hxxp://customlines[.]top/forum[.]txt

Analysis

max time kernel
147s
max time network
150s
platform
windows10_x64
resource
win10-20220223-en
submitted
14/03/2022, 14:52 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://customlines.top/forum.txt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2376	chrome.exe
2376	chrome.exe
1352	chrome.exe
1352	chrome.exe
792	chrome.exe
792	chrome.exe
3876	chrome.exe
3876	chrome.exe
1840	chrome.exe
1840	chrome.exe
548	chrome.exe
548	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 3940	2376	chrome.exe	42
PID 2376 wrote to memory of 3940	2376	chrome.exe	42
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 3548	2376	chrome.exe	44
PID 2376 wrote to memory of 2516	2376	chrome.exe	43
PID 2376 wrote to memory of 2516	2376	chrome.exe	43
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45
PID 2376 wrote to memory of 3840	2376	chrome.exe	45

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://customlines.top/forum.txt
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffbd4a4f50,0x7fffbd4a4f60,0x7fffbd4a4f70
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1648 /prefetch:2
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2296 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4308 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4548 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=772 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2360 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6111490612518833369,6814742847441188251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:3164

Network

DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

172.217.168.237
DNS

customlines.top

chrome.exe

Remote address:

8.8.8.8:53

Request

customlines.top

IN A

Response
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.179.174
DNS

google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.251.36.46
DNS

google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.251.36.46
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

chrome.exe

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
Host: edgedl.me.gvt1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 248531
content-security-policy: default-src 'none'
content-type: application/x-chrome-extension
etag: "c994e6"
last-modified: Fri, 25 Feb 2022 22:08:36 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Mon, 14 Mar 2022 14:35:34 GMT
age: 1039
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: a56ffee2-ec31-4cf7-9657-8e925568fca0
cache-control: public,max-age=86400
DNS

clients2.googleusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN A

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

172.217.168.193
DNS

dns.google

chrome.exe

Remote address:

8.8.8.8:53

Request

dns.google

IN A

Response

dns.google

IN A

8.8.4.4

dns.google

IN A

8.8.8.8
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
DNS

customlines.top

chrome.exe

Remote address:

8.8.8.8:53

Request

customlines.top

IN A

Response
GET

https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_9.pb

chrome.exe

Remote address:

142.250.179.131:443

Request

GET /safebrowsing/csd/client_model_v5_variation_9.pb HTTP/2.0
host: ssl.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
DNS

customlines.top

chrome.exe

Remote address:

8.8.8.8:53

Request

customlines.top

IN A

Response
DNS

nexusrules.officeapps.live.com

chrome.exe

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.109.12.19
POST

https://update.googleapis.com/service/update2/json?cup2key=10:635547399&cup2hreq=6a043497d6fabeb77cea665133133b43b53d8da682e17ef9fb173581e2c72e53

