Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

23/12/2022, 10:41 UTC

221223-mq3b8abe4x 1

23/12/2022, 10:35 UTC

221223-mm5ceagd22 8

Analysis

  • max time kernel
    207s
  • max time network
    211s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/12/2022, 10:35 UTC

General

  • Target

    http://download.cdn.mozilla.net/pub/firefox/releases/72.0.2/update/win64/en-US/firefox-71.0-72.0.2.partial.mar

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 7 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 30 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://download.cdn.mozilla.net/pub/firefox/releases/72.0.2/update/win64/en-US/firefox-71.0-72.0.2.partial.mar
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4304
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4304 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4184
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2376
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1576
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdddf54f50,0x7ffdddf54f60,0x7ffdddf54f70
        2⤵
          PID:1464
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1636 /prefetch:2
          2⤵
            PID:680
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2028 /prefetch:8
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4616
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 /prefetch:8
            2⤵
              PID:4092
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
              2⤵
                PID:1192
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
                2⤵
                  PID:2136
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
                  2⤵
                    PID:5092
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4472 /prefetch:8
                    2⤵
                      PID:3312
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:8
                      2⤵
                        PID:2464
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4496 /prefetch:8
                        2⤵
                          PID:5040
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4364 /prefetch:8
                          2⤵
                            PID:4932
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4592 /prefetch:8
                            2⤵
                              PID:4836
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3304
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5148 /prefetch:8
                              2⤵
                                PID:4172
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2356
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4508 /prefetch:8
                                2⤵
                                  PID:756
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8
                                  2⤵
                                    PID:2008
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5360 /prefetch:8
                                    2⤵
                                      PID:1156
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4560 /prefetch:8
                                      2⤵
                                        PID:4888
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5528 /prefetch:8
                                        2⤵
                                          PID:3956
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5796 /prefetch:8
                                          2⤵
                                            PID:5084
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5392 /prefetch:8
                                            2⤵
                                              PID:4168
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5476 /prefetch:8
                                              2⤵
                                                PID:4332
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5896 /prefetch:8
                                                2⤵
                                                  PID:3980
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5920 /prefetch:8
                                                  2⤵
                                                    PID:3460
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5908 /prefetch:8
                                                    2⤵
                                                      PID:444
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6364 /prefetch:8
                                                      2⤵
                                                        PID:2272
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6352 /prefetch:8
                                                        2⤵
                                                          PID:4184
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5916 /prefetch:8
                                                          2⤵
                                                            PID:3380
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6216 /prefetch:8
                                                            2⤵
                                                              PID:1268
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                                                              2⤵
                                                                PID:1340
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
                                                                2⤵
                                                                  PID:5044
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
                                                                  2⤵
                                                                    PID:4468
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
                                                                    2⤵
                                                                      PID:2272
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
                                                                      2⤵
                                                                        PID:756
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3916 /prefetch:8
                                                                        2⤵
                                                                          PID:720
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2736 /prefetch:8
                                                                          2⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:4924
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 /prefetch:8
                                                                          2⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:4324
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1128 /prefetch:8
                                                                          2⤵
                                                                            PID:720
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
                                                                            2⤵
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:2156
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5292 /prefetch:8
                                                                            2⤵
                                                                              PID:1684
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1100 /prefetch:8
                                                                              2⤵
                                                                                PID:3940
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 /prefetch:8
                                                                                2⤵
                                                                                  PID:1352
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6624 /prefetch:2
                                                                                  2⤵
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:4484
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 /prefetch:8
                                                                                  2⤵
                                                                                    PID:4528
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
                                                                                    2⤵
                                                                                      PID:1112
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3088 /prefetch:8
                                                                                      2⤵
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:1012
                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                    1⤵
                                                                                      PID:3056
                                                                                    • C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
                                                                                      1⤵
                                                                                      • Drops file in Program Files directory
                                                                                      PID:2636
                                                                                      • C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\ChromeRecovery.exe
                                                                                        "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={a29c3aba-3c22-4747-b372-1f5ed66ad527} --system
                                                                                        2⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:740

