11.6
0-day
59 个模型检测该样本为恶意!
重新分析
更多

445fe1d55349229d1f3c558e6b733d8142e19cb9beb7a68fda43f093b7001499

c78bce4c83456b10ed57a9034da3007b.exe

分析耗时

114s

最近分析

文件大小

64.0KB
静态报毒 动态报毒 AI SCORE=85 AIDETECTVM ATTRIBUTE BSCOPE CLASSIC CONFIDENCE DOWNLOADER34 ELDORADO EMOTET EPAZ EQ0@A0@GGPNJ EUFO FYZPM GENCIRC GENETIC GENKRYPTIK HFGH HIGH CONFIDENCE HIGHCONFIDENCE HPCRHC JNW74GIVRVI KCLOUD KRYPT KRYPTIK MALWARE1 MALWARE@#2SF0S730XIE4A QVM07 R + TROJ R346326 SCORE STATIC AI SUSPICIOUS PE THIAABO UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRI!C78BCE4C8345 20201211 6.0.6.653
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Alibaba Trojan:Win32/Emotet.5aafbebf 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.10cde54c 20201211 1.0.0.1
Kingsoft Win32.Hack.Undef.(kcloud) 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619908540.07275
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619908526.71275
CryptGenKey
crypto_handle: 0x004d0788
algorithm_identifier: 0x0000660e ()
provider_handle: 0x004d4700
flags: 1
key: f<xœ|6üåÔàÈrèß
success 1 0
1619908540.07275
CryptExportKey
crypto_handle: 0x004d0788
crypto_export_handle: 0x004d1bc8
buffer: f¤&Ð\ ö¼«»m Þø —ö !RÈ uÞÚ=ôlì™8c¿o…¬[ö«n¡Òߖ:‚“ɲêvÑ47'.1z!xÒî‹QÀé©òÓ±×,²Ðd¶Kø¬›DP
blob_type: 1
flags: 64
success 1 0
1619908567.19775
CryptExportKey
crypto_handle: 0x004d0788
crypto_export_handle: 0x004d1bc8
buffer: f¤ßhöúi‰¡´#õ„-·; -Û1 JC>³*k¢É­–.ÁôP ‘m´Š€â}ÑM3C|ÞÏI}—3L5ÙZÛC“,AÑ÷ȳIlâ½VÑ<"M'†‡é¢/Ç
blob_type: 1
flags: 64
success 1 0
1619908591.33775
CryptExportKey
crypto_handle: 0x004d0788
crypto_export_handle: 0x004d1bc8
buffer: f¤~ þ”ã40–þU¯Øa'è-BǁKû»ˆ15.Ç`r†ÏçÕé÷©ñyTN{“sö:Ø(€”ßoß¾Ng1Íʈ…5¼ûÿÇ6bàg„sÄÔ¿g²ù³ö®…©Ó„Â
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:1752162837&cup2hreq=de717501eb449295991b88e7b35411a99e724d4021c6da763f667942be428910
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619879538&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=99cde55f6eb41386&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619879298&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:1752162837&cup2hreq=de717501eb449295991b88e7b35411a99e724d4021c6da763f667942be428910
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1752162837&cup2hreq=de717501eb449295991b88e7b35411a99e724d4021c6da763f667942be428910
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619908521.056625
NtAllocateVirtualMemory
process_identifier: 152
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00530000
success 0 0
1619908579.948125
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000003e60000
success 0 0
1619908526.47875
NtAllocateVirtualMemory
process_identifier: 1812
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00490000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Foreign language identified in PE resource (3 个事件)
name RT_ICON language LANG_CHINESE offset 0x0000f4c8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000128
name RT_ICON language LANG_CHINESE offset 0x0000f4c8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000128
name RT_GROUP_ICON language LANG_CHINESE offset 0x0000f5f0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (11 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619908523.603625
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c78bce4c83456b10ed57a9034da3007b.exe
newfilepath: C:\Windows\SysWOW64\msvcr100_clr0400\spwinsat.exe
newfilepath_r: C:\Windows\SysWOW64\msvcr100_clr0400\spwinsat.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c78bce4c83456b10ed57a9034da3007b.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619908540.55675
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.77796948906129 section {'size_of_data': '0x00009000', 'virtual_address': '0x00006000', 'entropy': 7.77796948906129, 'name': '.data', 'virtual_size': '0x00008778'} description A section with a high entropy has been found
