SmartHawk

6.4

高危

63 个模型检测该样本为恶意！

重新分析

下载样本

88074ad5ef81ea04eff4d7992518f1e3c8070ef0798bd4eb41f652422b89bf11

dd2f2e1e09de8ab1b3f4e25202e6a01f.exe

分析耗时

91s

最近分析

文件大小

29.0KB

静态报毒动态报毒 100% 6PACAVCJX AGXY AHRUANEX AI SCORE=100 ATRAPS AUTOIT BARYS BLADABI BLADABINDI BMW@AIYQQ8L CLASSIC CONFIDENCE DBXZFJ DISFA DOTNETDL ELDORADO FAMVT FIGN HIGH CONFIDENCE KX@52G0Y5 LMGJ MALICIOUS PE NJRAT R + TROJ RATENJAY SCORE STATIC AI UNSAFE WSAH ZEMSILF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Backdoor:MSIL/Bladabindi.50320e6f	20190527	0.3.0.5
Baidu	MSIL.Backdoor.Bladabindi.a	20190318	1.0.0.2
Avast	MSIL:Agent-BXF [Trj]	20201229	21.1.5827.0
Kingsoft		20201229	2017.9.26.565
McAfee	Trojan-FIGN	20201229	6.0.6.653
Tencent	Msil.Trojan.Disfa.Wsah	20201229	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

Queries for the computername (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948419.093212 GetComputerNameW	computer_name: OSKAR-PC	success	1	0

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948412.999212 IsDebuggerPresent		failed	0	0

Command line console output was observed (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619957688.68625 WriteConsoleA	buffer: ÖØÒªÐÅÏ¢: ÒÑ³É¹¦Ö´ÐÐÃüÁî¡£ µ«²»ÔÞ³ÉÊ¹ÓÃ "netsh firewall"£» ¶øÓ¦¸ÃÊ¹ÓÃ "netsh advfirewall firewall"¡£ ÓÐ¹ØÊ¹ÓÃ "netsh advfirewall firewall" ÃüÁî ¶ø·Ç "netsh firewall" µÄÏêÏ¸ÐÅÏ¢£¬Çë²ÎÔÄ http://go.microsoft.com/fwlink/?linkid=121488 ÉÏµÄ KB ÎÄÕÂ 947709¡£ console_handle: 0x00000007	success	1	0
1619957688.70225 WriteConsoleA	buffer: È·¶¨¡£ console_handle: 0x00000007	success	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948419.202212 GlobalMemoryStatusEx		success	1	0

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)

suspicious_features

POST method with no referer header

suspicious_request

POST https://update.googleapis.com/service/update2?cup2key=10:3411729412&cup2hreq=97a8d449e55c628e4bafc5aef5ff5dc94fb2171d51e0fc6a77f038da85a99f1f

Connects to a Dynamic DNS Domain (1 个事件)

domain

windowsdefender.ddns.net

Performs some HTTP requests (4 个事件)

request	HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request	HEAD http://r1---sn-j5o76n7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.105&mm=28&mn=sn-j5o76n7e&ms=nvh&mt=1619928732&mv=m&mvi=1&pl=23&shardbypass=yes
request	HEAD http://r4---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=203d3cae97e83617&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619928732&mv=m
request	POST https://update.googleapis.com/service/update2?cup2key=10:3411729412&cup2hreq=97a8d449e55c628e4bafc5aef5ff5dc94fb2171d51e0fc6a77f038da85a99f1f

Sends data using the HTTP POST Method (1 个事件)

request

POST https://update.googleapis.com/service/update2?cup2key=10:3411729412&cup2hreq=97a8d449e55c628e4bafc5aef5ff5dc94fb2171d51e0fc6a77f038da85a99f1f

Allocates read-write-execute memory (usually to unpack itself) (27 个事件)

Time & API	Arguments	Status
1619948411.702212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 1507328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x009c0000	success
1619948411.702212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00af0000	success
1619948412.859212 NtProtectVirtualMemory	process_identifier: 3044 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x73f31000	success
1619948412.999212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003aa000	success
1619948412.999212 NtProtectVirtualMemory	process_identifier: 3044 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x73f32000	success
1619948412.999212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003a2000	success
1619948413.202212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003b2000	success
1619948413.312212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003b3000	success
1619948413.327212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003eb000	success
1619948413.327212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003e7000	success
1619948413.359212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003bc000	success
1619948413.671212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003b4000	success
1619948413.952212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003b5000	success
1619948413.952212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003b6000	success
1619948414.015212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00520000	success
1619948414.030212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003da000	success
1619948414.046212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003d2000	success
1619948414.327212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003e5000	success
1619948414.655212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003ba000	success
1619948415.968212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00521000	success
1619948416.046212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003ab000	success
1619948416.937212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003ca000	success
1619948416.937212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003c7000	success
1619948418.921212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x023a0000	success
1619948420.390212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x023a1000	success
1619948425.109212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003a3000	success
1619948425.124212 NtAllocateVirtualMemory	process_identifier: 3044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003bb000	success

A process attempted to delay the analysis task. (1 个事件)

description

dd2f2e1e09de8ab1b3f4e25202e6a01f.exe tried to sleep 146 seconds, actually delayed analysis time by 146 seconds

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948421.015212 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1	0

