9.6
极危
59 个模型检测该样本为恶意!
重新分析
更多

94c5bf5ba01bdb8b028fe00eca0d805b8150c3639ce9e3cf0b86670061d66196

c7ffeadc93bc438f991a7f7bd487df6f.exe

分析耗时

130s

最近分析

文件大小

101.5KB
静态报毒 动态报毒 100% A + MAL AGENTB AI SCORE=85 ANTIAV AVECMA AVECML AVEMARIA CLASSIC CLIPBANKER CONFIDENCE EMOGEN FAMVT FCNI GENETIC GHJPT HIGH CONFIDENCE HLKNTW IGENERIC INDT INVADER JIAD MALICIOUS PE MARIA MOCRT OLXJK8WKZIC R263895 REDCAP REMCOS SCORE SGENERIC SLLG STATIC AI TRNC UNSAFE VA@81MMKI WARZONERAT 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Agentb.e9a5e022 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
McAfee WarzoneRAT-FCNI!C7FFEADC93BC 20201229 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Command line console output was observed (3 个事件)
Time & API Arguments Status Return Repeated
1619918135.992626
WriteConsoleW
buffer: Microsoft Windows [版本 6.1.7601]
console_handle: 0x00000007
success 1 0
1619918135.992626
WriteConsoleW
buffer: 版权所有 (c) 2009 Microsoft Corporation。保留所有权利。
console_handle: 0x00000007
success 1 0
1619918136.008626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619918125.336874
GlobalMemoryStatusEx
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name WM_DSP
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:3816848581&cup2hreq=44b8588026ff305cd11e395cd28f5bd4f3aa637ca2981510d3b80f712d70f669
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619888901&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=54d898a4b2601e59&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619888901&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:3816848581&cup2hreq=44b8588026ff305cd11e395cd28f5bd4f3aa637ca2981510d3b80f712d70f669
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3816848581&cup2hreq=44b8588026ff305cd11e395cd28f5bd4f3aa637ca2981510d3b80f712d70f669
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619917739.448646
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004160000
success 0 0
1619918130.444999
NtAllocateVirtualMemory
process_identifier: 376
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02d10000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Foreign language identified in PE resource (1 个事件)
name WM_DSP language LANG_ENGLISH offset 0x0014c070 filetype PE32 executable (GUI) Intel 80386, for MS Windows sublanguage SUBLANG_ARABIC_QATAR size 0x00002c00
Creates a suspicious process (1 个事件)
cmdline C:\Windows\System32\cmd.exe
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619918135.600999
CreateProcessInternalW
thread_identifier: 2604
thread_handle: 0x000001c8
process_identifier: 2964
current_directory:
filepath: C:\Windows\System32\cmd.exe
track: 1
command_line:
filepath_r: C:\Windows\System32\cmd.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000001c0
inherit_handles: 0
success 1 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 185.19.85.155
Allocates execute permission to another process indicative of possible code injection (2 个事件)
Time & API Arguments Status Return Repeated
1619918136.600999
NtAllocateVirtualMemory
process_identifier: 2964
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001d0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x020e0000
success 0 0
1619918136.600999
NtProtectVirtualMemory
process_identifier: 2964
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001d0
base_address: 0x020e0000
success 0 0
