8.2
高危
51 个模型检测该样本为恶意!
重新分析
更多

a86c89f0dd8478ae150a61dcc8bdf1f34d790fc7c79beff1ee7da4f527c25354

df240aeb0b75422a40214fe9675361ba.exe

分析耗时

91s

最近分析

文件大小

546.8KB
静态报毒 动态报毒 100% A@7Y5GWX AI SCORE=78 AIDETECTVM BUNDLER BUNDLERCRTD CLASSIC CLICKMEIN CONFIDENCE COVUS DOWNGUIDE DOWNLOADERGUIDE DOWNLOADGUIDE ELDORADO FKFKJS FREEMIUM GRAYWARE HIGH CONFIDENCE MALICIOUS PE MALWARE1 MAUVAISE QVM10 R245289 SCORE TOOL UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Avast Win32:Freemium-A [PUP] 20200831 18.4.3895.0
Tencent 20200831 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200831 2013.8.14.323
McAfee PUP-FXK 20200831 6.0.6.653
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (3 个事件)
suspicious_features POST method with no referer header suspicious_request POST http://dlg-configs.buzzrin.de/config-from-production
suspicious_features POST method with no referer header suspicious_request POST http://dlg-messages.buzzrin.de/1/dg/3
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:170099421&cup2hreq=995a24769180779b3352a4c568eceb9dd170ae5dfade7c3c3a95733e8039e925
Performs some HTTP requests (7 个事件)
request HEAD http://dlg-configs.buzzrin.de/
request POST http://dlg-configs.buzzrin.de/config-from-production
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/freeware-de/1.0/default/campaigns/product+website/ui/freeware-de-flow-5-text-en-us.zip
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/freeware-de/1.0/default/campaigns/product+website/ui/last.zip
request POST http://dlg-messages.buzzrin.de/1/dg/3
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/freeware-de/1.0/default/campaigns/product+website/ui/progress.zip
request POST https://update.googleapis.com/service/update2?cup2key=10:170099421&cup2hreq=995a24769180779b3352a4c568eceb9dd170ae5dfade7c3c3a95733e8039e925
Sends data using the HTTP POST Method (3 个事件)
request POST http://dlg-configs.buzzrin.de/config-from-production
request POST http://dlg-messages.buzzrin.de/1/dg/3
request POST https://update.googleapis.com/service/update2?cup2key=10:170099421&cup2hreq=995a24769180779b3352a4c568eceb9dd170ae5dfade7c3c3a95733e8039e925
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1621009685.16025
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00380000
success 0 0
Steals private information from local Internet browsers (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbejacapfbbfcbonimhhmpdbbpjdoplf
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\abkbnecgnlechmpnacgefbkaadmflmkp
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DLG\ui\common\last\js\jquery-1.10.2.min.js
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1621009690.17625
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.29363915702178 section {'size_of_data': '0x00021c00', 'virtual_address': '0x0005a000', 'entropy': 7.29363915702178, 'name': '.rdata', 'virtual_size': '0x00021a50'} description A section with a high entropy has been found
entropy 0.2504638218923933 description Overall entropy of this PE file is high
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1621009688.87925
InternetOpenA
proxy_bypass:
access_type: 0
proxy_name:
flags: 268435456
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1621009689.31625
RegSetValueExA
key_handle: 0x00000354
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1621009692.72225
RegSetValueExA
key_handle: 0x00000418
