10.4
0-day
49 个模型检测该样本为恶意!
重新分析
更多

e62fb19ced2bfbff0a60c25dbb248c8574d952ee9ef06cc8760917210bd988b9

e17428256fa8875db56f186d2a81e9d6.exe

分析耗时

106s

最近分析

文件大小

268.1KB
静态报毒 动态报毒 100% 1NF0C60 5D54D80UGXE AI SCORE=84 AIDETECTVM ATTRIBUTE CJQN CONFIDENCE ELDORADO EMOTET GENCIRC GENERICKD GENETIC GENOME HCEJ HIGHCONFIDENCE HRVUQO KRYPTIK MALICIOUS MALWARE1 R + TROJ R06CC0DHL20 R348890 SCORE SUSGEN UNSAFE WACATAC WEYGS@0 Y2EGQCUH3QE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200915 6.0.6.653
Baidu 20190318 1.0.0.2
Alibaba Trojan:Win32/Emotet.db10f6b7 20190527 0.3.0.5
Avast Win32:Trojan-gen 20200918 18.4.3895.0
Kingsoft 20200918 2013.8.14.323
Tencent Malware.Win32.Gencirc.10cdead6 20200918 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619987576.639125
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (6 个事件)
Time & API Arguments Status Return Repeated
1619987563.701125
CryptGenKey
crypto_handle: 0x008a51c8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x008a46e0
flags: 1
key: fe%” ?@ëö¢½3Æ]Ìà†
success 1 0
1619987576.654125
CryptExportKey
crypto_handle: 0x008a51c8
crypto_export_handle: 0x008a5070
buffer: f¤Mµ_+»’—ˏ¬oEƒëþÆôÂRïq¬¿‡‚JãVBqÆD-ى/ ²2G)ƒÛÌ«*`>ÙÒ·Öf>F¿y¸Jâ×·JW“E¶ëÃ#R?CËh&€Ì4jpÁW«•}t
blob_type: 1
flags: 64
success 1 0
1619987604.389125
CryptExportKey
crypto_handle: 0x008a51c8
crypto_export_handle: 0x008a5070
buffer: f¤ßé¨QÍ8ŠqM‘ Ù»62,Ýr±ÿ_Ýj+]áh7ÇÌÀz)†ËÖ8¥ÉóU®¨ª¨29FµáHdò… TÞ<£ÀÖÑpcÃZ&ûÚv!tœšÅ
blob_type: 1
flags: 64
success 1 0
1619987609.826125
CryptExportKey
crypto_handle: 0x008a51c8
crypto_export_handle: 0x008a5070
buffer: f¤Zd×é‚Õÿ ÄO'¬…CÿmÃðCÄß ‚ÁáüÙ*|±iþö™Z%îàáËRg¼S­Ê2ŸÈ7p§‹¸ä¸N¿òæSG’€ZA¾<xŒpF@Ô|žÓ@uÏɁ}r
blob_type: 1
flags: 64
success 1 0
1619987613.998125
CryptExportKey
crypto_handle: 0x008a51c8
crypto_export_handle: 0x008a5070
buffer: f¤<|ïnE€SM¹)(sQÕ…N·ŠÝ=Ç -]d;°Žw8쩁KD=Z©¥å]-µŸ7'3É©ÚÑ¿Ð3©m_ÿ;uŸ§ò•õá¬KÙbZZ»ð Œˆ Ùñƒ.@Y
blob_type: 1
flags: 64
success 1 0
1619987617.826125
CryptExportKey
crypto_handle: 0x008a51c8
crypto_export_handle: 0x008a5070
buffer: f¤ŽŽ€´È„–K;UT/൧èÝëŒ[(i^¡±(:p°÷ëwZhz ÕqP<Ò¡c„k›¾Â»_±þÚÈ'½íŠtýò/区dÅûÚ¬ “-Cᛡv »J¨
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:1932964215&cup2hreq=1ed411acfd553572c0470c4e26d3ee500d1ae41d26a0040d40df5b48fdb6e858
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619958493&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=7062baed31916a0&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619958493&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:1932964215&cup2hreq=1ed411acfd553572c0470c4e26d3ee500d1ae41d26a0040d40df5b48fdb6e858
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1932964215&cup2hreq=1ed411acfd553572c0470c4e26d3ee500d1ae41d26a0040d40df5b48fdb6e858
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619987558.65425
NtAllocateVirtualMemory
process_identifier: 708
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02100000
success 0 0
1619987617.856625
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004080000
success 0 0
1619987563.373125
NtAllocateVirtualMemory
process_identifier: 2856
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x021e0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (3 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619987559.35725
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e17428256fa8875db56f186d2a81e9d6.exe
newfilepath: C:\Windows\SysWOW64\dbnetlib\wimserv.exe
newfilepath_r: C:\Windows\SysWOW64\dbnetlib\wimserv.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e17428256fa8875db56f186d2a81e9d6.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619987577.873125
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process wimserv.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619987577.139125