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json?cup2key=10:635547399&cup2hreq=6a043497d6fabeb77cea665133133b43b53d8da682e17ef9fb173581e2c72e53 HTTP/2.0
host: update.googleapis.com
content-length: 3295
x-goog-update-appid: ehgidpndbllacpjalkiimkbadgjfnnmc,khaoiebndkojlmppeemjhbpbandiljpe,ggkkehgbnfjpeggfpleeakpidbkibbmn,cmahhnpholdijhjokonmfdjbfmklppij,aemomkdncapdnfajjbbcbdebjljbpmpj,llkgjffcdpffmhiakmfcdcblohccpfmo,ihnlcenocehgdaegdmhbidjhnhdchfmm,oimompecagnajdejgnnjijobebaeigek,eeigpngbgcognadeebkilcpcaedhellh,obedbbhbpmojnkanicioggnmelmoomoc,bklopemakmnopmghhmccadeonafabnal,lmelglejhemejginpboagddgdfbepgmp,jflookgnkcckhobaglndicnbbgbonegd,gkmgaooipdjhmangpemjhigmamcehddo,ojhpjlocmbogdgmfpkhlaaeamibhnphh,jamhcnnkihinmdlkakkaopbjbbcngflc,giekcmmlnklenlaomppkphknjmnnpneh,hfnkpimlhhgieaddgfemjhofmfblmnib,kiabhabjdbkjdpjbpigfodbdjmbglcoo,hnimpnehoodheedghdeeijklkeaacbdc,gcmjkmgdlgnkkcocmoeiminaijmmjnii
x-goog-update-interactivity: bg
x-goog-update-updater: chrome-89.0.4389.114
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_party_module_list.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_party_module_list.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 5700
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "29c66a"
last-modified: Wed, 08 Aug 2018 11:12:10 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Sun, 13 Mar 2022 21:37:57 GMT
age: 62155
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: d6b9967d-7333-4e16-921d-a37d5c590509
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_party_module_list.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_party_module_list.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 08 Aug 2018 11:12:10 GMT
Range: bytes=0-1342
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 1343
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "29c66a"
last-modified: Wed, 08 Aug 2018 11:12:10 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Sun, 13 Mar 2022 21:37:57 GMT
age: 62155
content-range: bytes 0-1342/5700
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: 8b75f087-63d0-4602-8af0-93e34518900e
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_party_module_list.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_party_module_list.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 08 Aug 2018 11:12:10 GMT
Range: bytes=1343-2394
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 1052
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "29c66a"
last-modified: Wed, 08 Aug 2018 11:12:10 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Sun, 13 Mar 2022 21:37:57 GMT
age: 62157
content-range: bytes 1343-2394/5700
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: c1891724-24fe-4c20-a65f-4ce6e468ca48
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_party_module_list.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_party_module_list.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 08 Aug 2018 11:12:10 GMT
Range: bytes=2395-5699
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 3305
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "29c66a"
last-modified: Wed, 08 Aug 2018 11:12:10 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Sun, 13 Mar 2022 21:37:57 GMT
age: 62158
content-range: bytes 2395-5699/5700
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: 2b154e8a-079b-461e-a90a-3682efd073ac
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acfifkd2sz342wmnbw7yvdwmtc5a_48/khaoiebndkojlmppeemjhbpbandiljpe_48_win_ccfl2wvh5b5bfuztfguafrvlpm.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/acfifkd2sz342wmnbw7yvdwmtc5a_48/khaoiebndkojlmppeemjhbpbandiljpe_48_win_ccfl2wvh5b5bfuztfguafrvlpm.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 5585
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "c84f36"
last-modified: Mon, 14 Feb 2022 23:31:10 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Mon, 14 Mar 2022 08:06:03 GMT
age: 24478
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: d54a87be-fddd-468a-8142-08aac159748f
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acfifkd2sz342wmnbw7yvdwmtc5a_48/khaoiebndkojlmppeemjhbpbandiljpe_48_win_ccfl2wvh5b5bfuztfguafrvlpm.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/acfifkd2sz342wmnbw7yvdwmtc5a_48/khaoiebndkojlmppeemjhbpbandiljpe_48_win_ccfl2wvh5b5bfuztfguafrvlpm.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 14 Feb 2022 23:31:10 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 5585
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "c84f36"
last-modified: Mon, 14 Feb 2022 23:31:10 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Mon, 14 Mar 2022 08:06:03 GMT
