恶意!
重新分析
更多

8c47c335c57f857f24dddb9a444822f27a9334a092257c5a333ed22a1d9c7b5f

c50a2cf675a305764cfdd02318d7554e.exe

分析耗时

89s

最近分析

文件大小

596.1KB
静态报毒 动态报毒 AI SCORE=87 AKRS ATTRIBUTE CONFIDENCE EOFS GENCIRC GENERIC@ML GENERICKD GENERICRXAA GENKRYPTIK HFAC HIGH CONFIDENCE HIGHCONFIDENCE HNWLLB ICEDID ICHSMLE JUJVB K4XVHZ4MGIKZ5G KRYPT KRYPTIK LYX@AAJRYZGO MALWARE@#3ED6M6U525K3P R03BC0DGI20 R346623 RDML SCORE SUSGEN UNSAFE ZENPAK ZEXTET 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXAA-AA!C50A2CF675A3 20200829 6.0.6.653
Alibaba Backdoor:Win32/IcedId.0511448a 20190527 0.3.0.5
Avast Win32:Malware-gen 20200829 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cde169 20200829 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200829 2013.8.14.323
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:3529542791&cup2hreq=aadc721eecc734cf202dbac8db77633a18b4c93976137a8f84eadc03f4e28e55
Performs some HTTP requests (5 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619880740&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=fb55c800a0fb4882&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619880740&mv=m
request GET http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=fb55c800a0fb4882&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619880740&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:3529542791&cup2hreq=aadc721eecc734cf202dbac8db77633a18b4c93976137a8f84eadc03f4e28e55
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3529542791&cup2hreq=aadc721eecc734cf202dbac8db77633a18b4c93976137a8f84eadc03f4e28e55
Resolves a suspicious Top Level Domain (TLD) (2 个事件)
domain allthereal.top description Generic top level domain TLD
domain placeishidden.top description Generic top level domain TLD
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619909949.768
NtAllocateVirtualMemory
process_identifier: 2636
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02130000
success 0 0
Creates hidden or system file (8 个事件)
Time & API Arguments Status Return Repeated
1619909949.893
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619909949.893
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619909949.893
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619909949.893
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3154413779-3303930873-3537499701-500
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3154413779-3303930873-3537499701-500
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619909949.909
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619909949.909
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619909949.909
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619909949.909
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3154413779-3303930873-3537499701-500
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3154413779-3303930873-3537499701-500
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34182568
CAT-QuickHeal Trojan.Zenpak
McAfee GenericRXAA-AA!C50A2CF675A3
Malwarebytes Trojan.IcedID
Zillya Trojan.Zenpak.Win32.2506
Sangfor Malware
K7AntiVirus Trojan ( 0056ab811 )
Alibaba Backdoor:Win32/IcedId.0511448a
K7GW Trojan ( 0056ab811 )
BitDefenderTheta Gen:NN.Zextet.34196.LyX@aaJRyZgO
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HFAC
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan.Win32.Zenpak.akrs
BitDefender Trojan.GenericKD.34182568
NANO-Antivirus Trojan.Win32.Zenpak.hnwllb
Avast Win32:Malware-gen
Tencent Malware.Win32.Gencirc.10cde169
Ad-Aware Trojan.GenericKD.34182568
Comodo Malware@#3ed6m6u525k3p
F-Secure Trojan.TR/Kryptik.jujvb
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R03BC0DGI20
FireEye Generic.mg.c50a2cf675a30576
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Krypt
GData Trojan.GenericKD.34182568
Jiangmin Trojan.Zenpak.cos
MaxSecure Trojan.Malware.104306710.susgen
Avira TR/Kryptik.jujvb
Antiy-AVL Trojan/Win32.Zenpak
Arcabit Trojan.Generic.D20995A8
AegisLab Trojan.Win32.Zenpak.4!c
ZoneAlarm Trojan.Win32.Zenpak.akrs
Microsoft Trojan:Win32/IcedId.DEJ!MTB
Cynet Malicious (score: 85)
AhnLab-V3 Malware/Win32.RL_Generic.R346623
VBA32 Trojan.Zenpak
ALYac Trojan.GenericKD.34182568
MAX malware (ai score=87)
Cylance Unsafe
TrendMicro-HouseCall TROJ_GEN.R03BC0DGI20
Rising Trojan.Generic@ML.95 (RDML:ICHsmle/k4XvHZ4MgiKz5g)
eGambit Unsafe.AI_Score_99%
Fortinet W32/GenKryptik.EOFS!tr
AVG Win32:Malware-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_90% (W)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-03-12 08:05:26