Installs itself for autorun at Windows startup (1 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Images reg_value C:\ProgramData\images.exe
Potential code injection by writing to the memory of another process (2 个事件)
Time & API Arguments Status Return Repeated
1619918136.600999
WriteProcessMemory
process_identifier: 2964
buffer: U‹ì‹U‹E‹È…Òt ÆAƒêu÷]ÃU‹ìd¡0ƒì‹@ SVW‹x 駋G03ö‹_,‹?‰Eø‹B<‰}ô‹Dx‰Eð…À„…Áë3ɅÛt-‹}ø¾ÁÎ €<a‰Uø| ‹ÂƒÀàðëuøA;ËrߋUü‹}ô‹Eð‹L3ۋD ‰Mì…Ét<‹3ÿʃÀ‰Mø‹Ñ‰EèŠ ÁÏ ¾ÁøB„Éuñ‹Uü‰}ø‹Eø‹}ôÆ;Et ‹EèC;]ìrċW‰Uü…Ò…Kÿÿÿ3À_^[É‹uð‹D$X· ‹Dˆ‹ÂëÝU‹ìì¼‹ESVW‹XhLw&‰M ‰]¸èèþÿÿ‹ðÇEÄkern3ÀÇEÈel32ˆEЈEލEÄPÇEÌ.dllÇEàntdlÇEäl.dlfÇEèlÇEÔuserÇEØ32.dfÇEÜllfÇEø1fÇEü2ÿ֍EàPÿ֍EÔPÿÖhX¤SåèyþÿÿhyÌ?†‰EèlþÿÿhEƒV‰Eôè_þÿÿhDð5à‰EÀèRþÿÿhP‰E¤èEþÿÿhƖ‡R‰Eœè8þÿÿh_xTî‰Eðè+þÿÿhÚöÚO‰E˜èþÿÿ‹øhÆp‰}´èþÿÿh­ž_»‹ðèþÿÿh-W®[‰E¼èöýÿÿ‰E¬3ÀPh€jPPh€S‰E¨ÿ×j‰EìPÿ֋]‹ø‰}°jh0WjÿӋð…ötîjE¨PW‹}ìVWÿU¼WÿUð€>M‹]¸t jEøPPjÿUÀÆE hà.ÿU¤3À}ˆ«jDj«««…DÿÿÿPèTýÿÿƒÄ ÿu jhÿÿÿUœ‰E¼…ÀuOEˆP…DÿÿÿP3ÀPPPPPPPSÿUô…À…¯PPjPPh@S‰E¸ÿU´‹øjƒÿÿtE¸ë^EüPPjÿUÀ鄃eìMìQPÿU˜}ìtoEˆP…DÿÿÿP3ÀPPPPPPPSÿUô…ÀuOPPjPPh@S‰EÿU´‹øjƒÿÿt*EPÿu°VWÿU¬WÿUðEˆP…DÿÿÿP3ÀPPPPPPPSÿUôë EüPPjÿUÀÆE ÿu¼ÿUð€} „åþÿÿ_^[ÉÃÔ;dEñÝ
process_handle: 0x000001d0
base_address: 0x020e0000
success 1 0
1619918136.600999
WriteProcessMemory
process_identifier: 2964
buffer: xC:\ProgramData\images.exetñ>è€è ò> ò>P,w|,w¸9”Ù”ò>Ñ$€igÿÿÿÿÿ´ñ>˜ò>pø>à^‘wL³;®þÿÿÿ|,w 5wè
process_handle: 0x000001d0
base_address: 0x020f0000
success 1 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\ProgramData\images.exe:Zone.Identifier
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.FamVT.AvecML.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Dropped:Generic.Malware.SLlg.142B6B73
FireEye Generic.mg.c7ffeadc93bc438f
CAT-QuickHeal Trojan.IGENERIC
ALYac Dropped:Generic.Malware.SLlg.142B6B73
Cylance Unsafe
AegisLab Trojan.Win32.Agentb.trnC
Sangfor Malware
K7AntiVirus Trojan ( 0019d9b81 )
Alibaba Trojan:Win32/Agentb.e9a5e022
K7GW Trojan ( 0019d9b81 )
Cybereason malicious.c93bc4
Arcabit Generic.Malware.SLlg.142B6B73
Cyren W32/Antiav.INDT-0919
Symantec Backdoor.Avecma
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.AveMaria-8799014-1
Kaspersky Trojan.Win32.Agentb.jiad
BitDefender Dropped:Generic.Malware.SLlg.142B6B73
NANO-Antivirus Trojan.Win32.Invader.hlkntw
Avast Win32:Malware-gen
Ad-Aware Dropped:Generic.Malware.SLlg.142B6B73
TACHYON Trojan-Dropper/W32.ClipBanker.103936
Sophos ML/PE-A + Mal/Emogen-Y
Comodo TrojWare.Win32.AntiAV.VA@81mmki
F-Secure Trojan.TR/Redcap.ghjpt
DrWeb Trojan.PWS.Maria.3
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.MOCRT.SM
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch
Emsisoft Dropped:Generic.Malware.SLlg.142B6B73 (B)
Ikarus Trojan-Spy.Agent
Jiangmin Trojan.Agentb.eab
Avira TR/Redcap.ghjpt
eGambit Trojan.Generic
Antiy-AVL Trojan/Win32.SGeneric
Gridinsoft Trojan.Win32.Agent.vb!s1
Microsoft Backdoor:Win32/Remcos!MTB
ZoneAlarm Trojan.Win32.Agentb.jiad
GData Win32.Backdoor.AveMaria.A
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.AveMaria.R263895
McAfee WarzoneRAT-FCNI!C7FFEADC93BC
MAX malware (ai score=85)
VBA32 Trojan.Agentb
Malwarebytes Backdoor.AveMaria
ESET-NOD32 a variant of Win32/Agent.TJS
TrendMicro-HouseCall TrojanSpy.Win32.MOCRT.SM
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (6 个事件)
dead_host 172.217.160.110:443
dead_host 172.217.27.142:443
dead_host 172.217.24.14:443
dead_host 185.19.85.155:1997
dead_host 192.168.56.101:49189
dead_host 192.168.56.101:49188
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-03-11 20:14:59

