Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| edgedl.gvt1.com | 142.250.34.2 |
- UDP Requests
-
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:54660 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:57661 239.255.255.250:3702
-
192.168.56.102:57663 239.255.255.250:3702
-
192.168.56.102:61460 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.102:123
-
POST
200
https://update.googleapis.com/service/update2?cup2key=10:4227462757&cup2hreq=368373e8187af8080730cb1ca102e99c23fa418c238c3586be44d3f46bbd62cd
REQUEST
RESPONSE
BODY
POST /service/update2?cup2key=10:4227462757&cup2hreq=368373e8187af8080730cb1ca102e99c23fa418c238c3586be44d3f46bbd62cd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Google Update/1.3.36.32;winhttp;cup-ecdsa
X-Old-UID: cnt=0
X-Goog-Update-AppId: {430FD4D0-B729-4F61-AA34-91526481799D},{8A69D345-D564-463C-AFF1-A69D9E530F96}
X-Goog-Update-Updater: Omaha-1.3.36.32
X-Goog-Update-Interactivity: bg
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Content-Length: 1202
Host: update.googleapis.com
HTTP/1.1 200 OK
Content-Security-Policy: script-src 'report-sample' 'nonce-FA9p+wxZxzYQ/1Nh07zwTQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 20 Apr 2021 00:21:39 GMT
X-Cup-Server-Proof: 304402202c7270a097eb3b7d2939493a8d37374baa7d34cdae9c6b28cf429a351e4b8f8a0220374d3b1138347c86b94d2c60ffa299381c97ef54d4b2c0607054873af37bc002:368373e8187af8080730cb1ca102e99c23fa418c238c3586be44d3f46bbd62cd
Content-Type: text/xml; charset=UTF-8
X-Daynum: 5222
X-Daystart: 62499
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST
200
https://update.googleapis.com/service/update2
REQUEST
RESPONSE
BODY
POST /service/update2 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Google Update/1.3.36.32;winhttp
X-Old-UID: cnt=0
X-Goog-Update-Updater: Omaha-1.3.36.32
X-Goog-Update-Interactivity: bg
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Content-Length: 1270
Host: update.googleapis.com
HTTP/1.1 200 OK
Content-Security-Policy: script-src 'report-sample' 'nonce-sTbzwWVRaCiJydUhxdDvvg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 20 Apr 2021 00:22:06 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 5222
X-Daystart: 62526
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST
200
https://update.googleapis.com/service/update2
REQUEST
RESPONSE
BODY
POST /service/update2 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Google Update/1.3.36.72;winhttp
X-Old-UID: cnt=0
X-Goog-Update-Updater: Omaha-1.3.36.72
X-Goog-Update-Interactivity: bg
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Content-Length: 809
Host: update.googleapis.com
HTTP/1.1 200 OK
Content-Security-Policy: script-src 'report-sample' 'nonce-SH/YEuEPyILdyJ5+NvZBgQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 20 Apr 2021 00:22:16 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 5222
X-Daystart: 62536
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
HEAD
200
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
HEAD /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.gvt1.com
HTTP/1.1 200 OK
accept-ranges: bytes
content-disposition: attachment
content-length: 1304160
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "8346e1"
last-modified: Fri, 22 Jan 2021 06:31:14 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 20 Apr 2021 00:17:06 GMT
age: 276
cache-control: public,max-age=3600
GET
206
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT
Range: bytes=0-5442
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 5443
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "8346e1"
last-modified: Fri, 22 Jan 2021 06:31:14 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 20 Apr 2021 00:17:06 GMT
age: 284
content-range: bytes 0-5442/1304160
cache-control: public,max-age=3600
GET
206
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT
Range: bytes=5443-12361
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 6919
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "8346e1"
last-modified: Fri, 22 Jan 2021 06:31:14 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 20 Apr 2021 00:17:06 GMT
age: 287
content-range: bytes 5443-12361/1304160
cache-control: public,max-age=3600
GET
206
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT
Range: bytes=12362-21907
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 9546
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "8346e1"
last-modified: Fri, 22 Jan 2021 06:31:14 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 20 Apr 2021 00:17:06 GMT
age: 289
content-range: bytes 12362-21907/1304160
cache-control: public,max-age=3600
GET
206
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT
Range: bytes=21908-31316
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 9409
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "8346e1"
last-modified: Fri, 22 Jan 2021 06:31:14 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 20 Apr 2021 00:17:06 GMT
age: 290
content-range: bytes 21908-31316/1304160
cache-control: public,max-age=3600
GET
206
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT
Range: bytes=31317-51665
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 20349
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "8346e1"
last-modified: Fri, 22 Jan 2021 06:31:14 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 20 Apr 2021 00:17:06 GMT
age: 291
content-range: bytes 31317-51665/1304160
cache-control: public,max-age=3600
GET
206
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT
Range: bytes=51666-93774
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 42109
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "8346e1"
last-modified: Fri, 22 Jan 2021 06:31:14 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 20 Apr 2021 00:17:06 GMT
age: 292
content-range: bytes 51666-93774/1304160
cache-control: public,max-age=3600
GET
206
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT
Range: bytes=93775-180550
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 86776
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "8346e1"
last-modified: Fri, 22 Jan 2021 06:31:14 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 20 Apr 2021 00:17:06 GMT
age: 293
content-range: bytes 93775-180550/1304160
cache-control: public,max-age=3600
GET
206
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT
Range: bytes=180551-356531
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 175981
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "8346e1"
last-modified: Fri, 22 Jan 2021 06:31:14 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 20 Apr 2021 00:17:06 GMT
age: 294
content-range: bytes 180551-356531/1304160
cache-control: public,max-age=3600
GET
206
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT
Range: bytes=356532-718638
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 362107
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "8346e1"
last-modified: Fri, 22 Jan 2021 06:31:14 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 20 Apr 2021 00:17:06 GMT
age: 295
content-range: bytes 356532-718638/1304160
cache-control: public,max-age=3600
GET
206
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT
Range: bytes=718639-1304159
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 585521
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "8346e1"
last-modified: Fri, 22 Jan 2021 06:31:14 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 20 Apr 2021 00:17:06 GMT
age: 296
content-range: bytes 718639-1304159/1304160
cache-control: public,max-age=3600
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49819 -> 172.217.24.67:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.102:49824 -> 172.217.24.67:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 142.250.34.2:80 -> 192.168.56.102:49820 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
| TCP 142.250.34.2:80 -> 192.168.56.102:49820 | 2014520 | ET INFO EXE - Served Attached HTTP | Misc activity |
| TCP 192.168.56.102:49823 -> 172.217.24.67:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 142.250.34.2:80 -> 192.168.56.102:49820 | 2015744 | ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) | Misc activity |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.102:49819 172.217.24.67:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | c2:b5:f0:1b:46:55:3f:d3:65:b2:1d:5c:cc:56:a7:41:ac:9c:7a:22 |
|
TLS 1.2 192.168.56.102:49824 172.217.24.67:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | c2:b5:f0:1b:46:55:3f:d3:65:b2:1d:5c:cc:56:a7:41:ac:9c:7a:22 |
|
TLS 1.2 192.168.56.102:49823 172.217.24.67:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | c2:b5:f0:1b:46:55:3f:d3:65:b2:1d:5c:cc:56:a7:41:ac:9c:7a:22 |
Snort Alerts
No Snort Alerts