                                                                                    Network

                                                                                    • flag-unknown
                                                                                      DNS
                                                                                      download.cdn.mozilla.net
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      download.cdn.mozilla.net
                                                                                      IN A
                                                                                      Response
                                                                                      download.cdn.mozilla.net
                                                                                      IN CNAME
                                                                                      download-cdn.prod.mozaws.net
                                                                                      download-cdn.prod.mozaws.net
                                                                                      IN A
                                                                                      34.117.35.28
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      http://download.cdn.mozilla.net/pub/firefox/releases/72.0.2/update/win64/en-US/firefox-71.0-72.0.2.partial.mar
                                                                                      IEXPLORE.EXE
                                                                                      Remote address:
                                                                                      34.117.35.28:80
                                                                                      Request
                                                                                      GET /pub/firefox/releases/72.0.2/update/win64/en-US/firefox-71.0-72.0.2.partial.mar HTTP/1.1
                                                                                      Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                      Accept-Language: en-US
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: download.cdn.mozilla.net
                                                                                      Connection: Keep-Alive
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      X-Guploader-Uploadid: ADPycds-wmxzzu9pIZwn3I18mnzC-DYun1SmCZ-yZ6kTc-UKBgkM0goI3dEtRLVX8qO-1A8CSV7BomoUMr93Wzp_I1Bojtr7bkMo
                                                                                      X-Goog-Generation: 1660732199222953
                                                                                      X-Goog-Metageneration: 1
                                                                                      X-Goog-Stored-Content-Encoding: identity
                                                                                      X-Goog-Stored-Content-Length: 21334435
                                                                                      X-Goog-Meta-X-Goog-Reserved-Source-Generation: 1579563348899552
                                                                                      X-Goog-Hash: crc32c=dxXB4Q==
                                                                                      X-Goog-Hash: md5=y7XEWwhJgvMxlj5TzhAY0w==
                                                                                      X-Goog-Storage-Class: STANDARD
                                                                                      Accept-Ranges: bytes
                                                                                      Vary: Origin
                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                      Via: 1.1 google, 1.1 google
                                                                                      Date: Wed, 14 Dec 2022 04:45:48 GMT
                                                                                      Expires: Mon, 12 Jun 2023 04:45:48 GMT
                                                                                      Cache-Control: max-age=15552000
                                                                                      Last-Modified: Wed, 17 Aug 2022 10:29:59 GMT
                                                                                      ETag: "cbb5c45b084982f331963e53ce1018d3"
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 21334435
                                                                                      Age: 798615
                                                                                    • flag-unknown
                                                                                      DNS
                                                                                      clients2.google.com
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      clients2.google.com
                                                                                      IN A
                                                                                      Response
                                                                                      clients2.google.com
                                                                                      IN CNAME
                                                                                      clients.l.google.com
                                                                                      clients.l.google.com
                                                                                      IN A
                                                                                      142.250.179.174
                                                                                    • flag-unknown
                                                                                      DNS
                                                                                      accounts.google.com
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      accounts.google.com
                                                                                      IN A
                                                                                      Response
                                                                                      accounts.google.com
                                                                                      IN A
                                                                                      172.217.168.237
                                                                                    • flag-unknown
                                                                                      POST
                                                                                      https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      172.217.168.237:443
                                                                                      Request
                                                                                      POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
                                                                                      host: accounts.google.com
                                                                                      content-length: 1
                                                                                      origin: https://www.google.com
                                                                                      content-type: application/x-www-form-urlencoded
                                                                                      sec-fetch-site: none
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: empty
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      DNS
                                                                                      edgedl.me.gvt1.com
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      edgedl.me.gvt1.com
                                                                                      IN A
                                                                                      Response
                                                                                      edgedl.me.gvt1.com
                                                                                      IN A
                                                                                      34.104.35.123
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Connection: keep-alive
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-length: 248531
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      x-request-id: e5938a73-caed-4041-9c6e-9478b98a81a6
                                                                                      date: Fri, 23 Dec 2022 07:16:31 GMT
                                                                                      age: 12011
                                                                                      last-modified: Fri, 25 Feb 2022 22:08:36 GMT
                                                                                      etag: "c994e6"
                                                                                      content-type: application/x-chrome-extension
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                    • flag-unknown
                                                                                      DNS
                                                                                      apis.google.com
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      apis.google.com
                                                                                      IN A
                                                                                      Response
                                                                                      apis.google.com
                                                                                      IN CNAME
                                                                                      plus.l.google.com
                                                                                      plus.l.google.com
                                                                                      IN A
                                                                                      142.250.179.142
                                                                                    • flag-unknown
                                                                                      DNS
                                                                                      dns.google
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      dns.google
                                                                                      IN A
                                                                                      Response
                                                                                      dns.google
                                                                                      IN A
                                                                                      8.8.8.8
                                                                                      dns.google
                                                                                      IN A
                                                                                      8.8.4.4
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:443
                                                                                      Request
                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                      host: dns.google
                                                                                      accept: application/dns-message
                                                                                      accept-language: *
                                                                                      user-agent: Chrome
                                                                                      accept-encoding: identity
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:443
                                                                                      Request
                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                      host: dns.google
                                                                                      accept: application/dns-message
                                                                                      accept-language: *
                                                                                      user-agent: Chrome
                                                                                      accept-encoding: identity
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:443
                                                                                      Request
                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                      host: dns.google
                                                                                      accept: application/dns-message
                                                                                      accept-language: *
                                                                                      user-agent: Chrome
                                                                                      accept-encoding: identity
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRL8HqXUVyXHcwB4LGusRVdKxZKLqyTBiUi8dksEBU&s=10
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      142.251.39.110:443
                                                                                      Request
                                                                                      GET /images?q=tbn:ANd9GcRL8HqXUVyXHcwB4LGusRVdKxZKLqyTBiUi8dksEBU&s=10 HTTP/2.0
                                                                                      host: encrypted-tbn0.gstatic.com
                                                                                      sec-fetch-site: none
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: empty
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSlWQJ0cQYpPaerm1svWk74GOfsaHCV8jyP04gayW8&s=10
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      142.251.39.110:443
                                                                                      Request
                                                                                      GET /images?q=tbn:ANd9GcSlWQJ0cQYpPaerm1svWk74GOfsaHCV8jyP04gayW8&s=10 HTTP/2.0
                                                                                      host: encrypted-tbn0.gstatic.com
                                                                                      sec-fetch-site: none
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: empty
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTtyS-3U_4svsfR94TX7fWsaPWwWtHThn2X_VX_pFK67bsC8hVQg6J7btQ&s=10
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      142.251.39.110:443
                                                                                      Request
                                                                                      GET /images?q=tbn:ANd9GcTtyS-3U_4svsfR94TX7fWsaPWwWtHThn2X_VX_pFK67bsC8hVQg6J7btQ&s=10 HTTP/2.0
                                                                                      host: encrypted-tbn0.gstatic.com
                                                                                      sec-fetch-site: none
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: empty
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRZGJ-kWvZj11oR65BNnyIEk1qmUDoGsxUK7bog1vM&s=10
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      142.251.39.110:443
                                                                                      Request
                                                                                      GET /images?q=tbn:ANd9GcRZGJ-kWvZj11oR65BNnyIEk1qmUDoGsxUK7bog1vM&s=10 HTTP/2.0
                                                                                      host: encrypted-tbn0.gstatic.com
                                                                                      sec-fetch-site: none
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: empty
