hxxp://download[.]cdn[.]mozilla[.]net/pub/firefox/releases/72[.]0[.]2/update/win64/en-US/firefox-71[.]0-72[.]0[.]2[.]partial[.]mar

Resubmissions

23/12/2022, 10:41 UTC

221223-mq3b8abe4x 1

23/12/2022, 10:35 UTC

221223-mm5ceagd22 8

Analysis

max time kernel
207s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23/12/2022, 10:35 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://download.cdn.mozilla.net/pub/firefox/releases/72.0.2/update/win64/en-US/firefox-71.0-72.0.2.partial.mar

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
740	ChromeRecovery.exe

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\ChromeRecovery.exe	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\manifest.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\manifest.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\_metadata\verified_contents.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\_metadata\verified_contents.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\ChromeRecoveryCRX.crx	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\ChromeRecovery.exe	elevation_service.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 467899b2bcaed801	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31004354"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d0634478bc513c42b46183dd4c643e8300000000020000000000106600000001000020000000c991a784932835f163e404f8aea2c4e28f6947241601efec2b92b248ca60a59d000000000e8000000002000020000000f2b9038fcc4340fa7b0351cecbc5d76c2324c601c3d8c04d22bf5780bda33928200000003ec5044b5aed6d111297d79cec6c9b5486c1297a876ce6ecd228e9b621e60130400000002cbb7a1436e147a9fa7cfd3eb431cfabc15b82c4db8a287ff3a45702714b74767f75b144154151451fea83b78472fdd980288c5e036e6a237218000c24f53981	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 305f6bcec216d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0c98ccec216d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31004354"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d0634478bc513c42b46183dd4c643e8300000000020000000000106600000001000020000000e4235d7960bae2c60b42533f0216f9cb77c27d39627a297f5ab60cacca0778df000000000e8000000002000020000000173bef35d4eaea0d2c3af3fed1326cd5dc5c820abd36b69eb1dff129b0774119200000005758fa7124fec55090f37c36128c278502f002a970143a75c2dedbea760dde5840000000bbeb8060dbdb1126d3376a708a16a8b08247004c338a5f4b9ef35f048f5141e9d1e4ed4f8a7ea0709fcfb845ed4023cb86f230d1e72708974f97fcb17bc34e97	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3410495863"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F69F310C-82B5-11ED-AECB-520B3B914C01} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{48C8457B-1F7E-4BC8-B70D-11889606F7BA}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3410495863"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003c000000900300001c020000	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	iexplore.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
1576	chrome.exe
1576	chrome.exe
3304	chrome.exe
3304	chrome.exe
2356	chrome.exe
2356	chrome.exe
4924	chrome.exe
4924	chrome.exe
4324	chrome.exe
4324	chrome.exe
2156	chrome.exe
2156	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
1012	chrome.exe
1012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4304	iexplore.exe
4304	iexplore.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4304	iexplore.exe
4304	iexplore.exe
4184	IEXPLORE.EXE
4184	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4304 wrote to memory of 4184	4304	iexplore.exe	80
PID 4304 wrote to memory of 4184	4304	iexplore.exe	80
PID 4304 wrote to memory of 4184	4304	iexplore.exe	80
PID 1576 wrote to memory of 1464	1576	chrome.exe	96
PID 1576 wrote to memory of 1464	1576	chrome.exe	96
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 680	1576	chrome.exe	97
PID 1576 wrote to memory of 4616	1576	chrome.exe	98
PID 1576 wrote to memory of 4616	1576	chrome.exe	98
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99
PID 1576 wrote to memory of 4092	1576	chrome.exe	99

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://download.cdn.mozilla.net/pub/firefox/releases/72.0.2/update/win64/en-US/firefox-71.0-72.0.2.partial.mar
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4304
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4304 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4184

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdddf54f50,0x7ffdddf54f60,0x7ffdddf54f70
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1636 /prefetch:2
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4472 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4364 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4508 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6352 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3916 /prefetch:8
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1128 /prefetch:8
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1100 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6624 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5184351743226467387,13110363301130942487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3056

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
1⤵
- Drops file in Program Files directory
PID:2636
- C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\ChromeRecovery.exe
  "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={a29c3aba-3c22-4747-b372-1f5ed66ad527} --system
  2⤵
  - Executes dropped EXE
  PID:740

Network

DNS

download.cdn.mozilla.net

chrome.exe

Remote address:

8.8.8.8:53

Request

download.cdn.mozilla.net

IN A

Response

download.cdn.mozilla.net

IN CNAME

download-cdn.prod.mozaws.net

download-cdn.prod.mozaws.net

IN A

34.117.35.28
GET

http://download.cdn.mozilla.net/pub/firefox/releases/72.0.2/update/win64/en-US/firefox-71.0-72.0.2.partial.mar

IEXPLORE.EXE

Remote address:

34.117.35.28:80

Request

GET /pub/firefox/releases/72.0.2/update/win64/en-US/firefox-71.0-72.0.2.partial.mar HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: download.cdn.mozilla.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
X-Guploader-Uploadid: ADPycds-wmxzzu9pIZwn3I18mnzC-DYun1SmCZ-yZ6kTc-UKBgkM0goI3dEtRLVX8qO-1A8CSV7BomoUMr93Wzp_I1Bojtr7bkMo
X-Goog-Generation: 1660732199222953
X-Goog-Metageneration: 1
X-Goog-Stored-Content-Encoding: identity
X-Goog-Stored-Content-Length: 21334435
X-Goog-Meta-X-Goog-Reserved-Source-Generation: 1579563348899552
X-Goog-Hash: crc32c=dxXB4Q==
X-Goog-Hash: md5=y7XEWwhJgvMxlj5TzhAY0w==
X-Goog-Storage-Class: STANDARD
Accept-Ranges: bytes
Vary: Origin
Strict-Transport-Security: max-age=31536000
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Via: 1.1 google, 1.1 google
Date: Wed, 14 Dec 2022 04:45:48 GMT
Expires: Mon, 12 Jun 2023 04:45:48 GMT
Cache-Control: max-age=15552000
Last-Modified: Wed, 17 Aug 2022 10:29:59 GMT
ETag: "cbb5c45b084982f331963e53ce1018d3"
Content-Type: application/octet-stream
Content-Length: 21334435
Age: 798615
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.179.174
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

172.217.168.237
POST

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

chrome.exe

Remote address:

172.217.168.237:443

Request

POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
host: accounts.google.com
content-length: 1
origin: https://www.google.com
content-type: application/x-www-form-urlencoded
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

chrome.exe

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
Host: edgedl.me.gvt1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 248531
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: e5938a73-caed-4041-9c6e-9478b98a81a6
date: Fri, 23 Dec 2022 07:16:31 GMT
age: 12011
last-modified: Fri, 25 Feb 2022 22:08:36 GMT
etag: "c994e6"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.179.142
DNS

dns.google

chrome.exe

Remote address:

8.8.8.8:53

Request

dns.google

IN A

Response

dns.google

IN A

8.8.8.8

dns.google

IN A

8.8.4.4
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRL8HqXUVyXHcwB4LGusRVdKxZKLqyTBiUi8dksEBU&s=10

chrome.exe

Remote address:

142.251.39.110:443

Request

GET /images?q=tbn:ANd9GcRL8HqXUVyXHcwB4LGusRVdKxZKLqyTBiUi8dksEBU&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSlWQJ0cQYpPaerm1svWk74GOfsaHCV8jyP04gayW8&s=10

chrome.exe

Remote address:

142.251.39.110:443

Request

GET /images?q=tbn:ANd9GcSlWQJ0cQYpPaerm1svWk74GOfsaHCV8jyP04gayW8&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTtyS-3U_4svsfR94TX7fWsaPWwWtHThn2X_VX_pFK67bsC8hVQg6J7btQ&s=10

chrome.exe

Remote address:

142.251.39.110:443

Request

GET /images?q=tbn:ANd9GcTtyS-3U_4svsfR94TX7fWsaPWwWtHThn2X_VX_pFK67bsC8hVQg6J7btQ&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRZGJ-kWvZj11oR65BNnyIEk1qmUDoGsxUK7bog1vM&s=10

chrome.exe

Remote address:

142.251.39.110:443

Request

GET /images?q=tbn:ANd9GcRZGJ-kWvZj11oR65BNnyIEk1qmUDoGsxUK7bog1vM&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTnJN-7Uk6UuU4Zp-EesrfgSzCxB3LOdQtymvqH3IgwqnMRAREtGT_NCGA&s=10

chrome.exe

Remote address:

142.251.39.110:443

Request

GET /images?q=tbn:ANd9GcTnJN-7Uk6UuU4Zp-EesrfgSzCxB3LOdQtymvqH3IgwqnMRAREtGT_NCGA&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb

chrome.exe

Remote address:

142.250.179.131:443

Request

GET /safebrowsing/csd/client_model_v5_variation_6.pb HTTP/2.0
host: ssl.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://www.virustotal.com/

chrome.exe

Remote address:

74.125.34.46:443

Request

GET / HTTP/2.0
host: www.virustotal.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
purpose: prefetch
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/ HTTP/2.0
host: www.virustotal.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
purpose: prefetch
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/static/fonts/iosevka-regular.woff2

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/static/fonts/iosevka-regular.woff2 HTTP/2.0
host: www.virustotal.com
origin: https://www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/static/fonts/googlesans-regular.ttf

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/static/fonts/googlesans-regular.ttf HTTP/2.0
host: www.virustotal.com
origin: https://www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/main.900e36f7a852b9863014.js

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/main.900e36f7a852b9863014.js HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/images/logo.svg

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/images/logo.svg HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/images/omnibar/vt_logo.svg

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/images/omnibar/vt_logo.svg HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/stackdriver-errors.239a9bb4d545f6f3f8ee.js

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/stackdriver-errors.239a9bb4d545f6f3f8ee.js HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://www.virustotal.com/ui/signin

chrome.exe

Remote address:

74.125.34.46:443

Request

POST /ui/signin HTTP/2.0
host: www.virustotal.com
content-length: 4
x-tool: vt-ui-main
accept: application/json
x-app-version: v1x141x4
x-vt-anti-abuse-header: MTExMzA3NjE2NjItWkc5dWRDQmlaU0JsZG1scy0xNjcxNzk1NDE0LjQ5Mw==
accept-ianguage: en-US,en;q=0.9,es;q=0.8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/json
origin: https://www.virustotal.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/3789.1cda18a27da511a6130f.js

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/3789.1cda18a27da511a6130f.js HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/9262.94e53a78a8796c954cd4.js

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/9262.94e53a78a8796c954cd4.js HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/3494.4fe91483bcd041f676d8.js

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/3494.4fe91483bcd041f676d8.js HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/vt-ui-shell-extra-deps.622a81b0530a0b62d881.js

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/vt-ui-shell-extra-deps.622a81b0530a0b62d881.js HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.2.1049222178.1671795415
cookie: _gid=GA1.2.1177704161.1671795415
cookie: _gat=1
GET

https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.2.1049222178.1671795415
cookie: _gid=GA1.2.1177704161.1671795415
cookie: _gat=1
GET

https://www.virustotal.com/gui/static/qrcode.min.js

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/static/qrcode.min.js HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.2.1049222178.1671795415
cookie: _gid=GA1.2.1177704161.1671795415
cookie: _gat=1
GET

https://www.virustotal.com/gui/static/opensearch.xml

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/static/opensearch.xml HTTP/2.0
host: www.virustotal.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/images/favicon.png

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/images/favicon.png HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.2.1049222178.1671795415
cookie: _gid=GA1.2.1177704161.1671795415
cookie: _gat=1
GET

https://www.virustotal.com/gui/service-worker.js

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/service-worker.js HTTP/2.0
host: www.virustotal.com
cache-control: max-age=0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
service-worker: script
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: serviceworker
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.2.1049222178.1671795415
cookie: _gid=GA1.2.1177704161.1671795415
cookie: _gat=1
GET

https://www.virustotal.com/gui/images/manifest/icon-192x192.png

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/images/manifest/icon-192x192.png HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.2.1049222178.1671795415
cookie: _gid=GA1.2.1177704161.1671795415
cookie: _gat=1
GET

https://www.virustotal.com/gui/sha256.worker.a6e2f1b9e97a4ea0b474.worker.js

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/sha256.worker.a6e2f1b9e97a4ea0b474.worker.js HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: worker
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.2.1049222178.1671795415
cookie: _gid=GA1.2.1177704161.1671795415
cookie: _gat=1
GET

https://www.virustotal.com/ui/files/909812f6cd8c68d016297f479473253edcdaf8728cc047759cf944f0a7c3d1fc