age: 24478
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: a8fc78b6-228c-4b73-b506-564b07fbf68c
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/lizctwwurubi2f4ylro4atx2r4_2022.2.28.1201/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.2.28.1201_all_lagfqpzp3r7j542cj6bsb7d7i4.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/lizctwwurubi2f4ylro4atx2r4_2022.2.28.1201/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.2.28.1201_all_lagfqpzp3r7j542cj6bsb7d7i4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 9941
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "c9df33"
last-modified: Mon, 28 Feb 2022 20:10:44 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Mon, 14 Mar 2022 01:17:53 GMT
age: 48980
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: 7dfc2a91-e6f0-4f8d-9649-6ab7e8a87e74
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/lizctwwurubi2f4ylro4atx2r4_2022.2.28.1201/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.2.28.1201_all_lagfqpzp3r7j542cj6bsb7d7i4.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/lizctwwurubi2f4ylro4atx2r4_2022.2.28.1201/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.2.28.1201_all_lagfqpzp3r7j542cj6bsb7d7i4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 28 Feb 2022 20:10:44 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 9941
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "c9df33"
last-modified: Mon, 28 Feb 2022 20:10:44 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Mon, 14 Mar 2022 01:17:53 GMT
age: 48980
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: 5eda99d4-182b-41ca-acf1-84cdebf3b125
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 9555
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9deda9"
last-modified: Mon, 29 Mar 2021 22:42:38 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Mon, 14 Mar 2022 12:57:08 GMT
age: 7042
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: 44f2d4c0-ab16-474e-bfa1-ce3198d14f04
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 29 Mar 2021 22:42:38 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 9555
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9deda9"
last-modified: Mon, 29 Mar 2021 22:42:38 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Mon, 14 Mar 2022 12:57:08 GMT
age: 7042
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: a9486f21-d7f5-4543-ae33-1dee815c99bf
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 9505
content-security-policy: default-src 'none'
content-type: application/x-chrome-extension
etag: "a93f27"
last-modified: Mon, 16 Aug 2021 20:43:55 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Mon, 14 Mar 2022 09:29:10 GMT
age: 19541
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: a75981e1-4acb-494f-b06d-a34027f69b0b
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 16 Aug 2021 20:43:55 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 9505
content-security-policy: default-src 'none'
content-type: application/x-chrome-extension
etag: "a93f27"
last-modified: Mon, 16 Aug 2021 20:43:55 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Mon, 14 Mar 2022 09:29:10 GMT
age: 19542
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: d1e8c02b-3a25-462c-9f0f-4ee2d8361174
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTVkQUFYWTN2V0pFMl9rR2VLalMxS0pyZw/1.0.0.12_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTVkQUFYWTN2V0pFMl9rR2VLalMxS0pyZw/1.0.0.12_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 2912
content-security-policy: default-src 'none'
content-type: application/x-chrome-extension
etag: "ca3e43"
last-modified: Thu, 03 Mar 2022 17:58:29 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Sun, 13 Mar 2022 18:15:16 GMT
age: 74401
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: 21ae7e57-b8a9-4326-aa5d-fba0b335c112
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTVkQUFYWTN2V0pFMl9rR2VLalMxS0pyZw/1.0.0.12_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTVkQUFYWTN2V0pFMl9rR2VLalMxS0pyZw/1.0.0.12_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 03 Mar 2022 17:58:29 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 2912
content-security-policy: default-src 'none'
content-type: application/x-chrome-extension
etag: "ca3e43"
last-modified: Thu, 03 Mar 2022 17:58:29 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Sun, 13 Mar 2022 18:15:16 GMT
age: 74401
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
x-request-id: cda8d047-47a7-4ac2-b493-cdb4cd62ca7b
cache-control: public,max-age=86400
DNS

