zeux
commented
1 year ago qgrep by itself doesn't issue any network requests (I don't think the function import list contains any network APIs). I'm not sure what these IPs are, but if I whois them, the second one belongs to MS. I assume MS issues some sort of network requests on behalf of an executable, perhaps as telemetry or something like this? See https://who.is/whois-ip/ip-address/20.99.133.109. The first IP belongs to Edgecast, not sure what this is.
Many thanks, this tool is great!
It's cut my search time in half.
Just wondering why it reaches out to the following IP addresses as show in the virus total summary?
192.229.211.108:80 (TCP) 20.99.133.109:443 (TCP)
https://www.virustotal.com/gui/file/4322a6d14cdcea6c77985ee3daf02e8a174dd8bdb15e9749e44141979e28e562/behavior