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTnJN-7Uk6UuU4Zp-EesrfgSzCxB3LOdQtymvqH3IgwqnMRAREtGT_NCGA&s=10
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      142.251.39.110:443
                                                                                      Request
                                                                                      GET /images?q=tbn:ANd9GcTnJN-7Uk6UuU4Zp-EesrfgSzCxB3LOdQtymvqH3IgwqnMRAREtGT_NCGA&s=10 HTTP/2.0
                                                                                      host: encrypted-tbn0.gstatic.com
                                                                                      sec-fetch-site: none
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: empty
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      142.250.179.131:443
                                                                                      Request
                                                                                      GET /safebrowsing/csd/client_model_v5_variation_6.pb HTTP/2.0
                                                                                      host: ssl.gstatic.com
                                                                                      sec-fetch-site: none
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: empty
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:443
                                                                                      Request
                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                      host: dns.google
                                                                                      accept: application/dns-message
                                                                                      accept-language: *
                                                                                      user-agent: Chrome
                                                                                      accept-encoding: identity
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET / HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      upgrade-insecure-requests: 1
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                      purpose: prefetch
                                                                                      sec-fetch-site: cross-site
                                                                                      sec-fetch-mode: navigate
                                                                                      sec-fetch-dest: document
                                                                                      referer: https://www.google.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/ HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      upgrade-insecure-requests: 1
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                      purpose: prefetch
                                                                                      sec-fetch-site: cross-site
                                                                                      sec-fetch-mode: navigate
                                                                                      sec-fetch-dest: document
                                                                                      referer: https://www.google.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/static/fonts/iosevka-regular.woff2
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/static/fonts/iosevka-regular.woff2 HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      origin: https://www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
                                                                                      purpose: prefetch
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: cors
                                                                                      sec-fetch-dest: font
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/static/fonts/googlesans-regular.ttf
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/static/fonts/googlesans-regular.ttf HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      origin: https://www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
                                                                                      purpose: prefetch
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: cors
                                                                                      sec-fetch-dest: font
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/main.900e36f7a852b9863014.js
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/main.900e36f7a852b9863014.js HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
                                                                                      purpose: prefetch
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: script
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/images/logo.svg
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/images/logo.svg HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
                                                                                      purpose: prefetch
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: image
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/images/omnibar/vt_logo.svg
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/images/omnibar/vt_logo.svg HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
                                                                                      purpose: prefetch
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: image
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/stackdriver-errors.239a9bb4d545f6f3f8ee.js
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/stackdriver-errors.239a9bb4d545f6f3f8ee.js HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: */*
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: script
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      POST
                                                                                      https://www.virustotal.com/ui/signin
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      POST /ui/signin HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      content-length: 4
                                                                                      x-tool: vt-ui-main
                                                                                      accept: application/json
                                                                                      x-app-version: v1x141x4
                                                                                      x-vt-anti-abuse-header: MTExMzA3NjE2NjItWkc5dWRDQmlaU0JsZG1scy0xNjcxNzk1NDE0LjQ5Mw==
                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      content-type: application/json
                                                                                      origin: https://www.virustotal.com
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: cors
                                                                                      sec-fetch-dest: empty
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/3789.1cda18a27da511a6130f.js
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/3789.1cda18a27da511a6130f.js HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: */*
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: script
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/9262.94e53a78a8796c954cd4.js
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/9262.94e53a78a8796c954cd4.js HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: */*
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: script
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/3494.4fe91483bcd041f676d8.js
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/3494.4fe91483bcd041f676d8.js HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: */*
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: script
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/vt-ui-shell-extra-deps.622a81b0530a0b62d881.js
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/vt-ui-shell-extra-deps.622a81b0530a0b62d881.js HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: */*
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: script
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                      cookie: _ga=GA1.2.1049222178.1671795415
                                                                                      cookie: _gid=GA1.2.1177704161.1671795415
                                                                                      cookie: _gat=1
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: */*
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: script
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                      cookie: _ga=GA1.2.1049222178.1671795415
                                                                                      cookie: _gid=GA1.2.1177704161.1671795415
                                                                                      cookie: _gat=1
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/static/qrcode.min.js
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/static/qrcode.min.js HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: */*
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: script
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                      cookie: _ga=GA1.2.1049222178.1671795415
                                                                                      cookie: _gid=GA1.2.1177704161.1671795415
                                                                                      cookie: _gat=1
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/static/opensearch.xml
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/static/opensearch.xml HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: empty
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/images/favicon.png
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/images/favicon.png HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: image
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                      cookie: _ga=GA1.2.1049222178.1671795415
                                                                                      cookie: _gid=GA1.2.1177704161.1671795415
                                                                                      cookie: _gat=1
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/service-worker.js
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/service-worker.js HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      cache-control: max-age=0
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: */*
                                                                                      service-worker: script
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: same-origin
                                                                                      sec-fetch-dest: serviceworker
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                      cookie: _ga=GA1.2.1049222178.1671795415
                                                                                      cookie: _gid=GA1.2.1177704161.1671795415
                                                                                      cookie: _gat=1
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/images/manifest/icon-192x192.png
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/images/manifest/icon-192x192.png HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: image
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                      cookie: _ga=GA1.2.1049222178.1671795415
                                                                                      cookie: _gid=GA1.2.1177704161.1671795415
                                                                                      cookie: _gat=1
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/sha256.worker.a6e2f1b9e97a4ea0b474.worker.js
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/sha256.worker.a6e2f1b9e97a4ea0b474.worker.js HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: */*
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: same-origin
                                                                                      sec-fetch-dest: worker
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                      cookie: _ga=GA1.2.1049222178.1671795415
                                                                                      cookie: _gid=GA1.2.1177704161.1671795415
                                                                                      cookie: _gat=1
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/ui/files/909812f6cd8c68d016297f479473253edcdaf8728cc047759cf944f0a7c3d1fc
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /ui/files/909812f6cd8c68d016297f479473253edcdaf8728cc047759cf944f0a7c3d1fc HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      x-tool: vt-ui-main
                                                                                      accept: application/json
                                                                                      x-app-version: v1x141x4
                                                                                      x-vt-anti-abuse-header: MTQzMjY0ODcyNTktWkc5dWRDQmlaU0JsZG1scy0xNjcxNzk1NDIyLjMwMw==
                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      content-type: application/json
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: cors
                                                                                      sec-fetch-dest: empty
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                      cookie: _ga=GA1.2.1049222178.1671795415
                                                                                      cookie: _gid=GA1.2.1177704161.1671795415
                                                                                      cookie: _gat=1
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/ui/files/upload_url
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /ui/files/upload_url HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      x-tool: vt-ui-main
                                                                                      accept: application/json
                                                                                      x-app-version: v1x141x4
                                                                                      x-vt-anti-abuse-header: MTM2NjA2MzY3MTktWkc5dWRDQmlaU0JsZG1scy0xNjcxNzk1NDI0LjM1OA==
                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      content-type: application/json
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: cors
                                                                                      sec-fetch-dest: empty
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                      cookie: _ga=GA1.2.1049222178.1671795415
                                                                                      cookie: _gid=GA1.2.1177704161.1671795415
                                                                                      cookie: _gat=1
                                                                                    • flag-unknown
                                                                                      POST
                                                                                      https://www.virustotal.com/_ah/upload/AMmfu6a0ZEkhmzONeX0I81OTzhoqjahLCUvCs9qeTSHaqDVbkwhIG_qn5OIaQMMGJhhOYJIsux9N-f5w1ij1_0YAE8uZxItUFfTgjSGWOozPvH3v4mD3oqae_oy7wLvB9dnRCV9PeMO0DyFPd5l7LUBk68W0okB8kFJKqyyyBxrH58Er7Rb_dBEKMTNt5n__gKChUCKV2cX9LRvPnvGwRIcB_fp60ZhtOMas0SmF4KVcDXnXqMBsHXdr2Pg3XWQPD3w-RLZM3v2gaZGLv6PFzNb7Tv-vRPm4jUlBtHnbGgXEq48XS4L-myq158_gxZNcxmOU8xpJgC7A2TI6fMPC6fC0k5WlfetEE_EnM7ZZ3dA30Zlqn68QNinqzCkxIG0WDaZStw-G7lcBx1TUsIqpjIwKnjqppXHH3QlluqNdQjEgHPHfwRUpZ9NZh32JygXKK_QACW93xmiUUL-3YslVCwFtQ88zoZx5uezwryvdC0uBIWWhQbUjlQWVJkYmMzGBo56Pq6qnD_PqQ5iJ0DkR7ZG1FhXrdp1RgLbsyrYsIQ-Pd1PyKGt321J3pjvRFi60Gg3QnKNWxZeef4ucIJaP8Iv4kBkv-dhoGhXPuJj-pn05zGM1nRSx9461grSH-sHgQbAkLLgCBOrPiCJ0FMpN2269eoxA-BwEmdwkA-wbaI-1JcYz09d90zPDq51XuT86S3ocsmLaWKtJK-s6yHOPosOHICmo5r0ilkbGQNWamZSYdCJMQV-u38OYmSjJNk0rTIiKSJ1TlaRcbvBlIOMD9l42ktMflFFL4xKE8mhC1PZBkEkTp8jvCN4JyE8L9nzrKtottNlYGPIFVUgsfKPKUVazGkzQPjAoofmBAPcodYmNseAVrpr5HTq413FD9zZFDvs0GuwGCPu0rJRPPjq-0auIQ3Ff5rH409OPzuiLBlYPEpbsdEU4obbmHUI8SargrAjKso4BSs_rf8tYmZQnlwf68Ib94bVEl7WyhV8n_fkaYBGrIcT4K5Y/ALBNUaYAAAAAY6WHKnREgCR19kuiUEneDtQMWGH_Vy89/
