10.8
0-day
56 个模型检测该样本为恶意!
重新分析
更多

45fc5a937144261f8aef986b818d282f88bd731f680bbf2bbf798e75dcbfc13e

c74b5b0aa3bd63defe0557546a4776f7.exe

分析耗时

168s

最近分析

文件大小

116.0KB
静态报毒 动态报毒 AGENTRI AI SCORE=80 AIDETECTVM ATTRIBUTE BANKERX BETWC CCMW CLASSIC DD6FB0XE7HQ ELDORADO EMOTET GENCIRC GENERICKDZ GENERICRXLW GENERIK GENETIC HIGH CONFIDENCE HIGHCONFIDENCE HQW@AYWNLDJI KRYPTIK MALWARE2 MALWARE@#1UC04UCJESX8P NDQSUNZ R + TROJ R057C0DI520 R350739 S15761365 SCORE SUSGEN SUSPICIOUS PE UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXLW-HG!C74B5B0AA3BD 20200928 6.0.6.653
Alibaba Trojan:Win32/Emotet.4454b325 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20200929 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cdffb8 20200929 1.0.0.1
Kingsoft 20200929 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619916591.525876
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (6 个事件)
Time & API Arguments Status Return Repeated
1619916578.634876
CryptGenKey
crypto_handle: 0x004aed20
algorithm_identifier: 0x0000660e ()
provider_handle: 0x004ae020
flags: 1
key: fÔÄGð–e¤\ú±%YÔ
success 1 0
1619916591.525876
CryptExportKey
crypto_handle: 0x004aed20
crypto_export_handle: 0x004aecd0
buffer: f¤ôÊÎ95’·¥?Є}î¾úҔ <ÅKuÚ°lO¶«ˆ¤9s»ICiÖ!à¥~¶st©œý†Ã”e"Ï9œ}Úèâúøב¡tÚrž(¼®Öbûé±*ŽØÝÖÁðÌ
blob_type: 1
flags: 64
success 1 0
1619916619.853876
CryptExportKey
crypto_handle: 0x004aed20
crypto_export_handle: 0x004aecd0
buffer: f¤Ö¹&_áF¶å?ta3‹Tz`c<·>=p¾m6#&oÈy\ÍQYÔ }Ï K"r¡_x™Ky½èýï{#¦5ࢋ˜è™? 3‰8E›3¹édòkÀ˜&¦n¦¢
blob_type: 1
flags: 64
success 1 0
1619916644.009876
CryptExportKey
crypto_handle: 0x004aed20
crypto_export_handle: 0x004aecd0
buffer: f¤Gð‹îZ¼àì4ÿHw@ú_Üo^q¶Û'Dì k9 JÝOìÆ!æNc–:`d¬á(©Zõà¿=<´z4 ëünæöù}"â›zrþvDÊeŽ~ <­÷>;ø½j€j!U
blob_type: 1
flags: 64
success 1 0
1619916649.540876
CryptExportKey
crypto_handle: 0x004aed20
crypto_export_handle: 0x004aecd0
buffer: f¤eWK¶ý„RÒç“0qU贁7)µôQÆÐ3dXÚcJØ\$’›0uÐÝùŠûݜvåöbæËJ<ä od¾ jèÙ^\_f~NFAéøþ*C]£ t¿.åL
blob_type: 1
flags: 64
success 1 0
1619916673.259876
CryptExportKey
crypto_handle: 0x004aed20
crypto_export_handle: 0x004aecd0
buffer: f¤yl`w›.*ƖÿmŽ$=ÏšU«º¾›Û·<ð|ÚIýšº‰â˜DPdà]Ð%'š ɺs0+S¹õª`4¦Gd>ón(ÚH `0“Lž¿KÚ\Ñ¡ýñfÚû]
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:889666949&cup2hreq=1b2fef5d6610d90ea60173da7056be6477be3c56355a724d041d53bfac46c76e
Performs some HTTP requests (5 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619887461&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=d90c67803868561c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619887701&mv=m
request GET http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=d90c67803868561c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619887701&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:889666949&cup2hreq=1b2fef5d6610d90ea60173da7056be6477be3c56355a724d041d53bfac46c76e
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:889666949&cup2hreq=1b2fef5d6610d90ea60173da7056be6477be3c56355a724d041d53bfac46c76e
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619906573.249625
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02450000
success 0 0
1619916185.52877
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004000000
success 0 0
1619916578.181876
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00440000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (6 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619906574.327625
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c74b5b0aa3bd63defe0557546a4776f7.exe
newfilepath: C:\Windows\SysWOW64\C_ISCII\odbctrac.exe
newfilepath_r: C:\Windows\SysWOW64\C_ISCII\odbctrac.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c74b5b0aa3bd63defe0557546a4776f7.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619916591.993876