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /ui/files/909812f6cd8c68d016297f479473253edcdaf8728cc047759cf944f0a7c3d1fc HTTP/2.0
host: www.virustotal.com
x-tool: vt-ui-main
accept: application/json
x-app-version: v1x141x4
x-vt-anti-abuse-header: MTQzMjY0ODcyNTktWkc5dWRDQmlaU0JsZG1scy0xNjcxNzk1NDIyLjMwMw==
accept-ianguage: en-US,en;q=0.9,es;q=0.8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/json
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.2.1049222178.1671795415
cookie: _gid=GA1.2.1177704161.1671795415
cookie: _gat=1
GET

https://www.virustotal.com/ui/files/upload_url

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /ui/files/upload_url HTTP/2.0
host: www.virustotal.com
x-tool: vt-ui-main
accept: application/json
x-app-version: v1x141x4
x-vt-anti-abuse-header: MTM2NjA2MzY3MTktWkc5dWRDQmlaU0JsZG1scy0xNjcxNzk1NDI0LjM1OA==
accept-ianguage: en-US,en;q=0.9,es;q=0.8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/json
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.2.1049222178.1671795415
cookie: _gid=GA1.2.1177704161.1671795415
cookie: _gat=1
POST

https://www.virustotal.com/_ah/upload/AMmfu6a0ZEkhmzONeX0I81OTzhoqjahLCUvCs9qeTSHaqDVbkwhIG_qn5OIaQMMGJhhOYJIsux9N-f5w1ij1_0YAE8uZxItUFfTgjSGWOozPvH3v4mD3oqae_oy7wLvB9dnRCV9PeMO0DyFPd5l7LUBk68W0okB8kFJKqyyyBxrH58Er7Rb_dBEKMTNt5n__gKChUCKV2cX9LRvPnvGwRIcB_fp60ZhtOMas0SmF4KVcDXnXqMBsHXdr2Pg3XWQPD3w-RLZM3v2gaZGLv6PFzNb7Tv-vRPm4jUlBtHnbGgXEq48XS4L-myq158_gxZNcxmOU8xpJgC7A2TI6fMPC6fC0k5WlfetEE_EnM7ZZ3dA30Zlqn68QNinqzCkxIG0WDaZStw-G7lcBx1TUsIqpjIwKnjqppXHH3QlluqNdQjEgHPHfwRUpZ9NZh32JygXKK_QACW93xmiUUL-3YslVCwFtQ88zoZx5uezwryvdC0uBIWWhQbUjlQWVJkYmMzGBo56Pq6qnD_PqQ5iJ0DkR7ZG1FhXrdp1RgLbsyrYsIQ-Pd1PyKGt321J3pjvRFi60Gg3QnKNWxZeef4ucIJaP8Iv4kBkv-dhoGhXPuJj-pn05zGM1nRSx9461grSH-sHgQbAkLLgCBOrPiCJ0FMpN2269eoxA-BwEmdwkA-wbaI-1JcYz09d90zPDq51XuT86S3ocsmLaWKtJK-s6yHOPosOHICmo5r0ilkbGQNWamZSYdCJMQV-u38OYmSjJNk0rTIiKSJ1TlaRcbvBlIOMD9l42ktMflFFL4xKE8mhC1PZBkEkTp8jvCN4JyE8L9nzrKtottNlYGPIFVUgsfKPKUVazGkzQPjAoofmBAPcodYmNseAVrpr5HTq413FD9zZFDvs0GuwGCPu0rJRPPjq-0auIQ3Ff5rH409OPzuiLBlYPEpbsdEU4obbmHUI8SargrAjKso4BSs_rf8tYmZQnlwf68Ib94bVEl7WyhV8n_fkaYBGrIcT4K5Y/ALBNUaYAAAAAY6WHKnREgCR19kuiUEneDtQMWGH_Vy89/

chrome.exe

Remote address:

74.125.34.46:443

Request

POST /_ah/upload/AMmfu6a0ZEkhmzONeX0I81OTzhoqjahLCUvCs9qeTSHaqDVbkwhIG_qn5OIaQMMGJhhOYJIsux9N-f5w1ij1_0YAE8uZxItUFfTgjSGWOozPvH3v4mD3oqae_oy7wLvB9dnRCV9PeMO0DyFPd5l7LUBk68W0okB8kFJKqyyyBxrH58Er7Rb_dBEKMTNt5n__gKChUCKV2cX9LRvPnvGwRIcB_fp60ZhtOMas0SmF4KVcDXnXqMBsHXdr2Pg3XWQPD3w-RLZM3v2gaZGLv6PFzNb7Tv-vRPm4jUlBtHnbGgXEq48XS4L-myq158_gxZNcxmOU8xpJgC7A2TI6fMPC6fC0k5WlfetEE_EnM7ZZ3dA30Zlqn68QNinqzCkxIG0WDaZStw-G7lcBx1TUsIqpjIwKnjqppXHH3QlluqNdQjEgHPHfwRUpZ9NZh32JygXKK_QACW93xmiUUL-3YslVCwFtQ88zoZx5uezwryvdC0uBIWWhQbUjlQWVJkYmMzGBo56Pq6qnD_PqQ5iJ0DkR7ZG1FhXrdp1RgLbsyrYsIQ-Pd1PyKGt321J3pjvRFi60Gg3QnKNWxZeef4ucIJaP8Iv4kBkv-dhoGhXPuJj-pn05zGM1nRSx9461grSH-sHgQbAkLLgCBOrPiCJ0FMpN2269eoxA-BwEmdwkA-wbaI-1JcYz09d90zPDq51XuT86S3ocsmLaWKtJK-s6yHOPosOHICmo5r0ilkbGQNWamZSYdCJMQV-u38OYmSjJNk0rTIiKSJ1TlaRcbvBlIOMD9l42ktMflFFL4xKE8mhC1PZBkEkTp8jvCN4JyE8L9nzrKtottNlYGPIFVUgsfKPKUVazGkzQPjAoofmBAPcodYmNseAVrpr5HTq413FD9zZFDvs0GuwGCPu0rJRPPjq-0auIQ3Ff5rH409OPzuiLBlYPEpbsdEU4obbmHUI8SargrAjKso4BSs_rf8tYmZQnlwf68Ib94bVEl7WyhV8n_fkaYBGrIcT4K5Y/ALBNUaYAAAAAY6WHKnREgCR19kuiUEneDtQMWGH_Vy89/ HTTP/2.0
host: www.virustotal.com
content-length: 21334780
x-tool: vt-ui-main
x-app-version: v1x141x4
accept-ianguage: en-US,en;q=0.9,es;q=0.8
x-vt-anti-abuse-header: MTg2NzI2NzQ4MDgtWkc5dWRDQmlaU0JsZG1scy0xNjcxNzk1NDI0LjY5Nw==
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: multipart/form-data; boundary=----WebKitFormBoundaryc8aiwpwc6VczjpLx
accept: */*
origin: https://www.virustotal.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.2.1049222178.1671795415
cookie: _gid=GA1.2.1177704161.1671795415
cookie: _gat=1
GET

https://www.recaptcha.net/recaptcha/api.js?render=explicit

chrome.exe

Remote address:

142.250.179.195:443

Request

GET /recaptcha/api.js?render=explicit HTTP/2.0
host: www.recaptcha.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCUvUCfiJoqPiEgUNSoWeUg==?alt=proto

chrome.exe

Remote address:

142.251.39.106:443

Request

GET /v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCUvUCfiJoqPiEgUNSoWeUg==?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CKSMywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

142.251.39.110:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.virustotal.com/gui/manifest.json

chrome.exe

Remote address:

74.125.34.46:443

Request

GET /gui/manifest.json HTTP/2.0
host: www.virustotal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.virustotal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://update.googleapis.com/service/update2/json?cup2key=10:1800388193&cup2hreq=0c6e8b4596ae7765101ff11fbcebbca5f064b9d4d5a91993b574f53bb880cf36

chrome.exe

Remote address:

142.250.179.195:443

Request

POST /service/update2/json?cup2key=10:1800388193&cup2hreq=0c6e8b4596ae7765101ff11fbcebbca5f064b9d4d5a91993b574f53bb880cf36 HTTP/2.0
host: update.googleapis.com
content-length: 3017
x-goog-update-appid: llkgjffcdpffmhiakmfcdcblohccpfmo,gcmjkmgdlgnkkcocmoeiminaijmmjnii,giekcmmlnklenlaomppkphknjmnnpneh,aemomkdncapdnfajjbbcbdebjljbpmpj,ihnlcenocehgdaegdmhbidjhnhdchfmm,hnimpnehoodheedghdeeijklkeaacbdc,khaoiebndkojlmppeemjhbpbandiljpe,obedbbhbpmojnkanicioggnmelmoomoc,cmahhnpholdijhjokonmfdjbfmklppij,jamhcnnkihinmdlkakkaopbjbbcngflc,ehgidpndbllacpjalkiimkbadgjfnnmc,ojhpjlocmbogdgmfpkhlaaeamibhnphh,ggkkehgbnfjpeggfpleeakpidbkibbmn,jflookgnkcckhobaglndicnbbgbonegd,eeigpngbgcognadeebkilcpcaedhellh,gkmgaooipdjhmangpemjhigmamcehddo,bklopemakmnopmghhmccadeonafabnal,hfnkpimlhhgieaddgfemjhofmfblmnib,oimompecagnajdejgnnjijobebaeigek
x-goog-update-interactivity: bg
x-goog-update-updater: chrome-89.0.4389.114
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123
HEAD