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      POST /_ah/upload/AMmfu6a0ZEkhmzONeX0I81OTzhoqjahLCUvCs9qeTSHaqDVbkwhIG_qn5OIaQMMGJhhOYJIsux9N-f5w1ij1_0YAE8uZxItUFfTgjSGWOozPvH3v4mD3oqae_oy7wLvB9dnRCV9PeMO0DyFPd5l7LUBk68W0okB8kFJKqyyyBxrH58Er7Rb_dBEKMTNt5n__gKChUCKV2cX9LRvPnvGwRIcB_fp60ZhtOMas0SmF4KVcDXnXqMBsHXdr2Pg3XWQPD3w-RLZM3v2gaZGLv6PFzNb7Tv-vRPm4jUlBtHnbGgXEq48XS4L-myq158_gxZNcxmOU8xpJgC7A2TI6fMPC6fC0k5WlfetEE_EnM7ZZ3dA30Zlqn68QNinqzCkxIG0WDaZStw-G7lcBx1TUsIqpjIwKnjqppXHH3QlluqNdQjEgHPHfwRUpZ9NZh32JygXKK_QACW93xmiUUL-3YslVCwFtQ88zoZx5uezwryvdC0uBIWWhQbUjlQWVJkYmMzGBo56Pq6qnD_PqQ5iJ0DkR7ZG1FhXrdp1RgLbsyrYsIQ-Pd1PyKGt321J3pjvRFi60Gg3QnKNWxZeef4ucIJaP8Iv4kBkv-dhoGhXPuJj-pn05zGM1nRSx9461grSH-sHgQbAkLLgCBOrPiCJ0FMpN2269eoxA-BwEmdwkA-wbaI-1JcYz09d90zPDq51XuT86S3ocsmLaWKtJK-s6yHOPosOHICmo5r0ilkbGQNWamZSYdCJMQV-u38OYmSjJNk0rTIiKSJ1TlaRcbvBlIOMD9l42ktMflFFL4xKE8mhC1PZBkEkTp8jvCN4JyE8L9nzrKtottNlYGPIFVUgsfKPKUVazGkzQPjAoofmBAPcodYmNseAVrpr5HTq413FD9zZFDvs0GuwGCPu0rJRPPjq-0auIQ3Ff5rH409OPzuiLBlYPEpbsdEU4obbmHUI8SargrAjKso4BSs_rf8tYmZQnlwf68Ib94bVEl7WyhV8n_fkaYBGrIcT4K5Y/ALBNUaYAAAAAY6WHKnREgCR19kuiUEneDtQMWGH_Vy89/ HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      content-length: 21334780
                                                                                      x-tool: vt-ui-main
                                                                                      x-app-version: v1x141x4
                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                      x-vt-anti-abuse-header: MTg2NzI2NzQ4MDgtWkc5dWRDQmlaU0JsZG1scy0xNjcxNzk1NDI0LjY5Nw==
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      content-type: multipart/form-data; boundary=----WebKitFormBoundaryc8aiwpwc6VczjpLx
                                                                                      accept: */*
                                                                                      origin: https://www.virustotal.com
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: cors
                                                                                      sec-fetch-dest: empty
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                      cookie: _ga=GA1.2.1049222178.1671795415
                                                                                      cookie: _gid=GA1.2.1177704161.1671795415
                                                                                      cookie: _gat=1
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.recaptcha.net/recaptcha/api.js?render=explicit
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      142.250.179.195:443
                                                                                      Request
                                                                                      GET /recaptcha/api.js?render=explicit HTTP/2.0
                                                                                      host: www.recaptcha.net
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
                                                                                      purpose: prefetch
                                                                                      sec-fetch-site: cross-site
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: script
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCUvUCfiJoqPiEgUNSoWeUg==?alt=proto
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      142.251.39.106:443
                                                                                      Request
                                                                                      GET /v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCUvUCfiJoqPiEgUNSoWeUg==?alt=proto HTTP/2.0
                                                                                      host: content-autofill.googleapis.com
                                                                                      x-goog-encode-response-if-executable: base64
                                                                                      x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                      x-client-data: CKSMywE=
                                                                                      sec-fetch-site: none
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: empty
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      OPTIONS
                                                                                      https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      142.251.39.110:443
                                                                                      Request
                                                                                      OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
                                                                                      host: play.google.com
                                                                                      accept: */*
                                                                                      access-control-request-method: POST
                                                                                      access-control-request-headers: x-goog-authuser
                                                                                      origin: https://www.google.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      sec-fetch-mode: cors
                                                                                      sec-fetch-site: same-site
                                                                                      sec-fetch-dest: empty
                                                                                      referer: https://www.google.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://www.virustotal.com/gui/manifest.json
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      74.125.34.46:443
                                                                                      Request
                                                                                      GET /gui/manifest.json HTTP/2.0
                                                                                      host: www.virustotal.com
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept: */*
                                                                                      sec-fetch-site: same-origin
                                                                                      sec-fetch-mode: cors
                                                                                      sec-fetch-dest: empty
                                                                                      referer: https://www.virustotal.com/
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      POST
                                                                                      https://update.googleapis.com/service/update2/json?cup2key=10:1800388193&cup2hreq=0c6e8b4596ae7765101ff11fbcebbca5f064b9d4d5a91993b574f53bb880cf36
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      142.250.179.195:443
                                                                                      Request
                                                                                      POST /service/update2/json?cup2key=10:1800388193&cup2hreq=0c6e8b4596ae7765101ff11fbcebbca5f064b9d4d5a91993b574f53bb880cf36 HTTP/2.0
                                                                                      host: update.googleapis.com
                                                                                      content-length: 3017
                                                                                      x-goog-update-appid: llkgjffcdpffmhiakmfcdcblohccpfmo,gcmjkmgdlgnkkcocmoeiminaijmmjnii,giekcmmlnklenlaomppkphknjmnnpneh,aemomkdncapdnfajjbbcbdebjljbpmpj,ihnlcenocehgdaegdmhbidjhnhdchfmm,hnimpnehoodheedghdeeijklkeaacbdc,khaoiebndkojlmppeemjhbpbandiljpe,obedbbhbpmojnkanicioggnmelmoomoc,cmahhnpholdijhjokonmfdjbfmklppij,jamhcnnkihinmdlkakkaopbjbbcngflc,ehgidpndbllacpjalkiimkbadgjfnnmc,ojhpjlocmbogdgmfpkhlaaeamibhnphh,ggkkehgbnfjpeggfpleeakpidbkibbmn,jflookgnkcckhobaglndicnbbgbonegd,eeigpngbgcognadeebkilcpcaedhellh,gkmgaooipdjhmangpemjhigmamcehddo,bklopemakmnopmghhmccadeonafabnal,hfnkpimlhhgieaddgfemjhofmfblmnib,oimompecagnajdejgnnjijobebaeigek
                                                                                      x-goog-update-interactivity: bg
                                                                                      x-goog-update-updater: chrome-89.0.4389.114
                                                                                      content-type: application/json
                                                                                      sec-fetch-site: none
                                                                                      sec-fetch-mode: no-cors
                                                                                      sec-fetch-dest: empty
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept-encoding: gzip, deflate, br
                                                                                    • flag-unknown
                                                                                      DNS
                                                                                      edgedl.me.gvt1.com
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      edgedl.me.gvt1.com
                                                                                      IN A
                                                                                      Response
                                                                                      edgedl.me.gvt1.com
                                                                                      IN A
                                                                                      34.104.35.123
                                                                                    • flag-unknown
                                                                                      HEAD
                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      HEAD /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-length: 2876
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      x-request-id: 301746b9-10ba-45f6-bafb-e809bb522d1c
                                                                                      date: Thu, 22 Dec 2022 13:23:57 GMT
                                                                                      age: 76423
                                                                                      last-modified: Wed, 23 Mar 2022 16:40:40 GMT
                                                                                      etag: "d1bcdc"
                                                                                      content-type: application/x-chrome-extension
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                      coprocessor-response: download-server
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      If-Unmodified-Since: Wed, 23 Mar 2022 16:40:40 GMT
                                                                                      Range: bytes=0-1119
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 206 Partial Content
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-length: 1120
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      x-request-id: 8490fd33-774a-4034-a131-efc12607229e
                                                                                      date: Thu, 22 Dec 2022 13:23:57 GMT
                                                                                      age: 76423
                                                                                      last-modified: Wed, 23 Mar 2022 16:40:40 GMT
                                                                                      etag: "d1bcdc"
                                                                                      content-type: application/x-chrome-extension
                                                                                      content-range: bytes 0-1119/2876
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                      coprocessor-response: download-server
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      If-Unmodified-Since: Wed, 23 Mar 2022 16:40:40 GMT
                                                                                      Range: bytes=1120-2875
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 206 Partial Content
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-length: 1756
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      x-request-id: 5bfc90f2-52d3-4119-9117-6924a0e10128
                                                                                      date: Thu, 22 Dec 2022 13:23:57 GMT
                                                                                      age: 76427
                                                                                      last-modified: Wed, 23 Mar 2022 16:40:40 GMT
                                                                                      etag: "d1bcdc"
                                                                                      content-type: application/x-chrome-extension
                                                                                      content-range: bytes 1120-2875/2876
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                    • flag-unknown
                                                                                      HEAD
                                                                                      http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      HEAD /edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3 HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-length: 40738
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      x-request-id: 6f6cc0b3-6ae2-4e1b-8704-9c5e2b0d864f
                                                                                      date: Fri, 23 Dec 2022 07:09:53 GMT
                                                                                      age: 12484
                                                                                      last-modified: Thu, 10 Nov 2022 20:31:42 GMT
                                                                                      etag: "101f229"
                                                                                      content-type: application/octet-stream
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      GET /edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3 HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      If-Unmodified-Since: Thu, 10 Nov 2022 20:31:42 GMT
                                                                                      Range: bytes=0-4520
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 206 Partial Content
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-length: 4521
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      x-request-id: bfcdfd79-44d5-4a39-9331-007341c7c956
                                                                                      date: Fri, 23 Dec 2022 07:09:53 GMT
                                                                                      age: 12484
                                                                                      last-modified: Thu, 10 Nov 2022 20:31:42 GMT
                                                                                      etag: "101f229"
                                                                                      content-type: application/octet-stream
                                                                                      content-range: bytes 0-4520/40738
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      GET /edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3 HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      If-Unmodified-Since: Thu, 10 Nov 2022 20:31:42 GMT
                                                                                      Range: bytes=4521-15009
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 206 Partial Content
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-length: 10489
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      x-request-id: 02a74264-ea1d-487a-a00d-80b4c7a917c8
                                                                                      date: Fri, 23 Dec 2022 07:09:53 GMT
