Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
47s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
27/11/2022, 02:35 UTC
Static task
static1
Behavioral task
behavioral1
Sample
Pokemon Red (UE) [S][!].gb
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Pokemon Red (UE) [S][!].gb
Resource
win10v2004-20221111-en
General
-
Target
Pokemon Red (UE) [S][!].gb
-
Size
1024KB
-
MD5
3d45c1ee9abd5738df46d2bdda8b57dc
-
SHA1
ea9bcae617fdf159b045185467ae58b2e4a48b9a
-
SHA256
5ca7ba01642a3b27b0cc0b5349b52792795b62d3ed977e98a09390659af96b7b
-
SHA512
b7dbe2563a96d78a9a5d5d434c7d02d4653ae0b81383c6bb4053e130b2d168fcb1b4225a56ff0fa7dd0047b37230e697f55bd0cac55a91eef4f3df1f2cbc06fc
-
SSDEEP
24576:5lZTSp5oytcA5/17Es8ZJQ0evUgnmPMDH:DZTSboytckFyJQlvUKmPMDH
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache rundll32.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 1996 chrome.exe 336 chrome.exe 336 chrome.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 2124 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2124 AUDIODG.EXE Token: 33 2124 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2124 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2024 wrote to memory of 1356 2024 cmd.exe 28 PID 2024 wrote to memory of 1356 2024 cmd.exe 28 PID 2024 wrote to memory of 1356 2024 cmd.exe 28 PID 336 wrote to memory of 1448 336 chrome.exe 30 PID 336 wrote to memory of 1448 336 chrome.exe 30 PID 336 wrote to memory of 1448 336 chrome.exe 30 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1556 336 chrome.exe 31 PID 336 wrote to memory of 1996 336 chrome.exe 32 PID 336 wrote to memory of 1996 336 chrome.exe 32 PID 336 wrote to memory of 1996 336 chrome.exe 32 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33 PID 336 wrote to memory of 1916 336 chrome.exe 33
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Pokemon Red (UE) [S][!].gb"1⤵
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Pokemon Red (UE) [S][!].gb2⤵
- Modifies registry class
PID:1356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:336 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb6f4f50,0x7fefb6f4f60,0x7fefb6f4f702⤵PID:1448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1048 /prefetch:22⤵PID:1556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1292 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1856 /prefetch:82⤵PID:1916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:12⤵PID:1068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:12⤵PID:1712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵PID:1672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3292 /prefetch:22⤵PID:1904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:1556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3684 /prefetch:82⤵PID:2196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3772 /prefetch:82⤵PID:2204
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:676
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f41⤵
- Suspicious use of AdjustPrivilegeToken
PID:2124
Network
-
Remote address:8.8.8.8:53Requestclients2.google.comIN AResponseclients2.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.186.174
-
Remote address:8.8.8.8:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A142.250.186.77
-
POSThttps://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardchrome.exeRemote address:142.250.186.77:443RequestPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
host: accounts.google.com
content-length: 1
origin: https://www.google.com
content-type: application/x-www-form-urlencoded
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1chrome.exeRemote address:142.250.186.174:443RequestGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1 HTTP/2.0
host: clients2.google.com
x-goog-update-interactivity: fg
x-goog-update-appid: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
x-goog-update-updater: chromecrx-89.0.4389.114
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestedgedl.me.gvt1.comIN AResponseedgedl.me.gvt1.comIN A34.104.35.123
-
GEThttp://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crxchrome.exeRemote address:34.104.35.123:80RequestGET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
Host: edgedl.me.gvt1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: cf6922cf-215f-439c-b4b4-7b54287744c2
content-length: 248531
date: Sat, 26 Nov 2022 23:49:25 GMT
age: 10018
last-modified: Fri, 25 Feb 2022 22:08:36 GMT
etag: "c994e6"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
-
Remote address:8.8.8.8:53Requestdns.googleIN AResponsedns.googleIN A8.8.8.8dns.googleIN A8.8.4.4
-
Remote address:8.8.8.8:53Requestdns.googleIN AResponsedns.googleIN A8.8.8.8dns.googleIN A8.8.4.4
-
GEThttps://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAchrome.exeRemote address:8.8.8.8:443RequestGET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
-
GEThttps://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAchrome.exeRemote address:8.8.8.8:443RequestGET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
-
GEThttps://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAVQAMAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAchrome.exeRemote address:8.8.8.8:443RequestGET /dns-query?dns=AAABAAABAAAAAAABA3d3dwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAVQAMAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
-
Remote address:142.250.181.227:443RequestGET /safebrowsing/csd/client_model_v5_variation_6.pb HTTP/2.0
host: ssl.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.PlpnwD4HYro.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-D4573md5GmdJHX15d0lc3SoObhA/cb=gapi.loaded_0chrome.exeRemote address:142.250.181.238:443RequestGET /_/scs/abc-static/_/js/k=gapi.gapi.en.PlpnwD4HYro.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-D4573md5GmdJHX15d0lc3SoObhA/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
142.250.186.77:443https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardtls, http2chrome.exe1.7kB 7.5kB 14 16
HTTP Request
POST https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard -
142.250.186.174:443https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1tls, http2chrome.exe1.9kB 9.6kB 13 16
HTTP Request
GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1 -
34.104.35.123:80http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crxhttpchrome.exe5.0kB 256.6kB 100 188
HTTP Request
GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crxHTTP Response
200 -
8.8.8.8:443https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtls, http2chrome.exe1.5kB 7.0kB 13 14
HTTP Request
GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -
8.8.8.8:443https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAVQAMAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtls, http2chrome.exe1.9kB 7.9kB 17 20
HTTP Request
GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTP Request
GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAVQAMAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -
142.250.181.227:443https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pbtls, http2chrome.exe3.0kB 92.0kB 45 72
HTTP Request
GET https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb -
142.250.181.238:443https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.PlpnwD4HYro.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-D4573md5GmdJHX15d0lc3SoObhA/cb=gapi.loaded_0tls, http2chrome.exe2.3kB 44.3kB 28 38
HTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.PlpnwD4HYro.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-D4573md5GmdJHX15d0lc3SoObhA/cb=gapi.loaded_0
-
65 B 105 B 1 1
DNS Request
clients2.google.com
DNS Response
142.250.186.174
-
65 B 81 B 1 1
DNS Request
accounts.google.com
DNS Response
142.250.186.77
-
64 B 80 B 1 1
DNS Request
edgedl.me.gvt1.com
DNS Response
34.104.35.123
-
56 B 88 B 1 1
DNS Request
dns.google
DNS Response
8.8.8.88.8.4.4
-
56 B 88 B 1 1
DNS Request
dns.google
DNS Response
8.8.8.88.8.4.4
-
3.8kB 7.8kB 10 11