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.781784131490918 section {'size_of_data': '0x00009000', 'virtual_address': '0x00015000', 'entropy': 7.781784131490918, 'name': '.rsrc', 'virtual_size': '0x00008be8'} description A section with a high entropy has been found
entropy 0.32142857142857145 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process odbctrac.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619916591.743876
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 118.2.218.1
host 172.217.24.14
host 5.9.227.244
host 51.254.140.91
host 51.75.163.68
Installs itself for autorun at Windows startup (1 个事件)
service_name odbctrac service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\C_ISCII\odbctrac.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619906579.859625
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x02673298
display_name: odbctrac
error_control: 0
service_name: odbctrac
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\C_ISCII\odbctrac.exe"
filepath_r: "C:\Windows\SysWOW64\C_ISCII\odbctrac.exe"
service_manager_handle: 0x02661750
desired_access: 2
service_type: 16
password:
success 40317592 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619916594.806876
RegSetValueExA
key_handle: 0x00000378
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619916594.806876
RegSetValueExA
key_handle: 0x00000378
value: `)ïëÓ>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619916594.806876
RegSetValueExA
key_handle: 0x00000378
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619916594.806876
RegSetValueExW
key_handle: 0x00000378
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619916594.806876
RegSetValueExA
key_handle: 0x00000394
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619916594.806876
RegSetValueExA
key_handle: 0x00000394
value: `)ïëÓ>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619916594.806876
RegSetValueExA
key_handle: 0x00000394
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619916594.806876
RegSetValueExW
key_handle: 0x00000374
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\C_ISCII\odbctrac.exe:Zone.Identifier
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.c74b5b0aa3bd63de
CAT-QuickHeal Trojan.AgentRI.S15761365
McAfee GenericRXLW-HG!C74B5B0AA3BD
Cylance Unsafe
Zillya Trojan.Emotet.Win32.28396
Sangfor Malware
K7AntiVirus Trojan ( 0056dbba1 )
Alibaba Trojan:Win32/Emotet.4454b325
K7GW Trojan ( 0056dbba1 )
Arcabit Trojan.Generic.D1110A
Invincea Mal/Generic-R + Troj/Emotet-CNC
BitDefenderTheta Gen:NN.ZexaF.34254.hqW@aywNLdji
Cyren W32/Kryptik.BWH.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Packed.Generickdz-9752566-0
BitDefender Trojan.GenericKDZ.69898
NANO-Antivirus Virus.Win32.Gen.ccmw
Paloalto generic.ml
MicroWorld-eScan Trojan.GenericKDZ.69898
Tencent Malware.Win32.Gencirc.10cdffb8
Ad-Aware Trojan.GenericKDZ.69898
Emsisoft Trojan.GenericKDZ.69898 (B)
Comodo Malware@#1uc04ucjesx8p
F-Secure Trojan.TR/Emotet.betwc
DrWeb Trojan.Emotet.1016
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R057C0DI520
McAfee-GW-Edition BehavesLike.Win32.Generic.ch
Sophos Troj/Emotet-CNC
Ikarus Trojan-Banker.Emotet
MaxSecure Trojan.Malware.74733560.susgen
Avira TR/Emotet.betwc
Antiy-AVL Trojan/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARK!MTB
AegisLab Trojan.Win32.Emotet.L!c
GData Trojan.GenericKDZ.69898
TACHYON Trojan/W32.Agent.118784.CPY
AhnLab-V3 Trojan/Win32.Emotet.R350739
VBA32 Trojan.Emotet
ALYac Trojan.GenericKDZ.69898
MAX malware (ai score=80)
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall TROJ_GEN.R057C0DI520
Rising Trojan.Emotet!1.CBDD (CLASSIC)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (7 个事件)
dead_host 172.217.27.142:443
dead_host 51.75.163.68:7080
dead_host 172.217.24.14:443
dead_host 51.254.140.91:7080
dead_host 5.9.227.244:8080
dead_host 192.168.56.101:49196
dead_host 118.2.218.1:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-04 01:24:57