                                                                                      age: 12485
                                                                                      last-modified: Thu, 10 Nov 2022 20:31:42 GMT
                                                                                      etag: "101f229"
                                                                                      content-type: application/octet-stream
                                                                                      content-range: bytes 4521-15009/40738
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      GET /edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3 HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      If-Unmodified-Since: Thu, 10 Nov 2022 20:31:42 GMT
                                                                                      Range: bytes=15010-35558
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 206 Partial Content
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-length: 20549
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      x-request-id: 4d9c5f9d-dd4e-4d42-b5d5-087301b80188
                                                                                      date: Fri, 23 Dec 2022 07:09:53 GMT
                                                                                      age: 12487
                                                                                      last-modified: Thu, 10 Nov 2022 20:31:42 GMT
                                                                                      etag: "101f229"
                                                                                      content-type: application/octet-stream
                                                                                      content-range: bytes 15010-35558/40738
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      GET /edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3 HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      If-Unmodified-Since: Thu, 10 Nov 2022 20:31:42 GMT
                                                                                      Range: bytes=35559-40737
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 206 Partial Content
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-length: 5179
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      x-request-id: 85758c17-fd85-4a6b-acc5-e4b8167b1689
                                                                                      date: Fri, 23 Dec 2022 07:09:53 GMT
                                                                                      age: 12488
                                                                                      last-modified: Thu, 10 Nov 2022 20:31:42 GMT
                                                                                      etag: "101f229"
                                                                                      content-type: application/octet-stream
                                                                                      content-range: bytes 35559-40737/40738
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                    • flag-unknown
                                                                                      HEAD
                                                                                      http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      HEAD /edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      content-length: 5406
                                                                                      x-request-id: d4513bfe-d565-4e94-809a-7647cff0d666
                                                                                      date: Thu, 22 Dec 2022 15:09:56 GMT
                                                                                      age: 70105
                                                                                      last-modified: Wed, 17 Jul 2019 00:41:02 GMT
                                                                                      etag: "413d8a"
                                                                                      content-type: application/octet-stream
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      GET /edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      If-Unmodified-Since: Wed, 17 Jul 2019 00:41:02 GMT
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      content-length: 5406
                                                                                      x-request-id: d41ead33-20e9-44b3-bebe-f75aa35f64a4
                                                                                      date: Thu, 22 Dec 2022 15:09:56 GMT
                                                                                      age: 70105
                                                                                      last-modified: Wed, 17 Jul 2019 00:41:02 GMT
                                                                                      etag: "413d8a"
                                                                                      content-type: application/octet-stream
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                    • flag-unknown
                                                                                      HEAD
                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      HEAD /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      content-length: 9505
                                                                                      x-request-id: 5ce1d01e-cac3-4bf8-a414-2554ac4bf478
                                                                                      date: Thu, 22 Dec 2022 18:54:06 GMT
                                                                                      age: 56680
                                                                                      last-modified: Mon, 16 Aug 2021 20:43:55 GMT
                                                                                      etag: "a93f27"
                                                                                      content-type: application/x-chrome-extension
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      If-Unmodified-Since: Mon, 16 Aug 2021 20:43:55 GMT
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      content-length: 9505
                                                                                      x-request-id: 77608781-5692-4b60-aa53-b8490b036164
                                                                                      date: Thu, 22 Dec 2022 18:54:06 GMT
                                                                                      age: 56680
                                                                                      last-modified: Mon, 16 Aug 2021 20:43:55 GMT
                                                                                      etag: "a93f27"
                                                                                      content-type: application/x-chrome-extension
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                    • flag-unknown
                                                                                      HEAD
                                                                                      http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      HEAD /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      content-length: 148557
                                                                                      x-request-id: f067008e-3e05-4490-b66d-bfffd5b636b9
                                                                                      date: Thu, 22 Dec 2022 15:35:51 GMT
                                                                                      age: 68604
                                                                                      last-modified: Mon, 16 May 2022 15:33:39 GMT
                                                                                      etag: "debf6d"
                                                                                      content-type: application/octet-stream
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                      coprocessor-response: download-server
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
                                                                                      Remote address:
                                                                                      34.104.35.123:80
                                                                                      Request
                                                                                      GET /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      Accept-Encoding: identity
                                                                                      If-Unmodified-Since: Mon, 16 May 2022 15:33:39 GMT
                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                      Host: edgedl.me.gvt1.com
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      accept-ranges: bytes
                                                                                      content-disposition: attachment
                                                                                      content-security-policy: default-src 'none'
                                                                                      server: Google-Edge-Cache
                                                                                      x-content-type-options: nosniff
                                                                                      x-frame-options: SAMEORIGIN
                                                                                      x-xss-protection: 0
                                                                                      content-length: 148557
                                                                                      x-request-id: f18b8363-ce31-486a-941e-0caafdd92d2f
                                                                                      date: Thu, 22 Dec 2022 15:35:51 GMT
                                                                                      age: 68604
                                                                                      last-modified: Mon, 16 May 2022 15:33:39 GMT
                                                                                      etag: "debf6d"
                                                                                      content-type: application/octet-stream
                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                      cache-control: public,max-age=86400
                                                                                      coprocessor-response: download-server
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:443
                                                                                      Request
                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                      host: dns.google
                                                                                      accept: application/dns-message
                                                                                      accept-language: *
                                                                                      user-agent: Chrome
                                                                                      accept-encoding: identity
                                                                                    • flag-unknown
                                                                                      GET
                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:443
                                                                                      Request
                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                      host: dns.google
                                                                                      accept: application/dns-message
                                                                                      accept-language: *
                                                                                      user-agent: Chrome
                                                                                      accept-encoding: identity
                                                                                    • flag-unknown
                                                                                      POST
                                                                                      https://beacons.gvt2.com/domainreliability/upload
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      172.217.168.227:443
                                                                                      Request
                                                                                      POST /domainreliability/upload HTTP/2.0
                                                                                      host: beacons.gvt2.com
                                                                                      content-length: 268
                                                                                      content-type: application/json; charset=utf-8
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                    • flag-unknown
                                                                                      POST
                                                                                      https://e2c26.gcp.gvt2.com/nel/
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      34.86.82.41:443
                                                                                      Request
                                                                                      POST /nel/ HTTP/2.0
                                                                                      host: e2c26.gcp.gvt2.com
                                                                                      content-length: 268
                                                                                      content-type: application/json; charset=utf-8
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      accept-language: en-US,en;q=0.9
                                                                                      Response
                                                                                      HTTP/2.0 204
                                                                                      date: Fri, 23 Dec 2022 10:38:43 GMT
                                                                                    • flag-unknown
                                                                                      DNS
                                                                                      edgedl.me.gvt1.com
                                                                                      chrome.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      edgedl.me.gvt1.com
                                                                                      IN A
                                                                                      Response
                                                                                      edgedl.me.gvt1.com
                                                                                      IN A
                                                                                      34.104.35.123
                                                                                    • 34.117.35.28:80
                                                                                      http://download.cdn.mozilla.net/pub/firefox/releases/72.0.2/update/win64/en-US/firefox-71.0-72.0.2.partial.mar
                                                                                      http
                                                                                      IEXPLORE.EXE
                                                                                      723.2kB
                                                                                      21.9MB
                                                                                      15714
                                                                                      15675