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (6 个事件)
host 172.217.24.14
host 173.94.215.84
host 178.128.14.92
host 181.126.54.234
host 60.125.114.64
host 85.25.207.108
Installs itself for autorun at Windows startup (1 个事件)
service_name wimserv service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\dbnetlib\wimserv.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619987560.90425
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x035f84e8
display_name: wimserv
error_control: 0
service_name: wimserv
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\dbnetlib\wimserv.exe"
filepath_r: "C:\Windows\SysWOW64\dbnetlib\wimserv.exe"
service_manager_handle: 0x035de358
desired_access: 2
service_type: 16
password:
success 56591592 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619987580.467125
RegSetValueExA
key_handle: 0x000003a0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619987580.467125
RegSetValueExA
key_handle: 0x000003a0
value: )µ_„?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619987580.467125
RegSetValueExA
key_handle: 0x000003a0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619987580.467125
RegSetValueExW
key_handle: 0x000003a0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619987580.467125
RegSetValueExA
key_handle: 0x000003b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619987580.467125
RegSetValueExA
key_handle: 0x000003b8
value: )µ_„?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619987580.467125
RegSetValueExA
key_handle: 0x000003b8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619987580.482125
RegSetValueExW
key_handle: 0x0000039c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\dbnetlib\wimserv.exe:Zone.Identifier
File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 个事件)
Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Trojan.GenericKD.34393151
FireEye Generic.mg.e17428256fa8875d
Cylance Unsafe
Zillya Trojan.Emotet.Win32.24750
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Trojan.GenericKD.34393151
K7GW Riskware ( 0040eff71 )
Invincea Mal/Generic-R + Troj/Emotet-CLL
Cyren W32/Emotet.AQM.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky Backdoor.Win32.Emotet.cjqn
Alibaba Trojan:Win32/Emotet.db10f6b7
NANO-Antivirus Trojan.Win32.Emotet.hrvuqo
AegisLab Trojan.Win32.Emotet.L!c
Avast Win32:Trojan-gen
Rising Trojan.Kryptik!8.8 (TFE:5:5d54d80ugxE)
Ad-Aware Trojan.GenericKD.34393151
Comodo TrojWare.Win32.Genome.weygs@0
DrWeb Trojan.Emotet.999
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06CC0DHL20
Sophos Troj/Emotet-CLL
Jiangmin Backdoor.Emotet.sf
MAX malware (ai score=84)
Antiy-AVL Trojan/Win32.Emotet
Microsoft Trojan:Win32/Emotet!MSR
ViRobot Trojan.Win32.Emotet.274432
ZoneAlarm Backdoor.Win32.Emotet.cjqn
GData Win32.Trojan.PSE.1NF0C60
AhnLab-V3 Trojan/Win32.Emotet.R348890
VBA32 Trojan.Wacatac
ALYac Trojan.Agent.Emotet
TACHYON Trojan/W32.Agent.274541.B
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall TROJ_GEN.R06CC0DHL20
Tencent Malware.Win32.Gencirc.10cdead6
Yandex Trojan.Agent!y2EgqcuH3qE
Ikarus Trojan-Banker.Emotet
Fortinet W32/Kryptik.HCEJ!tr
MaxSecure Trojan.Malware.105527958.susgen
AVG Win32:Trojan-gen
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Backdoor.0ed
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (11 个事件)
dead_host 181.126.54.234:80
dead_host 60.125.114.64:443
dead_host 173.94.215.84:80
dead_host 172.217.24.14:443
dead_host 178.128.14.92:8080
dead_host 192.168.56.101:49183
dead_host 192.168.56.101:49187
dead_host 85.25.207.108:8080
dead_host 192.168.56.101:49186
dead_host 172.217.160.78:443
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-20 05:07:11