Uses Windows utilities for basic Windows functionality (1 个事件)

cmdline

netsh firewall add allowedprogram "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\dd2f2e1e09de8ab1b3f4e25202e6a01f.exe" "dd2f2e1e09de8ab1b3f4e25202e6a01f.exe" ENABLE

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Creates known Bladabindi mutexes (1 个事件)

mutex

5cd8f17f4086744065eb0992a09e05a2

File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 个事件)

Bkav	W32.FamVT.AhruanEX.Trojan
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.MSIL.Bladabindi.A184E833
FireEye	Generic.mg.dd2f2e1e09de8ab1
CAT-QuickHeal	Trojan.Bladabindi.B3
ALYac	Trojan.MSIL.Bladabindi
Cylance	Unsafe
Zillya	Trojan.Bladabindi.Win32.14971
SUPERAntiSpyware	Trojan.Agent/Gen-Barys
K7AntiVirus	Trojan ( 003ca8581 )
Alibaba	Backdoor:MSIL/Bladabindi.50320e6f
K7GW	Trojan ( 003ca8581 )
Cybereason	malicious.e09de8
Arcabit	Generic.MSIL.Bladabindi.A184E833
Baidu	MSIL.Backdoor.Bladabindi.a
Cyren	W32/MSIL_Bladabindi.A.gen!Eldorado
Symantec	Backdoor.Ratenjay
TotalDefense	Win32/DotNetDl.A!generic
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.B-468
Kaspersky	Trojan.MSIL.Disfa.bqh
BitDefender	Generic.MSIL.Bladabindi.A184E833
NANO-Antivirus	Trojan.Win32.Dwn.dbxzfj
ViRobot	Backdoor.Win32.Bladabindi.Gen.A
Avast	MSIL:Agent-BXF [Trj]
Rising	Backdoor.Njrat!1.9E49 (CLASSIC)
Ad-Aware	Generic.MSIL.Bladabindi.A184E833
Sophos	Mal/Generic-R + Troj/MSIL-HX
Comodo	TrojWare.MSIL.Bladabindi.KX@52g0y5
F-Secure	Trojan.TR/ATRAPS.Gen
DrWeb	BackDoor.Bladabindi.892
VIPRE	Trojan.MSIL.Bladabindi.agxy (v)
TrendMicro	BKDR_BLADABI.SMC
McAfee-GW-Edition	BehavesLike.Win32.Trojan.mm
MaxSecure	Trojan.MSIL.Agent.Rzr
Emsisoft	Generic.MSIL.Bladabindi.A184E833 (B)
Ikarus	Trojan.Msil
Jiangmin	TrojanDropper.Autoit.dce
Avira	TR/ATRAPS.Gen
Antiy-AVL	Trojan[Backdoor]/MSIL.Bladabindi.as
Microsoft	Backdoor:MSIL/Bladabindi.AJ
AegisLab	Trojan.Win32.Generic.lMGJ
ZoneAlarm	Trojan.MSIL.Disfa.bqh
GData	MSIL.Backdoor.Bladabindi.AV
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Bladabindi.C202658
Acronis	suspicious
McAfee	Trojan-FIGN
MAX	malware (ai score=100)

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-03-29 20:37:11

Imports

Library mscoree.dll:

• 0x402000 _CorExeMain

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
r4---sn-j5o76n7l.gvt1.com	A 58.63.233.69 CNAME r4.sn-j5o76n7l.gvt1.com	58.63.233.69
redirector.gvt1.com	A 203.208.41.65	203.208.41.65
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
clients2.google.com	CNAME clients.l.google.com A 172.217.27.142	172.217.27.142
r1---sn-j5o76n7e.gvt1.com	CNAME r1.sn-j5o76n7e.gvt1.com A 113.108.239.130	113.108.239.130
windowsdefender.ddns.net	A 0.0.0.0	0.0.0.0
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
update.googleapis.com	A 203.208.41.66	203.208.41.66
teredo.ipv6.microsoft.com		127.0.0.1

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49182	113.108.239.130 r1---sn-j5o76n7e.gvt1.com	80
192.168.56.101	49181	203.208.41.65 redirector.gvt1.com	80
192.168.56.101	49180	203.208.41.66 update.googleapis.com	443
192.168.56.101	49183	58.63.233.69 r4---sn-j5o76n7l.gvt1.com	80

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	50568	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900

HTTP & HTTPS Requests

URI	Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com
http://r4---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=203d3cae97e83617&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619928732&mv=m	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=203d3cae97e83617&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619928732&mv=m HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r4---sn-j5o76n7l.gvt1.com
http://r1---sn-j5o76n7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.105&mm=28&mn=sn-j5o76n7e&ms=nvh&mt=1619928732&mv=m&mvi=1&pl=23&shardbypass=yes	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.105&mm=28&mn=sn-j5o76n7e&ms=nvh&mt=1619928732&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r1---sn-j5o76n7e.gvt1.com

URI

Data

http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe

HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com

http://r4---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=203d3cae97e83617&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619928732&mv=m

HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=203d3cae97e83617&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619928732&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r4---sn-j5o76n7l.gvt1.com

http://r1---sn-j5o76n7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.105&mm=28&mn=sn-j5o76n7e&ms=nvh&mt=1619928732&mv=m&mvi=1&pl=23&shardbypass=yes

HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.105&mm=28&mn=sn-j5o76n7e&ms=nvh&mt=1619928732&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o76n7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.