Imports

Library KERNEL32.dll:
0x412088 TerminateThread
0x41208c CreateThread
0x412090 WriteFile
0x412094 CreateFileW
0x412098 LoadLibraryW
0x41209c GetLocalTime
0x4120a0 GetCurrentThreadId
0x4120a4 GetCurrentProcessId
0x4120a8 ReadFile
0x4120ac FindFirstFileA
0x4120b0 GetBinaryTypeW
0x4120b4 FindNextFileA
0x4120b8 GetFullPathNameA
0x4120bc GetTempPathW
0x4120c4 CreateFileA
0x4120c8 GlobalAlloc
0x4120d4 LocalFree
0x4120d8 GetFileSize
0x4120dc FreeLibrary
0x4120e0 SetDllDirectoryW
0x4120e4 WaitForSingleObject
0x4120e8 GetCurrentProcess
0x4120f0 CreatePipe
0x4120f4 PeekNamedPipe
0x4120f8 DuplicateHandle
0x4120fc SetEvent
0x412100 CreateProcessW
0x412104 CreateEventA
0x412108 GetModuleFileNameW
0x41210c LoadResource
0x412110 FindResourceW
0x412114 HeapFree
0x41211c LoadLibraryExW
0x412120 FindFirstFileW
0x412124 FindNextFileW
0x412128 SetFilePointer
0x412130 VirtualQuery
0x412134 CopyFileW
0x412138 GetDriveTypeW
0x41214c CreateMutexA
0x412150 ReleaseMutex
0x412154 TerminateProcess
0x412158 OpenProcess
0x412160 Process32NextW
0x412164 Process32FirstW
0x412168 CreateProcessA
0x41216c SizeofResource
0x412170 VirtualProtect
0x412174 GetSystemDirectoryW
0x412178 LockResource
0x412180 GetStartupInfoA
0x412184 Process32First
0x412188 WriteProcessMemory
0x41218c Process32Next
0x412194 VirtualProtectEx
0x412198 VirtualAllocEx
0x41219c CreateRemoteThread
0x4121a0 WinExec
0x4121a4 GetTempPathA
0x4121a8 GetCommandLineA
0x4121ac GetModuleHandleA
0x4121b0 ExitProcess
0x4121b4 GetProcAddress
0x4121b8 LoadLibraryA
0x4121bc GetProcessHeap
0x4121c0 HeapAlloc
0x4121c4 lstrcmpW
0x4121c8 GetTickCount
0x4121cc lstrcpyW
0x4121d0 WideCharToMultiByte
0x4121d4 HeapReAlloc
0x4121d8 VirtualAlloc
0x4121dc DeleteFileW
0x4121e0 lstrcpyA
0x4121e4 Sleep
0x4121e8 MultiByteToWideChar
0x4121ec lstrcatA
0x4121f0 lstrcmpA
0x4121f4 lstrlenA
0x4121fc lstrlenW
0x412200 CloseHandle
0x412204 lstrcatW
0x412208 VirtualFree
0x41220c GetLastError
0x412210 SetLastError
0x412214 GetModuleFileNameA
0x412218 CreateDirectoryW
0x41221c GetComputerNameW
0x412220 IsWow64Process
Library USER32.dll:
0x412284 MessageBoxA
0x412288 GetKeyState
0x41228c GetMessageA
0x412290 DispatchMessageA
0x412294 CreateWindowExW
0x412298 CallNextHookEx
0x41229c wsprintfW
0x4122a0 wsprintfA
0x4122a4 GetWindowTextW
0x4122a8 GetAsyncKeyState
0x4122ac RegisterClassW
0x4122b0 GetRawInputData
0x4122b4 GetKeyNameTextW
0x4122b8 DefWindowProcA
0x4122c0 TranslateMessage