customlines.top

chrome.exe

Remote address:

8.8.8.8:53

Request

customlines.top

IN A

Response
DNS

self.events.data.microsoft.com

chrome.exe

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdneu06.northeurope.cloudapp.azure.com

onedscolprdneu06.northeurope.cloudapp.azure.com

IN A

13.69.239.74
DNS

ctldl.windowsupdate.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

wu-bg-shim.trafficmanager.net

wu-bg-shim.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

84.53.175.34
DNS

ocsp.digicert.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

cs9.wac.phicdn.net

cs9.wac.phicdn.net

IN A

93.184.220.29

34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

http

chrome.exe

4.8kB
256.4kB
95
183

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

HTTP Response

200
172.217.168.193:443

clients2.googleusercontent.com

tls, https

chrome.exe

1.1kB
8.6kB
11
11
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

2.1kB
8.1kB
20
24

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

1.7kB
7.1kB
16
16

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
142.250.179.131:443

https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_9.pb

tls, http2

chrome.exe

3.8kB
117.3kB
62
89

HTTP Request

GET https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_9.pb
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

2.0kB
7.8kB
18
19

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
8.8.4.4:443

dns.google

tls, https

chrome.exe

989 B
5.8kB
9
8
142.250.179.163:443

https://update.googleapis.com/service/update2/json?cup2key=10:635547399&cup2hreq=6a043497d6fabeb77cea665133133b43b53d8da682e17ef9fb173581e2c72e53

tls, http2

chrome.exe

5.7kB
11.7kB
18
19

HTTP Request

POST https://update.googleapis.com/service/update2/json?cup2key=10:635547399&cup2hreq=6a043497d6fabeb77cea665133133b43b53d8da682e17ef9fb173581e2c72e53
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTVkQUFYWTN2V0pFMl9rR2VLalMxS0pyZw/1.0.0.12_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

http

5.8kB
53.4kB
38
58

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_party_module_list.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_party_module_list.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_party_module_list.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_party_module_list.crx3

HTTP Response

206

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acfifkd2sz342wmnbw7yvdwmtc5a_48/khaoiebndkojlmppeemjhbpbandiljpe_48_win_ccfl2wvh5b5bfuztfguafrvlpm.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acfifkd2sz342wmnbw7yvdwmtc5a_48/khaoiebndkojlmppeemjhbpbandiljpe_48_win_ccfl2wvh5b5bfuztfguafrvlpm.crx3

HTTP Response

200

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/lizctwwurubi2f4ylro4atx2r4_2022.2.28.1201/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.2.28.1201_all_lagfqpzp3r7j542cj6bsb7d7i4.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/lizctwwurubi2f4ylro4atx2r4_2022.2.28.1201/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.2.28.1201_all_lagfqpzp3r7j542cj6bsb7d7i4.crx3

HTTP Response

200

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

HTTP Response

200

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx

HTTP Response

200

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTVkQUFYWTN2V0pFMl9rR2VLalMxS0pyZw/1.0.0.12_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTVkQUFYWTN2V0pFMl9rR2VLalMxS0pyZw/1.0.0.12_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

HTTP Response

200

8.8.8.8:53

accounts.google.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

172.217.168.237
8.8.8.8:53

customlines.top

dns

chrome.exe

61 B
131 B
1
1

DNS Request

customlines.top
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.250.179.174
172.217.168.237:443

accounts.google.com

https

chrome.exe

4.8kB
9.3kB
8
8
142.250.179.174:443

clients2.google.com

https

chrome.exe

6.5kB
9.9kB
10
11
8.8.8.8:53

google.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.251.36.46
8.8.8.8:53

google.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.251.36.46
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123
8.8.8.8:53

clients2.googleusercontent.com

dns

chrome.exe

76 B
121 B
1
1

DNS Request

clients2.googleusercontent.com

DNS Response

172.217.168.193
172.217.168.193:443

clients2.googleusercontent.com

https

chrome.exe

11.3kB
845.0kB
114
622
8.8.8.8:53

dns.google

dns

chrome.exe

56 B
88 B
1
1

DNS Request

dns.google

DNS Response

8.8.4.4

8.8.8.8
8.8.4.4:443

dns.google

https

chrome.exe

6.3kB
9.2kB
17
16
8.8.8.8:53

dns.google

dns

chrome.exe

61 B
131 B
1
1

DNS Request

customlines.top
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

dns.google

dns

chrome.exe

61 B
131 B
1
1

DNS Request

customlines.top
8.8.8.8:53

dns.google

dns

chrome.exe

76 B
141 B
1
1

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.109.12.19
8.8.4.4:443

dns.google

https

chrome.exe

3.2kB
6.4kB
6
6
8.8.8.8:53

dns.google

dns

chrome.exe

64 B
80 B
1
1

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123
142.250.179.163:443

https

chrome.exe

9.0kB
8.9kB
18
18
8.8.4.4:443

dns.google

https

chrome.exe

1.8kB
2.4kB
4
4
8.8.8.8:53

dns.google

dns

chrome.exe

61 B
131 B
1
1

DNS Request

customlines.top
8.8.8.8:53

dns.google

dns

chrome.exe

76 B
199 B
1
1

DNS Request

self.events.data.microsoft.com

DNS Response

13.69.239.74
8.8.8.8:53

dns.google

dns

chrome.exe

69 B
212 B
1
1

DNS Request

ctldl.windowsupdate.com

DNS Response

84.53.175.34
8.8.8.8:53

dns.google

dns

chrome.exe

63 B
111 B
1
1

DNS Request

ocsp.digicert.com

DNS Response

93.184.220.29

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.