Imports

Library KERNEL32.dll:
0x40f054 IsBadWritePtr
0x40f058 VirtualAlloc
0x40f05c WriteFile
0x40f060 VirtualFree
0x40f064 HeapCreate
0x40f068 HeapDestroy
0x40f06c GetFileType
0x40f070 GetStdHandle
0x40f074 SetHandleCount
0x40f088 GetModuleFileNameA
0x40f090 LCMapStringW
0x40f094 LCMapStringA
0x40f098 MultiByteToWideChar
0x40f09c GetProcAddress
0x40f0a0 HeapSize
0x40f0a4 IsBadReadPtr
0x40f0a8 IsBadCodePtr
0x40f0ac GetCPInfo
0x40f0b0 GetACP
0x40f0b4 GetOEMCP
0x40f0b8 LoadLibraryA
0x40f0bc GetStringTypeA
0x40f0c0 GetStringTypeW
0x40f0c4 GetLastError
0x40f0c8 CompareStringA
0x40f0cc CompareStringW
0x40f0d4 RaiseException
0x40f0d8 SetFilePointer
0x40f0dc FlushFileBuffers
0x40f0e0 CloseHandle
0x40f0e4 LoadLibraryExA
0x40f0e8 ReadFile
0x40f0f0 WideCharToMultiByte
0x40f0f8 GetSystemTime
0x40f0fc GetLocalTime
0x40f100 RtlUnwind
0x40f104 GetModuleHandleA
0x40f108 GetStartupInfoA
0x40f10c GetCommandLineA
0x40f110 GetVersion
0x40f114 ExitProcess
0x40f118 HeapFree
0x40f11c HeapReAlloc
0x40f120 HeapAlloc
0x40f124 TerminateProcess
0x40f128 GetCurrentProcess
0x40f12c SetStdHandle
Library USER32.dll:
0x40f134 DefWindowProcA
0x40f138 GetClientRect
0x40f13c InvalidateRect
0x40f140 DestroyWindow
0x40f144 BeginPaint
0x40f148 DrawTextA
0x40f14c EndPaint
0x40f150 PostQuitMessage
0x40f154 CreateWindowExA
0x40f158 LoadIconA
0x40f15c RegisterClassExA
0x40f160 LoadStringA
0x40f164 LoadAcceleratorsA
0x40f168 GetMessageA
0x40f170 TranslateMessage
0x40f174 DispatchMessageA
0x40f178 ShowWindow
0x40f17c GetSysColorBrush
0x40f180 GetSysColor
0x40f184 FillRect
0x40f188 ReleaseCapture
0x40f18c PtInRect
0x40f190 LoadCursorA
0x40f194 SetCursor
0x40f198 UpdateWindow
0x40f19c SetCapture
0x40f1a0 CheckRadioButton
0x40f1a4 SetDlgItemInt
0x40f1a8 GetSystemMenu
0x40f1ac AppendMenuA
0x40f1b0 SetMenuDefaultItem
0x40f1b4 GetDC
0x40f1b8 DrawEdge
0x40f1bc IsDlgButtonChecked
0x40f1c0 ReleaseDC
0x40f1c4 EndDialog
0x40f1c8 DialogBoxParamA
Library GDI32.dll:
0x40f000 RealizePalette
0x40f008 SelectPalette
0x40f00c StretchDIBits
0x40f010 BeginPath
0x40f014 MoveToEx
0x40f018 LineTo
0x40f01c EndPath
0x40f020 StrokeAndFillPath
0x40f024 CreateBrushIndirect
0x40f028 Ellipse
0x40f02c CreatePen
0x40f030 Rectangle
0x40f034 SetROP2
0x40f038 CreateSolidBrush
0x40f03c SelectObject
0x40f040 SetBkColor
0x40f044 DeleteObject
0x40f048 LPtoDP
0x40f04c GetPixel

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49198 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49199 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49197 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49191 203.208.41.66 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 55169 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60911 114.114.114.114 53
192.168.56.101 62191 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 54260 224.0.0.252 5355
192.168.56.101 56743 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=d90c67803868561c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619887701&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=d90c67803868561c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619887701&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619887461&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619887461&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=d90c67803868561c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619887701&mv=m 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=d90c67803868561c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619887701&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=0-6906
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.