Imports

Library VERSION.dll:
0x417038 GetFileVersionInfoA
0x41703c VerQueryValueA
Library MFC42.DLL:
0x4169ac
0x4169b0
0x4169b4
0x4169b8
0x4169bc
0x4169c0
0x4169c4
0x4169c8
0x4169cc
0x4169d0
0x4169d4
0x4169d8
0x4169dc
0x4169e0
0x4169e4
0x4169e8
0x4169ec
0x4169f0
0x4169f4
0x4169f8
0x4169fc
0x416a00
0x416a04
0x416a08
0x416a0c
0x416a10
0x416a14
0x416a18
0x416a1c
0x416a20
0x416a24
0x416a28
0x416a2c
0x416a30
0x416a34
0x416a38
0x416a3c
0x416a40
0x416a44
0x416a48
0x416a4c
0x416a50
0x416a54
0x416a58
0x416a5c
0x416a60
0x416a64
0x416a68
0x416a6c
0x416a70
0x416a74
0x416a78
0x416a7c
0x416a80
0x416a84
0x416a88
0x416a8c
0x416a90
0x416a94
0x416a98
0x416a9c
0x416aa0
0x416aa4
0x416aa8
0x416aac
0x416ab0
0x416ab4
0x416ab8
0x416abc
0x416ac0
0x416ac4
0x416ac8
0x416acc
0x416ad0
0x416ad4
0x416ad8
0x416adc
0x416ae0
0x416ae4
0x416ae8
0x416aec
0x416af0
0x416af4
0x416af8
0x416afc
0x416b00
0x416b04
0x416b08
0x416b0c
0x416b10
0x416b14
0x416b18
0x416b1c
0x416b20
0x416b24
0x416b28
0x416b2c
0x416b30
0x416b34
0x416b38
0x416b3c
0x416b40
0x416b44
0x416b48
0x416b4c
0x416b50
0x416b54
0x416b58
0x416b5c
0x416b60
0x416b64
0x416b68
0x416b6c
0x416b70
0x416b74
0x416b78
0x416b7c
0x416b80
0x416b84
0x416b88
0x416b8c
0x416b90
0x416b94
0x416b98
0x416b9c
0x416ba0
0x416ba4
0x416ba8
0x416bac
0x416bb0
0x416bb4
0x416bb8
0x416bbc
0x416bc0
0x416bc4
0x416bc8
0x416bcc
0x416bd0
0x416bd4
0x416bd8
0x416bdc
0x416be0
0x416be4
0x416be8
0x416bec
0x416bf0
0x416bf4
0x416bf8
0x416bfc
0x416c00
0x416c04
0x416c08
0x416c0c
0x416c10
0x416c14
0x416c18
0x416c1c
0x416c20
0x416c24
0x416c28
0x416c2c
0x416c30
0x416c34
0x416c38
0x416c3c
0x416c40
0x416c44
0x416c48
0x416c4c
0x416c50
0x416c54
0x416c58
0x416c5c
0x416c60
0x416c64
0x416c68
0x416c6c
0x416c70
0x416c74
0x416c78
0x416c7c
0x416c80
0x416c84
0x416c88
0x416c8c
0x416c90
0x416c94
0x416c98
0x416c9c
0x416ca0
0x416ca4
0x416ca8
0x416cac
0x416cb0
0x416cb4
0x416cb8
0x416cbc
0x416cc0
0x416cc4
0x416cc8
0x416ccc
0x416cd0
0x416cd4
0x416cd8
0x416cdc
0x416ce0
0x416ce4
0x416ce8
0x416cec
0x416cf0
0x416cf4
0x416cf8
0x416cfc
0x416d00
0x416d04
0x416d08
0x416d0c
0x416d10
0x416d14
0x416d18
0x416d1c
0x416d20
0x416d24
0x416d28
0x416d2c
0x416d30
0x416d34
0x416d38
0x416d3c
0x416d40
0x416d44
0x416d48
0x416d4c
0x416d50
0x416d54
Library MSVCRT.dll:
0x416e7c __p__commode
0x416e80 _adjust_fdiv
0x416e84 __setusermatherr
0x416e88 _initterm
0x416e8c __getmainargs
0x416e90 __p__fmode
0x416e94 exit
0x416e98 _XcptFilter
0x416e9c _exit
0x416ea4 _onexit
0x416ea8 __set_app_type
0x416eac _controlfp
0x416eb0 _acmdln
