Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| edgedl.me.gvt1.com | 34.104.35.123 | |
| wekeepworking.sytes.net | 185.140.53.40 |
- UDP Requests
-
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
8.8.8.8:53 192.168.56.102:50839
-
8.8.8.8:53 192.168.56.102:54660
-
8.8.8.8:53 192.168.56.102:61998
-
POST
200
https://update.googleapis.com/service/update2?cup2key=10:2210899602&cup2hreq=4af8a317c8f3b4f0e5cc0232ccdfe81ee58927156e4e3612666c5b15dbc1ee68
REQUEST
RESPONSE
BODY
POST /service/update2?cup2key=10:2210899602&cup2hreq=4af8a317c8f3b4f0e5cc0232ccdfe81ee58927156e4e3612666c5b15dbc1ee68 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Google Update/1.3.36.32;winhttp;cup-ecdsa
X-Old-UID: cnt=0
X-Goog-Update-AppId: {430FD4D0-B729-4F61-AA34-91526481799D},{8A69D345-D564-463C-AFF1-A69D9E530F96}
X-Goog-Update-Updater: Omaha-1.3.36.32
X-Goog-Update-Interactivity: bg
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Content-Length: 1202
Host: update.googleapis.com
HTTP/1.1 200 OK
Content-Security-Policy: script-src 'report-sample' 'nonce-6kcfT9JMrAaqqK0WNpQnXw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 27 May 2021 23:26:45 GMT
X-Cup-Server-Proof: 3046022100ca482f090f166944c818f29cdb6a386d39e8686420fb9a0fda76f07a0102be83022100d9a3993c6f92fa8243b98daa817cbd773c2389becfd5d5c03643270442f1a5b3:4af8a317c8f3b4f0e5cc0232ccdfe81ee58927156e4e3612666c5b15dbc1ee68
Content-Type: text/xml; charset=UTF-8
X-Daynum: 5260
X-Daystart: 59205
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
HEAD
200
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.me.gvt1.com
HTTP/1.1 200 OK
accept-ranges: bytes
content-disposition: attachment
content-length: 1310832
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9f6104"
last-modified: Tue, 13 Apr 2021 03:03:58 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Thu, 27 May 2021 11:24:09 GMT
age: 43358
alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET
206
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=0-4909
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.me.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 4910
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9f6104"
last-modified: Tue, 13 Apr 2021 03:03:58 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Thu, 27 May 2021 11:24:09 GMT
age: 43378
content-range: bytes 0-4909/1310832
alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET
206
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=4910-15006
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.me.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 10097
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9f6104"
last-modified: Tue, 13 Apr 2021 03:03:58 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Thu, 27 May 2021 11:24:09 GMT
age: 43383
content-range: bytes 4910-15006/1310832
alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET
206
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=15007-25439
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.me.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 10433
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9f6104"
last-modified: Tue, 13 Apr 2021 03:03:58 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Thu, 27 May 2021 11:24:09 GMT
age: 43385
content-range: bytes 15007-25439/1310832
alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET
206
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=25440-35792
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.me.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 10353
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9f6104"
last-modified: Tue, 13 Apr 2021 03:03:58 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Thu, 27 May 2021 11:24:09 GMT
age: 43386
content-range: bytes 25440-35792/1310832
alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET
206
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=35793-57927
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.me.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 22135
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9f6104"
last-modified: Tue, 13 Apr 2021 03:03:58 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Thu, 27 May 2021 11:24:09 GMT
age: 43387
content-range: bytes 35793-57927/1310832
alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET
206
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=57928-103744
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.me.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 45817
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9f6104"
last-modified: Tue, 13 Apr 2021 03:03:58 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Thu, 27 May 2021 11:24:09 GMT
age: 43388
content-range: bytes 57928-103744/1310832
alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET
206
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=103745-196773
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.me.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 93029
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9f6104"
last-modified: Tue, 13 Apr 2021 03:03:58 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Thu, 27 May 2021 11:24:09 GMT
age: 43389
content-range: bytes 103745-196773/1310832
alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET
206
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=196774-384130
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.me.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 187357
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9f6104"
last-modified: Tue, 13 Apr 2021 03:03:58 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Thu, 27 May 2021 11:24:09 GMT
age: 43390
content-range: bytes 196774-384130/1310832
alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET
206
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=384131-758808
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.me.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 374678
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9f6104"
last-modified: Tue, 13 Apr 2021 03:03:58 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Thu, 27 May 2021 11:24:09 GMT
age: 43391
content-range: bytes 384131-758808/1310832
alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET
206
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=758809-1310831
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.me.gvt1.com
HTTP/1.1 206 Partial Content
accept-ranges: bytes
content-disposition: attachment
content-length: 552023
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9f6104"
last-modified: Tue, 13 Apr 2021 03:03:58 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Thu, 27 May 2021 11:24:09 GMT
age: 43392
content-range: bytes 758809-1310831/1310832
alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 34.104.35.123:80 -> 192.168.56.102:49812 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
| TCP 34.104.35.123:80 -> 192.168.56.102:49812 | 2014520 | ET INFO EXE - Served Attached HTTP | Misc activity |
| TCP 192.168.56.102:49811 -> 142.250.66.99:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 34.104.35.123:80 -> 192.168.56.102:49812 | 2015744 | ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) | Misc activity |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.102:49811 142.250.66.99:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | 4c:f7:71:9d:b2:c7:1b:2b:a2:f7:d5:41:9c:01:ca:78:4e:d0:c4:cb |
Snort Alerts
No Snort Alerts