0x4122c4 ToUnicode
0x4122c8 GetForegroundWindow
0x4122cc PostQuitMessage
0x4122d0 GetLastInputInfo
0x4122d4 MapVirtualKeyA
Library ADVAPI32.dll:
0x412004 RegDeleteKeyA
0x41200c RegEnumKeyExW
0x412010 RegOpenKeyExA
0x412014 RegOpenKeyExW
0x412018 RegQueryValueExW
0x41201c RegQueryInfoKeyW
0x412020 RegCloseKey
0x412024 OpenServiceW
0x41202c QueryServiceConfigW
0x412034 StartServiceW
0x412038 RegSetValueExW
0x41203c RegCreateKeyExA
0x412040 OpenSCManagerW
0x412044 CloseServiceHandle
0x412048 GetTokenInformation
0x41204c LookupAccountSidW
0x412050 FreeSid
0x412054 OpenProcessToken
0x412064 RegDeleteValueW
0x412068 RegSetValueExA
0x41206c RegCreateKeyExW
0x412070 RegDeleteKeyW
0x412074 RegQueryValueExA
Library SHELL32.dll:
0x412244 ShellExecuteW
0x412248 ShellExecuteExA
0x41224c ShellExecuteExW
0x412250
0x41225c SHGetFolderPathW
Library urlmon.dll:
0x412334 URLDownloadToFileW
Library WS2_32.dll:
0x4122dc send
0x4122e0 WSAStartup
0x4122e4 shutdown
0x4122e8 closesocket
0x4122ec WSACleanup
0x4122f0 InetNtopW
0x4122f4 gethostbyname
0x4122f8 inet_addr
0x4122fc getaddrinfo
0x412300 setsockopt
0x412304 freeaddrinfo
0x412308 htons
0x41230c recv
0x412310 connect
0x412314 socket
Library ole32.dll:
0x412320 CoUninitialize
0x412324 CoCreateInstance
0x412328 CoTaskMemFree
0x41232c CoInitialize
Library SHLWAPI.dll:
0x412264 StrStrA
0x412268 StrStrW
0x41226c PathFindExtensionW
0x412270 PathCombineA
0x412274 PathFindFileNameW
0x412278 PathFileExistsW
0x41227c PathRemoveFileSpecA
Library NETAPI32.dll:
0x412228 NetUserAdd
Library OLEAUT32.dll:
0x412234 VariantInit
Library CRYPT32.dll:
0x412080 CryptUnprotectData
Library PSAPI.DLL:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49194 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49195 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49191 203.208.40.98 update.googleapis.com 443
192.168.56.101 49193 203.208.41.65 redirector.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60911 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=54d898a4b2601e59&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619888901&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=54d898a4b2601e59&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619888901&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619888901&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619888901&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.