Imports

Library MFC42.DLL:
0x48657c
0x486580
0x486584
0x486588
0x48658c
0x486590
0x486594
0x486598
0x48659c
0x4865a0
0x4865a4
0x4865a8
0x4865ac
0x4865b0
0x4865b4
0x4865b8
0x4865bc
0x4865c0
0x4865c4
0x4865c8
0x4865cc
0x4865d0
0x4865d4
0x4865d8
0x4865dc
0x4865e0
0x4865e4
0x4865e8
0x4865ec
0x4865f0
0x4865f4
0x4865f8
0x4865fc
0x486600
0x486604
0x486608
0x48660c
0x486610
0x486614
0x486618
0x48661c
0x486620
0x486624
0x486628
0x48662c
0x486630
0x486634
0x486638
0x48663c
0x486640
0x486644
0x486648
0x48664c
0x486650
0x486654
0x486658
0x48665c
0x486660
0x486664
0x486668
0x48666c
0x486670
0x486674
0x486678
0x48667c
0x486680
0x486684
0x486688
0x48668c
0x486690
0x486694
0x486698
0x48669c
0x4866a0
0x4866a4
0x4866a8
0x4866ac
0x4866b0
0x4866b4
0x4866b8
0x4866bc
0x4866c0
0x4866c4
0x4866c8
0x4866cc
0x4866d0
0x4866d4
0x4866d8
0x4866dc
0x4866e0
0x4866e4
0x4866e8
0x4866ec
0x4866f0
0x4866f4
0x4866f8
0x4866fc
0x486700
0x486704
0x486708
0x48670c
0x486710
0x486714
0x486718
0x48671c
0x486720
0x486724
0x486728
0x48672c
0x486730
0x486734
0x486738
0x48673c
0x486740
0x486744
0x486748
0x48674c
0x486750
0x486754
0x486758
0x48675c
0x486760
0x486764
0x486768
0x48676c
0x486770
0x486774
0x486778
0x48677c
0x486780
0x486784
0x486788
0x48678c
0x486790
0x486794
0x486798
0x48679c
0x4867a0
Library MSVCRT.dll:
0x486878 __p__commode
0x48687c __p__fmode
0x486880 __set_app_type
0x486884 _except_handler3
0x486888 _controlfp
0x48688c _XcptFilter
0x486890 _adjust_fdiv
0x486894 _onexit
0x486898 __dllonexit
0x48689c _mbscmp
0x4868a0 memcpy
0x4868a4 atoi
0x4868a8 _setmbcp
0x4868ac __setusermatherr
0x4868b0 _initterm
0x4868b4 exit
0x4868b8 __getmainargs
0x4868bc _acmdln
0x4868c0 _exit
0x4868c4 __CxxFrameHandler
0x4868c8 printf
Library KERNEL32.dll:
0x486534 GetModuleHandleA
0x486538 GetStartupInfoA
0x48653c ExitProcess
0x486540 LoadLibraryExA
0x486544 LoadLibraryExW
0x486548 GetProcAddress
Library USER32.dll:
0x486908 LoadIconA
0x48690c AppendMenuA
0x486910 GetSystemMenu
0x486914 GetSystemMetrics
0x486918 DrawIcon
0x48691c IsIconic
0x486920 GetFocus
0x486924 GetClientRect
0x486928 GetKeyState
0x48692c EnableWindow
0x486930 GetParent
0x486934 SendMessageA
0x486938 TranslateMessage
0x48693c DispatchMessageA
0x486940 PostMessageA
Library GDI32.dll:
Library MSVCP60.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49191 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49193 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49174 178.128.153.0 placeishidden.top 443
192.168.56.101 49176 178.128.153.0 placeishidden.top 443
192.168.56.101 49181 178.128.153.0 placeishidden.top 443
192.168.56.101 49182 178.128.153.0 placeishidden.top 443
192.168.56.101 49187 178.128.153.0 placeishidden.top 443
192.168.56.101 49188 178.128.153.0 placeishidden.top 443
192.168.56.101 49196 178.128.153.0 placeishidden.top 443
192.168.56.101 49197 178.128.153.0 placeishidden.top 443
192.168.56.101 49190 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49185 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=fb55c800a0fb4882&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619880740&mv=m 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=fb55c800a0fb4882&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619880740&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=7319-18207
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=fb55c800a0fb4882&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619880740&mv=m 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=fb55c800a0fb4882&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619880740&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=0-7318
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=fb55c800a0fb4882&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619880740&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=fb55c800a0fb4882&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619880740&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619880740&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619880740&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.