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 2876
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 301746b9-10ba-45f6-bafb-e809bb522d1c
date: Thu, 22 Dec 2022 13:23:57 GMT
age: 76423
last-modified: Wed, 23 Mar 2022 16:40:40 GMT
etag: "d1bcdc"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 23 Mar 2022 16:40:40 GMT
Range: bytes=0-1119
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 1120
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 8490fd33-774a-4034-a131-efc12607229e
date: Thu, 22 Dec 2022 13:23:57 GMT
age: 76423
last-modified: Wed, 23 Mar 2022 16:40:40 GMT
etag: "d1bcdc"
content-type: application/x-chrome-extension
content-range: bytes 0-1119/2876
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 23 Mar 2022 16:40:40 GMT
Range: bytes=1120-2875
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 1756
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 5bfc90f2-52d3-4119-9117-6924a0e10128
date: Thu, 22 Dec 2022 13:23:57 GMT
age: 76427
last-modified: Wed, 23 Mar 2022 16:40:40 GMT
etag: "d1bcdc"
content-type: application/x-chrome-extension
content-range: bytes 1120-2875/2876
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 40738
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 6f6cc0b3-6ae2-4e1b-8704-9c5e2b0d864f
date: Fri, 23 Dec 2022 07:09:53 GMT
age: 12484
last-modified: Thu, 10 Nov 2022 20:31:42 GMT
etag: "101f229"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 10 Nov 2022 20:31:42 GMT
Range: bytes=0-4520
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 4521
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: bfcdfd79-44d5-4a39-9331-007341c7c956
date: Fri, 23 Dec 2022 07:09:53 GMT
age: 12484
last-modified: Thu, 10 Nov 2022 20:31:42 GMT
etag: "101f229"
content-type: application/octet-stream
content-range: bytes 0-4520/40738
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 10 Nov 2022 20:31:42 GMT
Range: bytes=4521-15009
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 10489
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 02a74264-ea1d-487a-a00d-80b4c7a917c8
date: Fri, 23 Dec 2022 07:09:53 GMT
age: 12485
last-modified: Thu, 10 Nov 2022 20:31:42 GMT
etag: "101f229"
content-type: application/octet-stream
content-range: bytes 4521-15009/40738
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 10 Nov 2022 20:31:42 GMT
Range: bytes=15010-35558
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 20549
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 4d9c5f9d-dd4e-4d42-b5d5-087301b80188
date: Fri, 23 Dec 2022 07:09:53 GMT
age: 12487
last-modified: Thu, 10 Nov 2022 20:31:42 GMT
etag: "101f229"
content-type: application/octet-stream
content-range: bytes 15010-35558/40738
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 10 Nov 2022 20:31:42 GMT
Range: bytes=35559-40737
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 5179
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 85758c17-fd85-4a6b-acc5-e4b8167b1689
date: Fri, 23 Dec 2022 07:09:53 GMT
age: 12488
last-modified: Thu, 10 Nov 2022 20:31:42 GMT
etag: "101f229"
content-type: application/octet-stream
content-range: bytes 35559-40737/40738
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 5406
x-request-id: d4513bfe-d565-4e94-809a-7647cff0d666
date: Thu, 22 Dec 2022 15:09:56 GMT
age: 70105
last-modified: Wed, 17 Jul 2019 00:41:02 GMT
etag: "413d8a"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 17 Jul 2019 00:41:02 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 5406
x-request-id: d41ead33-20e9-44b3-bebe-f75aa35f64a4
date: Thu, 22 Dec 2022 15:09:56 GMT
age: 70105
last-modified: Wed, 17 Jul 2019 00:41:02 GMT
etag: "413d8a"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 9505
x-request-id: 5ce1d01e-cac3-4bf8-a414-2554ac4bf478
date: Thu, 22 Dec 2022 18:54:06 GMT
age: 56680
last-modified: Mon, 16 Aug 2021 20:43:55 GMT
etag: "a93f27"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 16 Aug 2021 20:43:55 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 9505
x-request-id: 77608781-5692-4b60-aa53-b8490b036164
date: Thu, 22 Dec 2022 18:54:06 GMT
age: 56680
last-modified: Mon, 16 Aug 2021 20:43:55 GMT
etag: "a93f27"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 148557
x-request-id: f067008e-3e05-4490-b66d-bfffd5b636b9
date: Thu, 22 Dec 2022 15:35:51 GMT
age: 68604
last-modified: Mon, 16 May 2022 15:33:39 GMT
etag: "debf6d"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 16 May 2022 15:33:39 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 148557
x-request-id: f18b8363-ce31-486a-941e-0caafdd92d2f
date: Thu, 22 Dec 2022 15:35:51 GMT
age: 68604
last-modified: Mon, 16 May 2022 15:33:39 GMT
etag: "debf6d"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
POST

https://beacons.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.168.227:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gvt2.com
content-length: 268
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://e2c26.gcp.gvt2.com/nel/

chrome.exe

Remote address:

34.86.82.41:443

Request

POST /nel/ HTTP/2.0
host: e2c26.gcp.gvt2.com
content-length: 268
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Fri, 23 Dec 2022 10:38:43 GMT
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123

34.117.35.28:80

http://download.cdn.mozilla.net/pub/firefox/releases/72.0.2/update/win64/en-US/firefox-71.0-72.0.2.partial.mar

http

IEXPLORE.EXE

723.2kB
21.9MB
15714
15675

HTTP Request

GET http://download.cdn.mozilla.net/pub/firefox/releases/72.0.2/update/win64/en-US/firefox-71.0-72.0.2.partial.mar

HTTP Response

200
34.117.35.28:80

download.cdn.mozilla.net

IEXPLORE.EXE

144 B
52 B
3
1
93.184.221.240:80

322 B
7
93.184.221.240:80

322 B
7
13.69.239.72:443

322 B
7
142.250.179.174:443

clients2.google.com

tls, https

chrome.exe

2.1kB
9.6kB
16
18
172.217.168.237:443

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

tls, http2

chrome.exe

1.8kB
7.5kB
17
19

HTTP Request

POST https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

http

chrome.exe

4.9kB
256.7kB
99
189

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

HTTP Response

200
8.8.8.8:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

2.2kB
8.1kB
21
24

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
8.8.8.8:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

1.7kB
7.1kB
16
17

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
142.251.39.110:443

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTnJN-7Uk6UuU4Zp-EesrfgSzCxB3LOdQtymvqH3IgwqnMRAREtGT_NCGA&s=10

tls, http2

chrome.exe

2.5kB
13.0kB
25
27

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRL8HqXUVyXHcwB4LGusRVdKxZKLqyTBiUi8dksEBU&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSlWQJ0cQYpPaerm1svWk74GOfsaHCV8jyP04gayW8&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTtyS-3U_4svsfR94TX7fWsaPWwWtHThn2X_VX_pFK67bsC8hVQg6J7btQ&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRZGJ-kWvZj11oR65BNnyIEk1qmUDoGsxUK7bog1vM&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTnJN-7Uk6UuU4Zp-EesrfgSzCxB3LOdQtymvqH3IgwqnMRAREtGT_NCGA&s=10
142.251.39.110:443

encrypted-tbn0.gstatic.com

tls

chrome.exe

839 B
4.6kB
7
6
142.251.39.110:443

encrypted-tbn0.gstatic.com

tls

chrome.exe

885 B
4.6kB
8
7
142.251.39.110:443

encrypted-tbn0.gstatic.com

tls

chrome.exe

885 B
4.6kB
8
7
142.251.39.110:443

chrome.exe

190 B
92 B
4
2
142.250.179.131:443

https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb

tls, http2

chrome.exe

3.0kB
92.1kB
45
75

HTTP Request

GET https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
8.8.8.8:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