                                                                                      HTTP Request

                                                                                      GET http://download.cdn.mozilla.net/pub/firefox/releases/72.0.2/update/win64/en-US/firefox-71.0-72.0.2.partial.mar

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 34.117.35.28:80
                                                                                      download.cdn.mozilla.net
                                                                                      IEXPLORE.EXE
                                                                                      144 B
                                                                                      52 B
                                                                                      3
                                                                                      1
                                                                                    • 93.184.221.240:80
                                                                                      322 B
                                                                                      7
                                                                                    • 93.184.221.240:80
                                                                                      322 B
                                                                                      7
                                                                                    • 13.69.239.72:443
                                                                                      322 B
                                                                                      7
                                                                                    • 142.250.179.174:443
                                                                                      clients2.google.com
                                                                                      tls, https
                                                                                      chrome.exe
                                                                                      2.1kB
                                                                                      9.6kB
                                                                                      16
                                                                                      18
                                                                                    • 172.217.168.237:443
                                                                                      https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      1.8kB
                                                                                      7.5kB
                                                                                      17
                                                                                      19

                                                                                      HTTP Request

                                                                                      POST https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                                                                                    • 34.104.35.123:80
                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
                                                                                      http
                                                                                      chrome.exe
                                                                                      4.9kB
                                                                                      256.7kB
                                                                                      99
                                                                                      189

                                                                                      HTTP Request

                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 8.8.8.8:443
                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      2.2kB
                                                                                      8.1kB
                                                                                      21
                                                                                      24

                                                                                      HTTP Request

                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                      HTTP Request

                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                    • 8.8.8.8:443
                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      1.7kB
                                                                                      7.1kB
                                                                                      16
                                                                                      17

                                                                                      HTTP Request

                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                    • 142.251.39.110:443
                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTnJN-7Uk6UuU4Zp-EesrfgSzCxB3LOdQtymvqH3IgwqnMRAREtGT_NCGA&s=10
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      2.5kB
                                                                                      13.0kB
                                                                                      25
                                                                                      27

                                                                                      HTTP Request

                                                                                      GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRL8HqXUVyXHcwB4LGusRVdKxZKLqyTBiUi8dksEBU&s=10

                                                                                      HTTP Request

                                                                                      GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSlWQJ0cQYpPaerm1svWk74GOfsaHCV8jyP04gayW8&s=10

                                                                                      HTTP Request

                                                                                      GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTtyS-3U_4svsfR94TX7fWsaPWwWtHThn2X_VX_pFK67bsC8hVQg6J7btQ&s=10

                                                                                      HTTP Request

                                                                                      GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRZGJ-kWvZj11oR65BNnyIEk1qmUDoGsxUK7bog1vM&s=10

                                                                                      HTTP Request

                                                                                      GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTnJN-7Uk6UuU4Zp-EesrfgSzCxB3LOdQtymvqH3IgwqnMRAREtGT_NCGA&s=10
                                                                                    • 142.251.39.110:443
                                                                                      encrypted-tbn0.gstatic.com
                                                                                      tls
                                                                                      chrome.exe
                                                                                      839 B
                                                                                      4.6kB
                                                                                      7
                                                                                      6
                                                                                    • 142.251.39.110:443
                                                                                      encrypted-tbn0.gstatic.com
                                                                                      tls
                                                                                      chrome.exe
                                                                                      885 B
                                                                                      4.6kB
                                                                                      8
                                                                                      7
                                                                                    • 142.251.39.110:443
                                                                                      encrypted-tbn0.gstatic.com
                                                                                      tls
                                                                                      chrome.exe
                                                                                      885 B
                                                                                      4.6kB
                                                                                      8
                                                                                      7
                                                                                    • 142.251.39.110:443
                                                                                      chrome.exe
                                                                                      190 B
                                                                                      92 B
                                                                                      4
                                                                                      2
                                                                                    • 142.250.179.131:443
                                                                                      https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      3.0kB
                                                                                      92.1kB
                                                                                      45
                                                                                      75

                                                                                      HTTP Request

                                                                                      GET https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
                                                                                    • 8.8.8.8:443
                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      1.6kB
                                                                                      7.1kB
                                                                                      15
                                                                                      17

                                                                                      HTTP Request

                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                    • 74.125.34.46:443
                                                                                      https://www.virustotal.com/_ah/upload/AMmfu6a0ZEkhmzONeX0I81OTzhoqjahLCUvCs9qeTSHaqDVbkwhIG_qn5OIaQMMGJhhOYJIsux9N-f5w1ij1_0YAE8uZxItUFfTgjSGWOozPvH3v4mD3oqae_oy7wLvB9dnRCV9PeMO0DyFPd5l7LUBk68W0okB8kFJKqyyyBxrH58Er7Rb_dBEKMTNt5n__gKChUCKV2cX9LRvPnvGwRIcB_fp60ZhtOMas0SmF4KVcDXnXqMBsHXdr2Pg3XWQPD3w-RLZM3v2gaZGLv6PFzNb7Tv-vRPm4jUlBtHnbGgXEq48XS4L-myq158_gxZNcxmOU8xpJgC7A2TI6fMPC6fC0k5WlfetEE_EnM7ZZ3dA30Zlqn68QNinqzCkxIG0WDaZStw-G7lcBx1TUsIqpjIwKnjqppXHH3QlluqNdQjEgHPHfwRUpZ9NZh32JygXKK_QACW93xmiUUL-3YslVCwFtQ88zoZx5uezwryvdC0uBIWWhQbUjlQWVJkYmMzGBo56Pq6qnD_PqQ5iJ0DkR7ZG1FhXrdp1RgLbsyrYsIQ-Pd1PyKGt321J3pjvRFi60Gg3QnKNWxZeef4ucIJaP8Iv4kBkv-dhoGhXPuJj-pn05zGM1nRSx9461grSH-sHgQbAkLLgCBOrPiCJ0FMpN2269eoxA-BwEmdwkA-wbaI-1JcYz09d90zPDq51XuT86S3ocsmLaWKtJK-s6yHOPosOHICmo5r0ilkbGQNWamZSYdCJMQV-u38OYmSjJNk0rTIiKSJ1TlaRcbvBlIOMD9l42ktMflFFL4xKE8mhC1PZBkEkTp8jvCN4JyE8L9nzrKtottNlYGPIFVUgsfKPKUVazGkzQPjAoofmBAPcodYmNseAVrpr5HTq413FD9zZFDvs0GuwGCPu0rJRPPjq-0auIQ3Ff5rH409OPzuiLBlYPEpbsdEU4obbmHUI8SargrAjKso4BSs_rf8tYmZQnlwf68Ib94bVEl7WyhV8n_fkaYBGrIcT4K5Y/ALBNUaYAAAAAY6WHKnREgCR19kuiUEneDtQMWGH_Vy89/
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      10.3MB
                                                                                      1.6MB
                                                                                      8282
                                                                                      5109