entropy 0.6 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process spwinsat.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619908540.24475
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
Uses Windows utilities for basic Windows functionality (1 个事件)
cmdline C:\Windows\SysWOW64\msvcr100_clr0400\spwinsat.exe
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 189.212.199.126
host 212.51.142.238
host 76.27.179.47
Installs itself for autorun at Windows startup (1 个事件)
service_name spwinsat service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\msvcr100_clr0400\spwinsat.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619908524.962625
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x02c3f330
display_name: spwinsat
error_control: 0
service_name: spwinsat
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\msvcr100_clr0400\spwinsat.exe"
filepath_r: "C:\Windows\SysWOW64\msvcr100_clr0400\spwinsat.exe"
service_manager_handle: 0x02c3f6a0
desired_access: 2
service_type: 16
password:
success 46396208 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619908543.10375
RegSetValueExA
key_handle: 0x0000038c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619908543.10375
RegSetValueExA
key_handle: 0x0000038c
value: ð0<¥>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619908543.10375
RegSetValueExA
key_handle: 0x0000038c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619908543.10375
RegSetValueExW
key_handle: 0x0000038c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619908543.10375
RegSetValueExA
key_handle: 0x000003a4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619908543.10375
RegSetValueExA
key_handle: 0x000003a4
value: ð0<¥>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619908543.10375
RegSetValueExA
key_handle: 0x000003a4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619908543.13475
RegSetValueExW
key_handle: 0x00000388
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\msvcr100_clr0400\spwinsat.exe:Zone.Identifier
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.EUFO
FireEye Generic.mg.c78bce4c83456b10
McAfee Emotet-FRI!C78BCE4C8345
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Multi.Generic.4!c
Sangfor Malware
K7AntiVirus Trojan ( 0056b6441 )
BitDefender Trojan.Agent.EUFO
K7GW Trojan ( 0056b6441 )
Cybereason malicious.9ac9d1
Cyren W32/Kryptik.BRQ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Backdoor.Win32.Emotet.vho
Alibaba Trojan:Win32/Emotet.5aafbebf
NANO-Antivirus Trojan.Win32.Emotet.hpcrhc
Tencent Malware.Win32.Gencirc.10cde54c
Ad-Aware Trojan.Agent.EUFO
Emsisoft Trojan.Emotet (A)
Comodo Malware@#2sf0s730xie4a
F-Secure Trojan.TR/Emotet.fyzpm
DrWeb Trojan.DownLoader34.9373
Zillya Backdoor.Emotet.Win32.659
TrendMicro TrojanSpy.Win32.EMOTET.THIAABO
McAfee-GW-Edition BehavesLike.Win32.Emotet.kh
Sophos Mal/Generic-R + Troj/Emotet-CKJ
Ikarus Trojan.Win32.Krypt
GData Trojan.Agent.EUFO
Jiangmin Backdoor.Emotet.oo
Avira TR/Emotet.fyzpm
MAX malware (ai score=85)
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Kingsoft Win32.Hack.Undef.(kcloud)
Gridinsoft Trojan.Win32.Emotet.oa!s1
Arcabit Trojan.Agent.EUFO
ZoneAlarm HEUR:Backdoor.Win32.Emotet.vho
Microsoft Trojan:Win32/Emotet.ARJ!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R346326
BitDefenderTheta Gen:NN.ZexaF.34670.eq0@a0@Ggpnj
ALYac Trojan.Agent.EUFO
TACHYON Backdoor/W32.Emotet.65536
VBA32 BScope.Trojan.Emotet
Malwarebytes Trojan.Emotet
Panda Trj/Genetic.gen
ESET-NOD32 a variant of Win32/Kryptik.HFGH
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (5 个事件)
dead_host 172.217.27.142:443
dead_host 172.217.24.14:443
dead_host 189.212.199.126:443
dead_host 76.27.179.47:80
dead_host 212.51.142.238:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-29 00:13:24

