hxxps://topnotchsources[.]com

Analysis

max time kernel
143s
max time network
153s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
13/09/2022, 18:03 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://topnotchsources.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1724	chrome.exe
1928	chrome.exe
1928	chrome.exe
1632	chrome.exe
2000	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2012	1928	chrome.exe	27
PID 1928 wrote to memory of 2012	1928	chrome.exe	27
PID 1928 wrote to memory of 2012	1928	chrome.exe	27
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 2000	1928	chrome.exe	28
PID 1928 wrote to memory of 1724	1928	chrome.exe	29
PID 1928 wrote to memory of 1724	1928	chrome.exe	29
PID 1928 wrote to memory of 1724	1928	chrome.exe	29
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30
PID 1928 wrote to memory of 1456	1928	chrome.exe	30

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://topnotchsources.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb2e4f50,0x7fefb2e4f60,0x7fefb2e4f70
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1140 /prefetch:2
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1752 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3412 /prefetch:2
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=540 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3212 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3232 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3240 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1104,15177683221625230702,4303786903449599165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3764 /prefetch:8
  2⤵
  PID:884

Network

DNS

topnotchsources.com

chrome.exe

Remote address:

8.8.8.8:53

Request

topnotchsources.com

IN A

Response

topnotchsources.com

IN A

135.181.164.29
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.36.45
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.168.238
GET

https://topnotchsources.com/

chrome.exe

Remote address:

135.181.164.29:443

Request

GET / HTTP/2.0
host: topnotchsources.com
sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html; charset=UTF-8
content-length: 0
date: Tue, 13 Sep 2022 18:04:11 GMT
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
DNS

apps.identrust.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

96.16.53.139

a1952.dscq.akamai.net

IN A

96.16.53.134
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

chrome.exe

Remote address:

96.16.53.139:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
ETag: "37d-5e1e6e25c9800"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Tue, 13 Sep 2022 19:04:11 GMT
Date: Tue, 13 Sep 2022 18:04:11 GMT
Connection: keep-alive
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

chrome.exe

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
Host: edgedl.me.gvt1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 248531
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 13 Sep 2022 01:09:47 GMT
age: 60864
last-modified: Fri, 25 Feb 2022 22:08:36 GMT
etag: "c994e6"
content-type: application/x-chrome-extension
x-request-id: e97d7695-e22c-40ed-bc74-b15e00833244
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
DNS

dns.google

chrome.exe

Remote address:

8.8.8.8:53

Request

dns.google

IN A

Response

dns.google

IN A

8.8.8.8

dns.google

IN A

8.8.4.4
DNS

dns.google

chrome.exe

Remote address:

8.8.8.8:53

Request

dns.google

IN A

Response

dns.google

IN A

8.8.8.8

dns.google

IN A

8.8.4.4
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_9.pb

chrome.exe

Remote address:

216.58.214.3:443

Request

GET /safebrowsing/csd/client_model_v5_variation_9.pb HTTP/2.0
host: ssl.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://update.googleapis.com/service/update2/json?cup2key=10:3504747813&cup2hreq=e15f786cd85c4c7cc44f4e1edb685de3bcb3b608e0e153b98a06af4f0e81bfda

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json?cup2key=10:3504747813&cup2hreq=e15f786cd85c4c7cc44f4e1edb685de3bcb3b608e0e153b98a06af4f0e81bfda HTTP/2.0
host: update.googleapis.com
content-length: 3187
x-goog-update-appid: giekcmmlnklenlaomppkphknjmnnpneh,llkgjffcdpffmhiakmfcdcblohccpfmo,hnimpnehoodheedghdeeijklkeaacbdc,lmelglejhemejginpboagddgdfbepgmp,khaoiebndkojlmppeemjhbpbandiljpe,ehgidpndbllacpjalkiimkbadgjfnnmc,hfnkpimlhhgieaddgfemjhofmfblmnib,gkmgaooipdjhmangpemjhigmamcehddo,jflookgnkcckhobaglndicnbbgbonegd,ojhpjlocmbogdgmfpkhlaaeamibhnphh,jamhcnnkihinmdlkakkaopbjbbcngflc,cmahhnpholdijhjokonmfdjbfmklppij,gcmjkmgdlgnkkcocmoeiminaijmmjnii,ggkkehgbnfjpeggfpleeakpidbkibbmn,bklopemakmnopmghhmccadeonafabnal,eeigpngbgcognadeebkilcpcaedhellh,ihnlcenocehgdaegdmhbidjhnhdchfmm,obedbbhbpmojnkanicioggnmelmoomoc,oimompecagnajdejgnnjijobebaeigek,aemomkdncapdnfajjbbcbdebjljbpmpj
x-goog-update-interactivity: bg
x-goog-update-updater: chrome-89.0.4389.114
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
GET

https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

chrome.exe

Remote address:

142.250.179.170:443

Request

GET /v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/2.0
host: safebrowsing.googleapis.com
x-http-method-override: POST
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 13 Sep 2022 00:52:34 GMT
age: 62013
last-modified: Wed, 17 Jul 2019 00:41:02 GMT
etag: "413d8a"
content-type: application/octet-stream
content-length: 5406
x-request-id: 855ee1d7-e57c-4894-a0fd-7503da7e0e10
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 17 Jul 2019 00:41:02 GMT
Range: bytes=0-4862
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 13 Sep 2022 00:52:34 GMT
age: 62025
last-modified: Wed, 17 Jul 2019 00:41:02 GMT
etag: "413d8a"
content-type: application/octet-stream
content-length: 4863
x-request-id: 85fc5fc1-40b8-45bb-aea3-3716b94939e4
content-range: bytes 0-4862/5406
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 17 Jul 2019 00:41:02 GMT
Range: bytes=4863-5405
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Tue, 13 Sep 2022 00:52:34 GMT
age: 62027
last-modified: Wed, 17 Jul 2019 00:41:02 GMT
etag: "413d8a"
content-type: application/octet-stream
content-length: 543
x-request-id: 905c8f90-9950-4b10-b218-a09de36575f8
content-range: bytes 4863-5405/5406
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity

135.181.164.29:443

https://topnotchsources.com/

tls, http2

chrome.exe

1.8kB
5.6kB
14
15

HTTP Request

GET https://topnotchsources.com/

HTTP Response

200
135.181.164.29:443

topnotchsources.com

tls

chrome.exe

989 B
4.9kB
9
8
96.16.53.139:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

chrome.exe

369 B
1.6kB
5
4

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

http

chrome.exe

5.2kB
257.8kB
104
192

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

HTTP Response

200
8.8.8.8:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

2.1kB
8.1kB
19
23

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
8.8.8.8:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

1.7kB
7.1kB
16
17

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
216.58.214.3:443

https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_9.pb

tls, http2

chrome.exe

3.6kB
117.7kB
57
95

HTTP Request

GET https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_9.pb
216.58.214.10:80

46 B
40 B
1
1
216.58.214.10:80

46 B
40 B
1
1
216.58.208.99:80

46 B
40 B
1
1
216.58.208.99:80

46 B
40 B
1
1
142.250.179.163:443

https://update.googleapis.com/service/update2/json?cup2key=10:3504747813&cup2hreq=e15f786cd85c4c7cc44f4e1edb685de3bcb3b608e0e153b98a06af4f0e81bfda

tls, http2

chrome.exe

5.6kB
12.0kB
18
20

HTTP Request

POST https://update.googleapis.com/service/update2/json?cup2key=10:3504747813&cup2hreq=e15f786cd85c4c7cc44f4e1edb685de3bcb3b608e0e153b98a06af4f0e81bfda
142.250.179.170:443

https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

tls, http2

chrome.exe

202.5kB
11.4MB
4371
8468

HTTP Request

GET https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

http

1.3kB
9.7kB
10
14

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

HTTP Response

206
8.8.8.8:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

1.5kB
7.0kB
13
14

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

8.8.8.8:53

topnotchsources.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

topnotchsources.com

DNS Response

135.181.164.29
8.8.8.8:53

accounts.google.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.251.36.45
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

172.217.168.238
142.251.36.45:443

accounts.google.com

https

chrome.exe

4.8kB
9.6kB
8
8
172.217.168.238:443

clients2.google.com

https

chrome.exe

5.1kB
9.5kB
8
8
8.8.8.8:53

apps.identrust.com

dns

chrome.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

96.16.53.139

96.16.53.134
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123
8.8.8.8:53

dns.google

dns

chrome.exe

56 B
88 B
1
1

DNS Request

dns.google

DNS Response

8.8.8.8

8.8.4.4
8.8.8.8:53

dns.google

dns

chrome.exe

56 B
88 B
1
1

DNS Request

dns.google

DNS Response

8.8.8.8

8.8.4.4
8.8.8.8:443

dns.google

https

chrome.exe

3.5kB
7.2kB
8
9
135.181.164.29:443

topnotchsources.com

https

chrome.exe

3.5kB
9.0kB
7
12
8.8.8.8:443

dns.google

https

chrome.exe

3.0kB
8.3kB
6
6
8.8.8.8:443

dns.google

https

chrome.exe

1.8kB
2.3kB
4
3
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:443

dns.google

https

chrome.exe

3.8kB
7.2kB
9
10
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123
142.250.179.163:443

https

chrome.exe

4.2kB
6.6kB
7
8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.