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/static/fonts/iosevka-regular.woff2

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/static/fonts/googlesans-regular.ttf

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/main.900e36f7a852b9863014.js

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/images/logo.svg

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/images/omnibar/vt_logo.svg

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/stackdriver-errors.239a9bb4d545f6f3f8ee.js

                                                                                      HTTP Request

                                                                                      POST https://www.virustotal.com/ui/signin

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/3789.1cda18a27da511a6130f.js

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/9262.94e53a78a8796c954cd4.js

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/3494.4fe91483bcd041f676d8.js

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/vt-ui-shell-extra-deps.622a81b0530a0b62d881.js

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/static/qrcode.min.js

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/static/opensearch.xml

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/images/favicon.png

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/service-worker.js

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/images/manifest/icon-192x192.png

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/sha256.worker.a6e2f1b9e97a4ea0b474.worker.js

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/ui/files/909812f6cd8c68d016297f479473253edcdaf8728cc047759cf944f0a7c3d1fc

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/ui/files/upload_url

                                                                                      HTTP Request

                                                                                      POST https://www.virustotal.com/_ah/upload/AMmfu6a0ZEkhmzONeX0I81OTzhoqjahLCUvCs9qeTSHaqDVbkwhIG_qn5OIaQMMGJhhOYJIsux9N-f5w1ij1_0YAE8uZxItUFfTgjSGWOozPvH3v4mD3oqae_oy7wLvB9dnRCV9PeMO0DyFPd5l7LUBk68W0okB8kFJKqyyyBxrH58Er7Rb_dBEKMTNt5n__gKChUCKV2cX9LRvPnvGwRIcB_fp60ZhtOMas0SmF4KVcDXnXqMBsHXdr2Pg3XWQPD3w-RLZM3v2gaZGLv6PFzNb7Tv-vRPm4jUlBtHnbGgXEq48XS4L-myq158_gxZNcxmOU8xpJgC7A2TI6fMPC6fC0k5WlfetEE_EnM7ZZ3dA30Zlqn68QNinqzCkxIG0WDaZStw-G7lcBx1TUsIqpjIwKnjqppXHH3QlluqNdQjEgHPHfwRUpZ9NZh32JygXKK_QACW93xmiUUL-3YslVCwFtQ88zoZx5uezwryvdC0uBIWWhQbUjlQWVJkYmMzGBo56Pq6qnD_PqQ5iJ0DkR7ZG1FhXrdp1RgLbsyrYsIQ-Pd1PyKGt321J3pjvRFi60Gg3QnKNWxZeef4ucIJaP8Iv4kBkv-dhoGhXPuJj-pn05zGM1nRSx9461grSH-sHgQbAkLLgCBOrPiCJ0FMpN2269eoxA-BwEmdwkA-wbaI-1JcYz09d90zPDq51XuT86S3ocsmLaWKtJK-s6yHOPosOHICmo5r0ilkbGQNWamZSYdCJMQV-u38OYmSjJNk0rTIiKSJ1TlaRcbvBlIOMD9l42ktMflFFL4xKE8mhC1PZBkEkTp8jvCN4JyE8L9nzrKtottNlYGPIFVUgsfKPKUVazGkzQPjAoofmBAPcodYmNseAVrpr5HTq413FD9zZFDvs0GuwGCPu0rJRPPjq-0auIQ3Ff5rH409OPzuiLBlYPEpbsdEU4obbmHUI8SargrAjKso4BSs_rf8tYmZQnlwf68Ib94bVEl7WyhV8n_fkaYBGrIcT4K5Y/ALBNUaYAAAAAY6WHKnREgCR19kuiUEneDtQMWGH_Vy89/
                                                                                    • 142.250.179.195:443
                                                                                      https://www.recaptcha.net/recaptcha/api.js?render=explicit
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      1.9kB
                                                                                      13.9kB
                                                                                      18
                                                                                      22

                                                                                      HTTP Request

                                                                                      GET https://www.recaptcha.net/recaptcha/api.js?render=explicit
                                                                                    • 142.251.39.106:443
                                                                                      https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCUvUCfiJoqPiEgUNSoWeUg==?alt=proto
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      1.8kB
                                                                                      6.5kB
                                                                                      15
                                                                                      16

                                                                                      HTTP Request

                                                                                      GET https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCUvUCfiJoqPiEgUNSoWeUg==?alt=proto
                                                                                    • 142.251.39.110:443
                                                                                      https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      1.8kB
                                                                                      8.6kB
                                                                                      16
                                                                                      16

                                                                                      HTTP Request

                                                                                      OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                    • 74.125.34.46:443
                                                                                      https://www.virustotal.com/gui/manifest.json
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      1.6kB
                                                                                      5.0kB
                                                                                      14
                                                                                      15

                                                                                      HTTP Request

                                                                                      GET https://www.virustotal.com/gui/manifest.json
                                                                                    • 93.184.221.240:80
                                                                                      276 B
                                                                                      6
                                                                                    • 93.184.221.240:80
                                                                                      276 B
                                                                                      6
                                                                                    • 142.250.179.195:443
                                                                                      https://update.googleapis.com/service/update2/json?cup2key=10:1800388193&cup2hreq=0c6e8b4596ae7765101ff11fbcebbca5f064b9d4d5a91993b574f53bb880cf36
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      5.5kB
                                                                                      11.0kB
                                                                                      19
                                                                                      20

                                                                                      HTTP Request

                                                                                      POST https://update.googleapis.com/service/update2/json?cup2key=10:1800388193&cup2hreq=0c6e8b4596ae7765101ff11fbcebbca5f064b9d4d5a91993b574f53bb880cf36
                                                                                    • 34.104.35.123:80
                                                                                      http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
                                                                                      http
                                                                                      8.9kB
                                                                                      222.0kB
                                                                                      99
                                                                                      168

                                                                                      HTTP Request

                                                                                      HEAD http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

                                                                                      HTTP Response

                                                                                      206

                                                                                      HTTP Request

                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

                                                                                      HTTP Response

                                                                                      206

                                                                                      HTTP Request

                                                                                      HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

                                                                                      HTTP Response

                                                                                      206

                                                                                      HTTP Request

                                                                                      GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

                                                                                      HTTP Response

                                                                                      206

                                                                                      HTTP Request

                                                                                      GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

                                                                                      HTTP Response

                                                                                      206

                                                                                      HTTP Request

                                                                                      GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

                                                                                      HTTP Response

                                                                                      206

                                                                                      HTTP Request

                                                                                      HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      HEAD http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 8.8.8.8:443
                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      2.0kB
                                                                                      7.9kB
                                                                                      18
                                                                                      21

                                                                                      HTTP Request

                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                      HTTP Request