Imports

Library MFC42.DLL:
0x40402c
0x404030
0x404034
0x404038
0x40403c
0x404040
0x404044
0x404048
0x40404c
0x404050
0x404054
0x404058
0x40405c
0x404060
0x404064
0x404068
0x40406c
0x404070
0x404074
0x404078
0x40407c
0x404080
0x404084
0x404088
0x40408c
0x404090
0x404094
0x404098
0x40409c
0x4040a0
0x4040a4
0x4040a8
0x4040ac
0x4040b0
0x4040b4
0x4040b8
0x4040bc
0x4040c0
0x4040c4
0x4040c8
0x4040cc
0x4040d0
0x4040d4
0x4040d8
0x4040dc
0x4040e0
0x4040e4
0x4040e8
0x4040ec
0x4040f0
0x4040f4
0x4040f8
0x4040fc
0x404100
0x404104
0x404108
0x40410c
0x404110
0x404114
0x404118
0x40411c
0x404120
0x404124
0x404128
0x40412c
0x404130
0x404134
0x404138
0x40413c
0x404140
0x404144
0x404148
0x40414c
0x404150
0x404154
0x404158
0x40415c
0x404160
0x404164
0x404168
0x40416c
0x404170
0x404174
0x404178
0x40417c
0x404180
0x404184
0x404188
0x40418c
0x404190
0x404194
0x404198
0x40419c
0x4041a0
0x4041a4
0x4041a8
0x4041ac
0x4041b0
0x4041b4
0x4041b8
0x4041bc
0x4041c0
0x4041c4
0x4041c8
0x4041cc
0x4041d0
0x4041d4
0x4041d8
0x4041dc
0x4041e0
0x4041e4
0x4041e8
0x4041ec
0x4041f0
0x4041f4
Library MSVCRT.dll:
0x40421c __getmainargs
0x404220 _acmdln
0x404224 exit
0x404228 _XcptFilter
0x40422c _exit
0x404230 _controlfp
0x404234 __dllonexit
0x404238 sscanf
0x40423c toupper
0x404240 _setmbcp
0x404244 _except_handler3
0x404248 __set_app_type
0x40424c __p__fmode
0x404250 __p__commode
0x404254 _initterm
0x404258 _adjust_fdiv
0x40425c __setusermatherr
0x404260 _onexit
0x404264 __CxxFrameHandler
0x404268 atoi
Library KERNEL32.dll:
0x404008 GlobalUnlock
0x40400c LoadLibraryExA
0x404010 GetModuleHandleA
0x404014 GetStartupInfoA
0x404018 GlobalAlloc
0x40401c GlobalLock
0x404020 GetCurrentProcess
0x404024 GetProcAddress
Library USER32.dll:
0x404274 GetKeyState
0x404278 InsertMenuA
0x40427c CreatePopupMenu
0x404280 SetClipboardData
0x404284 RedrawWindow
0x404288 OpenClipboard
0x40428c GetClipboardData
0x404290 CloseClipboard
0x404294 EnableWindow
0x404298 IsIconic
0x40429c GetClientRect
0x4042a0 DrawIcon
0x4042a4 AppendMenuA
0x4042a8 SendMessageA
0x4042ac GetSystemMenu
0x4042b0 LoadIconA
0x4042b4 GetSystemMetrics
Library GDI32.dll:
0x404000 CreateSolidBrush
Library MSVCP60.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49197 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49198 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49196 203.208.41.33 redirector.gvt1.com 80
192.168.56.101 49192 203.208.41.66 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 54991 224.0.0.252 5355
192.168.56.101 55169 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=99cde55f6eb41386&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619879298&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=99cde55f6eb41386&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619879298&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619879538&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619879538&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.