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1621009692.72225
RegSetValueExA
key_handle: 0x00000418
value: ñÎ1ÂH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1621009692.72225
RegSetValueExA
key_handle: 0x00000418
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1621009692.72225
RegSetValueExW
key_handle: 0x00000418
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1621009692.72225
RegSetValueExA
key_handle: 0x0000042c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1621009692.72225
RegSetValueExA
key_handle: 0x0000042c
value: ñÎ1ÂH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1621009692.72225
RegSetValueExA
key_handle: 0x0000042c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1621009692.75425
RegSetValueExW
key_handle: 0x00000414
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1621009695.80125
RegSetValueExA
key_handle: 0x00000290
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1621009696.12925
RegSetValueExA
key_handle: 0x00000290
value: €›¤3ÂH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1621009696.12925
RegSetValueExA
key_handle: 0x00000290
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1621009696.12925
RegSetValueExW
key_handle: 0x00000290
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1621009696.12925
RegSetValueExA
key_handle: 0x00000294
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1621009696.12925
RegSetValueExA
key_handle: 0x00000294
value: €›¤3ÂH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1621009696.12925
RegSetValueExA
key_handle: 0x00000294
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Generates some ICMP traffic
File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Adware.ClickMeIn.9588
MicroWorld-eScan Application.Bundler.DownloadGuide.KE
FireEye Generic.mg.df240aeb0b75422a
CAT-QuickHeal Trojan.Mauvaise.SL1
Qihoo-360 HEUR/QVM10.1.9F7B.Malware.Gen
Zillya Tool.BundlerCRTD.Win32.12429
SUPERAntiSpyware Adware.Downloader/Variant
Sangfor Malware
K7AntiVirus Adware ( 004c6a4a1 )
K7GW Adware ( 004c6a4a1 )
Cybereason malicious.b0b754
Arcabit Application.Bundler.DownloadGuide.KE
Invincea heuristic
Cyren W32/S-58b25de1!Eldorado
Symantec PUA.Downloader
TrendMicro-HouseCall PUA.Win32.DownGuide.SM
ClamAV Win.Malware.Downloadguide-6803841-0
Kaspersky not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen
BitDefender Application.Bundler.DownloadGuide.KE
NANO-Antivirus Riskware.Win32.Covus.fkfkjs
Avast Win32:Freemium-A [PUP]
Ad-Aware Application.Bundler.DownloadGuide.KE
Comodo Application.Win32.DownloadGuide.A@7y5gwx
VIPRE Trojan.Win32.Generic!BT
TrendMicro PUA.Win32.DownGuide.SM
Sophos DownloadGuide (PUA)
Ikarus PUA.DownloadGuide
Jiangmin Downloader.DownloaderGuide.aqk
Webroot Pua.Freemium
Antiy-AVL GrayWare/Win32.Eldorado.e
Microsoft PUA:Win32/DownloadGuide
ZoneAlarm not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen
GData Win32.Application.DownloadGuide.T
Cynet Malicious (score: 100)
AhnLab-V3 PUP/Win32.DownloadGuide.R245289
Acronis suspicious
McAfee PUP-FXK
MAX malware (ai score=78)
VBA32 Downloader.DownloaderGuide
Malwarebytes PUP.Optional.Freemium
APEX Malicious
ESET-NOD32 a variant of Win32/DownloadGuide.D potentially unwanted
Rising Adware.DownloadGuide!1.A1DB (CLASSIC)
Yandex PUA.Downloader!
SentinelOne DFI - Malicious PE
eGambit Unsafe.AI_Score_100%
Fortinet Riskware/DownloaderGuide
AVG Win32:Freemium-A [PUP]
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-11-16 13:03:04