0x416eb4 _setmbcp
0x416eb8 __CxxFrameHandler
0x416ebc memcpy
0x416ec0 memset
0x416ec4 _wcslwr
0x416ec8 malloc
0x416ecc _mbscmp
0x416ed0 _mbsicmp
0x416ed4 abs
0x416ed8 _splitpath
0x416edc __dllonexit
0x416ee0 _except_handler3
Library KERNEL32.dll:
0x416948 GetStartupInfoA
0x41694c DeleteFileA
0x416950 lstrcatA
0x416954 CreateDirectoryA
0x416958 MultiByteToWideChar
0x41695c LoadLibraryA
0x416960 GetProcAddress
0x416964 GetModuleFileNameA
0x416968 MulDiv
0x41696c GetModuleHandleA
0x416970 lstrcpyA
0x416974 ExitProcess
Library USER32.dll:
0x416f58 GetWindow
0x416f5c PostMessageA
0x416f60 IsWindow
0x416f64 InvalidateRect
0x416f68 RedrawWindow
0x416f6c DrawTextExA
0x416f70 GetSysColor
0x416f74 GetCursorPos
0x416f78 PtInRect
0x416f7c InflateRect
0x416f80 LoadMenuA
0x416f84 ScreenToClient
0x416f88 KillTimer
0x416f8c GetParent
0x416f90 SetTimer
0x416f94 GetSysColorBrush
0x416f98 LoadCursorA
0x416f9c SetCursor
0x416fa0 GetSubMenu
0x416fa4 GetMenuItemID
0x416fa8 GetMenuItemCount
0x416fac OffsetRect
0x416fb0 UnregisterHotKey
0x416fb4 GetWindowRect
0x416fb8 LoadIconA
0x416fbc RegisterHotKey
0x416fc0 SendMessageA
0x416fc4 SetForegroundWindow
0x416fc8 GetClientRect
0x416fcc WinHelpA
0x416fd0 GetMenu
0x416fd4 IsWindowVisible
0x416fd8 GetDlgItem
0x416fdc EnumWindows
0x416fe0 EnableWindow
0x416fe4 wsprintfA
0x416fe8 GetForegroundWindow
Library GDI32.dll:
0x4168f4 GetObjectA
0x4168f8 GetStockObject
0x416900 BitBlt
0x416904 Polygon
0x416908 CreateCompatibleDC
0x416910 CreateFontA
0x416914 CreateFontIndirectA
Library SHELL32.dll:
0x416f24 ShellExecuteA
0x416f28 Shell_NotifyIconA
Library COMCTL32.dll:
0x4168c0
Library ole32.dll:
0x41706c CoUninitialize
0x417070 CoCreateInstance
0x417074 CoInitialize
Library MSVCP60.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49191 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49192 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49190 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49188 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 54991 224.0.0.252 5355
192.168.56.101 55169 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619958493&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619958493&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=7062baed31916a0&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619958493&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=7062baed31916a0&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619958493&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.