                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                    • 142.250.179.202:443
                                                                                      safebrowsing.googleapis.com
                                                                                      tls, https
                                                                                      chrome.exe
                                                                                      104.3kB
                                                                                      6.2MB
                                                                                      2238
                                                                                      4424
                                                                                    • 142.250.179.131:443
                                                                                      beacons.gcp.gvt2.com
                                                                                      tls
                                                                                      chrome.exe
                                                                                      747 B
                                                                                      4.6kB
                                                                                      5
                                                                                      6
                                                                                    • 142.250.179.131:443
                                                                                      beacons.gcp.gvt2.com
                                                                                      tls
                                                                                      chrome.exe
                                                                                      897 B
                                                                                      4.6kB
                                                                                      7
                                                                                      7
                                                                                    • 35.184.229.211:443
                                                                                      tls, https
                                                                                      chrome.exe
                                                                                      1.2kB
                                                                                      696 B
                                                                                      11
                                                                                      11
                                                                                    • 172.217.166.99:443
                                                                                      tls
                                                                                      chrome.exe
                                                                                      1.8kB
                                                                                      7.1kB
                                                                                      16
                                                                                      21
                                                                                    • 172.217.166.99:443
                                                                                      beacons2.gvt2.com
                                                                                      tls, https
                                                                                      chrome.exe
                                                                                      949 B
                                                                                      5.3kB
                                                                                      8
                                                                                      8
                                                                                    • 172.217.168.227:443
                                                                                      https://beacons.gvt2.com/domainreliability/upload
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      1.9kB
                                                                                      6.6kB
                                                                                      14
                                                                                      13

                                                                                      HTTP Request

                                                                                      POST https://beacons.gvt2.com/domainreliability/upload
                                                                                    • 34.86.82.41:443
                                                                                      https://e2c26.gcp.gvt2.com/nel/
                                                                                      tls, http2
                                                                                      chrome.exe
                                                                                      1.9kB
                                                                                      5.9kB
                                                                                      15
                                                                                      19

                                                                                      HTTP Request

                                                                                      POST https://e2c26.gcp.gvt2.com/nel/

                                                                                      HTTP Response

                                                                                      204
                                                                                    • 8.8.8.8:53
                                                                                      download.cdn.mozilla.net
                                                                                      dns
                                                                                      chrome.exe
                                                                                      70 B
                                                                                      125 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      download.cdn.mozilla.net

                                                                                      DNS Response

                                                                                      34.117.35.28

                                                                                    • 224.0.0.251:5353
                                                                                      2.9kB
                                                                                      49
                                                                                    • 8.8.8.8:53
                                                                                      clients2.google.com
                                                                                      dns
                                                                                      chrome.exe
                                                                                      65 B
                                                                                      105 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      clients2.google.com

                                                                                      DNS Response

                                                                                      142.250.179.174

                                                                                    • 8.8.8.8:53
                                                                                      accounts.google.com
                                                                                      dns
                                                                                      chrome.exe
                                                                                      65 B
                                                                                      81 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      accounts.google.com

                                                                                      DNS Response

                                                                                      172.217.168.237

                                                                                    • 8.8.8.8:53
                                                                                      edgedl.me.gvt1.com
                                                                                      dns
                                                                                      chrome.exe
                                                                                      64 B
                                                                                      80 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      edgedl.me.gvt1.com

                                                                                      DNS Response

                                                                                      34.104.35.123

                                                                                    • 8.8.8.8:53
                                                                                      apis.google.com
                                                                                      dns
                                                                                      chrome.exe
                                                                                      61 B
                                                                                      98 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      apis.google.com

                                                                                      DNS Response

                                                                                      142.250.179.142

                                                                                    • 8.8.8.8:53
                                                                                      dns.google
                                                                                      dns
                                                                                      chrome.exe
                                                                                      56 B
                                                                                      88 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      dns.google

                                                                                      DNS Response

                                                                                      8.8.8.8
                                                                                      8.8.4.4

                                                                                    • 8.8.8.8:443
                                                                                      dns.google
                                                                                      https
                                                                                      chrome.exe
                                                                                      6.4kB
                                                                                      13.4kB
                                                                                      28
                                                                                      28
                                                                                    • 142.251.39.110:443
                                                                                      https
                                                                                      chrome.exe
                                                                                      4.4kB
                                                                                      17.0kB
                                                                                      17
                                                                                      16
                                                                                    • 142.251.39.110:443
                                                                                      https
                                                                                      chrome.exe
                                                                                      5.4kB
                                                                                      9.0kB
                                                                                      7
                                                                                      7
                                                                                    • 8.8.8.8:443
                                                                                      dns.google
                                                                                      https
                                                                                      chrome.exe
                                                                                      3.2kB
                                                                                      6.4kB
                                                                                      6
                                                                                      6
                                                                                    • 8.8.8.8:53
                                                                                      edgedl.me.gvt1.com
                                                                                      dns
                                                                                      chrome.exe
                                                                                      64 B
                                                                                      80 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      edgedl.me.gvt1.com

                                                                                      DNS Response

                                                                                      34.104.35.123

                                                                                    • 142.250.179.195:443
                                                                                      https
                                                                                      chrome.exe
                                                                                      7.7kB
                                                                                      8.4kB
                                                                                      13
                                                                                      13
                                                                                    • 8.8.8.8:443
                                                                                      dns.google
                                                                                      https
                                                                                      chrome.exe
                                                                                      2.9kB
                                                                                      5.5kB
                                                                                      4
                                                                                      4
                                                                                    • 8.8.8.8:443
                                                                                      dns.google
                                                                                      https
                                                                                      chrome.exe
                                                                                      2.3kB
                                                                                      3.6kB
                                                                                      8
                                                                                      7
                                                                                    • 172.217.166.99:443
                                                                                      https
                                                                                      chrome.exe
                                                                                      5.0kB
                                                                                      11.0kB
                                                                                      9
                                                                                      13
                                                                                    • 8.8.8.8:53
                                                                                      edgedl.me.gvt1.com
                                                                                      dns
                                                                                      chrome.exe
                                                                                      64 B
                                                                                      80 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      edgedl.me.gvt1.com

                                                                                      DNS Response

                                                                                      34.104.35.123

                                                                                    • 142.250.179.195:443
                                                                                      https
                                                                                      chrome.exe
                                                                                      2.9kB
                                                                                      2.4kB
                                                                                      5
                                                                                      4

                                                                                    MITRE ATT&CK Enterprise v6

                                                                                    Replay Monitor

                                                                                    Loading Replay Monitor...

                                                                                    Downloads

                                                                                    • C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\ChromeRecovery.exe

                                                                                      Filesize

                                                                                      253KB

                                                                                      MD5

                                                                                      49ac3c96d270702a27b4895e4ce1f42a

                                                                                      SHA1

                                                                                      55b90405f1e1b72143c64113e8bc65608dd3fd76

                                                                                      SHA256

                                                                                      82aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f

                                                                                      SHA512

                                                                                      b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3

                                                                                      Filesize

                                                                                      141KB

                                                                                      MD5

                                                                                      ea1c1ffd3ea54d1fb117bfdbb3569c60

                                                                                      SHA1

                                                                                      10958b0f690ae8f5240e1528b1ccffff28a33272

                                                                                      SHA256

                                                                                      7c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d

                                                                                      SHA512

                                                                                      6c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf

                                                                                    • C:\Users\Admin\Downloads\firefox-71.0-72.0.2.partial.mar.sn3mg90.partial

                                                                                      Filesize

                                                                                      20.3MB

                                                                                      MD5

                                                                                      cbb5c45b084982f331963e53ce1018d3

                                                                                      SHA1

                                                                                      790dc9f80884ff2ad88627e29b55cfd8058c94c7

                                                                                      SHA256

                                                                                      909812f6cd8c68d016297f479473253edcdaf8728cc047759cf944f0a7c3d1fc

                                                                                      SHA512

                                                                                      81da0af34c61d61ea0cbe9c1cbfdcbf0a6c6260614b7625a9cce07e3846260b45198967dbd0ad958a27eddbc0d538cfef2e250ace5c25ea3c02eb2bb2010fa06

                                                                                    We care about your privacy.

                                                                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.