Imports

Library KERNEL32.dll:
0x45a05c LocalAlloc
0x45a060 LoadLibraryA
0x45a064 CreateEventW
0x45a068 WaitForSingleObject
0x45a06c SetFilePointer
0x45a070 SetFilePointerEx
0x45a074 SetEndOfFile
0x45a078 GetFileSize
0x45a07c ReadFile
0x45a084 GetCurrentProcessId
0x45a088 GetTempFileNameW
0x45a08c GetTickCount
0x45a094 MapViewOfFile
0x45a098 HeapFree
0x45a09c FindClose
0x45a0a0 GetFullPathNameW
0x45a0a4 FindFirstFileW
0x45a0a8 FindNextFileW
0x45a0ac DebugBreak
0x45a0b0 OutputDebugStringW
0x45a0b4 lstrlenA
0x45a0b8 LoadLibraryW
0x45a0bc MulDiv
0x45a0c0 lstrcmpW
0x45a0c4 GlobalUnlock
0x45a0c8 GlobalLock
0x45a0cc GlobalAlloc
0x45a0d0 FlushFileBuffers
0x45a0d4 CloseHandle
0x45a0d8 CreateFileW
0x45a0dc WriteConsoleW
0x45a0e0 SetStdHandle
0x45a0e4 LCMapStringW
0x45a0e8 GetConsoleMode
0x45a0ec GetConsoleCP
0x45a0f4 RtlUnwind
0x45a0fc GetFileType
0x45a100 SetHandleCount
0x45a10c GetStringTypeW
0x45a110 IsValidCodePage
0x45a114 GetOEMCP
0x45a118 GetACP
0x45a11c GetCPInfo
0x45a120 TlsFree
0x45a124 TlsSetValue
0x45a128 TlsGetValue
0x45a12c TlsAlloc
0x45a130 GetStdHandle
0x45a134 WriteFile
0x45a138 HeapReAlloc
0x45a13c HeapCreate
0x45a140 ExitProcess
0x45a144 HeapSize
0x45a148 Sleep
0x45a14c IsDebuggerPresent
0x45a158 TerminateProcess
0x45a15c GetStartupInfoW
0x45a160 HeapSetInformation
0x45a164 GetCommandLineW
0x45a168 DecodePointer
0x45a16c EncodePointer
0x45a174 VirtualAlloc
0x45a178 VirtualFree
0x45a180 HeapAlloc
0x45a184 GetProcessHeap
0x45a190 lstrlenW
0x45a194 GetModuleFileNameW
0x45a198 LoadLibraryExW
0x45a19c FindResourceW
0x45a1a0 LoadResource
0x45a1a4 SizeofResource
0x45a1a8 MultiByteToWideChar
0x45a1ac lstrcmpiW
0x45a1b0 FreeLibrary
0x45a1b4 SetLastError
0x45a1b8 GetLastError
0x45a1bc RaiseException
0x45a1c0 GetCurrentThreadId
0x45a1c8 GetCurrentProcess
0x45a1cc GetModuleHandleW
0x45a1d0 GetProcAddress
0x45a1dc WideCharToMultiByte
Library USER32.dll:
0x45a244 DestroyWindow
0x45a248 LoadCursorW
0x45a24c CreateWindowExW
0x45a250 RegisterClassExW
0x45a254 SetTimer
0x45a258 KillTimer
0x45a25c DefWindowProcW
0x45a260 GetWindowLongW
0x45a264 GetClassInfoExW
0x45a268 SetWindowLongW
0x45a26c CallWindowProcW
0x45a274 BeginPaint
0x45a278 FillRect
0x45a27c EndPaint
0x45a280 IsChild
0x45a284 SetFocus
0x45a288 GetDlgItem
0x45a28c GetClassNameW
0x45a290 GetSysColor
0x45a294 RedrawWindow
0x45a29c InvalidateRect
0x45a2a0 GetDesktopWindow
0x45a2a4 GetFocus
0x45a2a8 UpdateWindow
0x45a2ac SetWindowTextW
0x45a2b0 GetWindowTextW
0x45a2b8 ClientToScreen
0x45a2bc ReleaseDC
0x45a2c0 GetDC
0x45a2c4 PostMessageW
0x45a2c8 ShowWindow
0x45a2cc IsWindowVisible
0x45a2d0 GetWindow
0x45a2d4 MonitorFromWindow
0x45a2d8 GetMonitorInfoW
0x45a2dc GetParent
0x45a2e0 GetClientRect
0x45a2e4 MapWindowPoints
0x45a2e8 SetWindowPos
0x45a2ec MoveWindow
0x45a2f0 GetWindowRect
0x45a2f4 IsWindow
0x45a2f8 SendMessageW
0x45a2fc LoadImageW
0x45a300 LoadIconW
0x45a304 PeekMessageW
0x45a308 GetMessageW
0x45a30c TranslateMessage
0x45a310 DispatchMessageW
0x45a314 CharNextW
0x45a318 UnregisterClassA
Library GDI32.dll:
0x45a034 CreateSolidBrush
0x45a038 GetStockObject
0x45a03c GetDeviceCaps
0x45a040 GetObjectW
0x45a044 SelectObject
0x45a048 DeleteDC
0x45a04c DeleteObject
0x45a050 CreateCompatibleDC
Library COMDLG32.dll:
0x45a028 GetSaveFileNameW
0x45a02c GetOpenFileNameW
Library ADVAPI32.dll:
0x45a000 RegQueryInfoKeyW
0x45a004 RegDeleteKeyW
0x45a008 RegDeleteValueW
0x45a00c RegEnumKeyExW
0x45a010 RegSetValueExW
0x45a014 RegQueryValueExW
0x45a018 RegCreateKeyExW
0x45a01c RegOpenKeyExW
0x45a020 RegCloseKey
Library SHELL32.dll:
0x45a22c Shell_NotifyIconW
0x45a230 CommandLineToArgvW
0x45a234 DoEnvironmentSubstW
Library ole32.dll:
0x45a320 OleInitialize
0x45a328 OleLockRunning
0x45a32c OleUninitialize
0x45a330 CoTaskMemAlloc
0x45a334 CoTaskMemRealloc
0x45a338 CoTaskMemFree
0x45a33c CoCreateInstance
Library OLEAUT32.dll:
0x45a1ec SysAllocString
0x45a1f0 VariantChangeType
0x45a1f4 VariantClear
0x45a1fc DispCallFunc
0x45a200 VarBstrCat
0x45a204 SysStringByteLen
0x45a20c LoadTypeLib
0x45a210 LoadRegTypeLib
0x45a214 VarUI4FromStr
0x45a218 SysStringLen
0x45a21c SysFreeString
0x45a220 VariantInit
0x45a224 VariantCopy
Library SHLWAPI.dll:
0x45a23c PathFileExistsW

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49175 104.41.149.192 dlg-configs.buzzrin.de 80
192.168.56.101 49176 104.41.149.192 dlg-configs.buzzrin.de 80
192.168.56.101 49179 104.45.146.238 dlg-messages.buzzrin.de 80
192.168.56.101 49180 104.45.146.238 dlg-messages.buzzrin.de 80
192.168.56.101 49181 104.45.146.238 dlg-messages.buzzrin.de 80
192.168.56.101 49177 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49178 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49183 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49185 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://dlg-messages.buzzrin.de/1/dg/3 
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-messages.buzzrin.de
Content-Length: 414
Connection: Close

{"BuildId":"1440a500-7459-4090-bc33-b23013ef185c","Client":"freemium","DlgVersion":"3.1.0.201","Culture":"zh-CN","LocalTime":"2021-05-14T13:08:21+08:00","SessionId":"5bb83853-ef8f-48b8-bcdc-4d0be2a3dc68","MessageName":"RequirementsCheckStarted","Product":"freeware-de","ProductVersion":"1.0","Region":"default","Campaign":"product+website","Offer":"freemium/weather+hub/1.0/default","TrackBackUrl":"","SubId":null}
http://dlg-messages.buzzrin.de/1/dg/3 
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-messages.buzzrin.de
Content-Length: 417
Connection: Close

{"BuildId":"1440a500-7459-4090-bc33-b23013ef185c","Client":"freemium","DlgVersion":"3.1.0.201","Culture":"zh-CN","LocalTime":"2021-05-14T13:08:21+08:00","SessionId":"5bb83853-ef8f-48b8-bcdc-4d0be2a3dc68","MessageName":"RequirementsCheckSuccessful","Product":"freeware-de","ProductVersion":"1.0","Region":"default","Campaign":"product+website","Offer":"freemium/weather+hub/1.0/default","TrackBackUrl":"","SubId":null}
http://az687722.vo.msecnd.net/public-source/downloadguide/freeware-de/1.0/default/campaigns/product+website/ui/last.zip 
GET /public-source/downloadguide/freeware-de/1.0/default/campaigns/product+website/ui/last.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close
http://dlg-messages.buzzrin.de/1/dg/3 
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-messages.buzzrin.de
Content-Length: 376
Connection: Close

{"BuildId":"1440a500-7459-4090-bc33-b23013ef185c","Client":"freemium","DlgVersion":"3.1.0.201","Culture":"zh-CN","LocalTime":"2021-05-14T13:08:21+08:00","SessionId":"5bb83853-ef8f-48b8-bcdc-4d0be2a3dc68","MessageName":"ApplicationStarted","Product":"freeware-de","ProductVersion":"1.0","Region":"default","Campaign":"product+website","Offer":"","TrackBackUrl":"","SubId":null}
http://az687722.vo.msecnd.net/public-source/downloadguide/freeware-de/1.0/default/campaigns/product+website/ui/freeware-de-flow-5-text-en-us.zip 
GET /public-source/downloadguide/freeware-de/1.0/default/campaigns/product+website/ui/freeware-de-flow-5-text-en-us.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close
http://az687722.vo.msecnd.net/public-source/downloadguide/freeware-de/1.0/default/campaigns/product+website/ui/progress.zip 
GET /public-source/downloadguide/freeware-de/1.0/default/campaigns/product+website/ui/progress.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close
http://dlg-configs.buzzrin.de/ 
HEAD / HTTP/1.1
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-configs.buzzrin.de
Content-Length: 0
Cache-Control: no-cache
http://dlg-configs.buzzrin.de/config-from-production 
POST /config-from-production HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-configs.buzzrin.de
Content-Length: 217
Connection: Close

{"os":"WinNT","osver":"6.1.7601 (Service Pack 1) SP: 1.0","lang":"zh-CN","uid":"f86f21bc-e5d8-4e58-9fce-2ae2b7f127ee","prod":"freeware-de/1.0/campaigns/product+website/","expiresOn":"2119-03-09T09:34:21.465749+00:00"}

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.