1.6kB
7.1kB
15
17

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
74.125.34.46:443

https://www.virustotal.com/_ah/upload/AMmfu6a0ZEkhmzONeX0I81OTzhoqjahLCUvCs9qeTSHaqDVbkwhIG_qn5OIaQMMGJhhOYJIsux9N-f5w1ij1_0YAE8uZxItUFfTgjSGWOozPvH3v4mD3oqae_oy7wLvB9dnRCV9PeMO0DyFPd5l7LUBk68W0okB8kFJKqyyyBxrH58Er7Rb_dBEKMTNt5n__gKChUCKV2cX9LRvPnvGwRIcB_fp60ZhtOMas0SmF4KVcDXnXqMBsHXdr2Pg3XWQPD3w-RLZM3v2gaZGLv6PFzNb7Tv-vRPm4jUlBtHnbGgXEq48XS4L-myq158_gxZNcxmOU8xpJgC7A2TI6fMPC6fC0k5WlfetEE_EnM7ZZ3dA30Zlqn68QNinqzCkxIG0WDaZStw-G7lcBx1TUsIqpjIwKnjqppXHH3QlluqNdQjEgHPHfwRUpZ9NZh32JygXKK_QACW93xmiUUL-3YslVCwFtQ88zoZx5uezwryvdC0uBIWWhQbUjlQWVJkYmMzGBo56Pq6qnD_PqQ5iJ0DkR7ZG1FhXrdp1RgLbsyrYsIQ-Pd1PyKGt321J3pjvRFi60Gg3QnKNWxZeef4ucIJaP8Iv4kBkv-dhoGhXPuJj-pn05zGM1nRSx9461grSH-sHgQbAkLLgCBOrPiCJ0FMpN2269eoxA-BwEmdwkA-wbaI-1JcYz09d90zPDq51XuT86S3ocsmLaWKtJK-s6yHOPosOHICmo5r0ilkbGQNWamZSYdCJMQV-u38OYmSjJNk0rTIiKSJ1TlaRcbvBlIOMD9l42ktMflFFL4xKE8mhC1PZBkEkTp8jvCN4JyE8L9nzrKtottNlYGPIFVUgsfKPKUVazGkzQPjAoofmBAPcodYmNseAVrpr5HTq413FD9zZFDvs0GuwGCPu0rJRPPjq-0auIQ3Ff5rH409OPzuiLBlYPEpbsdEU4obbmHUI8SargrAjKso4BSs_rf8tYmZQnlwf68Ib94bVEl7WyhV8n_fkaYBGrIcT4K5Y/ALBNUaYAAAAAY6WHKnREgCR19kuiUEneDtQMWGH_Vy89/

tls, http2

chrome.exe

10.3MB
1.6MB
8282
5109

HTTP Request

GET https://www.virustotal.com/

HTTP Request

GET https://www.virustotal.com/gui/

HTTP Request

GET https://www.virustotal.com/gui/static/fonts/iosevka-regular.woff2

HTTP Request

GET https://www.virustotal.com/gui/static/fonts/googlesans-regular.ttf

HTTP Request

GET https://www.virustotal.com/gui/main.900e36f7a852b9863014.js

HTTP Request

GET https://www.virustotal.com/gui/images/logo.svg

HTTP Request

GET https://www.virustotal.com/gui/images/omnibar/vt_logo.svg

HTTP Request

GET https://www.virustotal.com/gui/stackdriver-errors.239a9bb4d545f6f3f8ee.js

HTTP Request

POST https://www.virustotal.com/ui/signin

HTTP Request

GET https://www.virustotal.com/gui/3789.1cda18a27da511a6130f.js

HTTP Request

GET https://www.virustotal.com/gui/9262.94e53a78a8796c954cd4.js

HTTP Request

GET https://www.virustotal.com/gui/3494.4fe91483bcd041f676d8.js

HTTP Request

GET https://www.virustotal.com/gui/vt-ui-shell-extra-deps.622a81b0530a0b62d881.js

HTTP Request

GET https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js

HTTP Request

GET https://www.virustotal.com/gui/static/qrcode.min.js

HTTP Request

GET https://www.virustotal.com/gui/static/opensearch.xml

HTTP Request

GET https://www.virustotal.com/gui/images/favicon.png

HTTP Request

GET https://www.virustotal.com/gui/service-worker.js

HTTP Request

GET https://www.virustotal.com/gui/images/manifest/icon-192x192.png

HTTP Request

GET https://www.virustotal.com/gui/sha256.worker.a6e2f1b9e97a4ea0b474.worker.js

HTTP Request

GET https://www.virustotal.com/ui/files/909812f6cd8c68d016297f479473253edcdaf8728cc047759cf944f0a7c3d1fc

HTTP Request

GET https://www.virustotal.com/ui/files/upload_url

HTTP Request

POST https://www.virustotal.com/_ah/upload/AMmfu6a0ZEkhmzONeX0I81OTzhoqjahLCUvCs9qeTSHaqDVbkwhIG_qn5OIaQMMGJhhOYJIsux9N-f5w1ij1_0YAE8uZxItUFfTgjSGWOozPvH3v4mD3oqae_oy7wLvB9dnRCV9PeMO0DyFPd5l7LUBk68W0okB8kFJKqyyyBxrH58Er7Rb_dBEKMTNt5n__gKChUCKV2cX9LRvPnvGwRIcB_fp60ZhtOMas0SmF4KVcDXnXqMBsHXdr2Pg3XWQPD3w-RLZM3v2gaZGLv6PFzNb7Tv-vRPm4jUlBtHnbGgXEq48XS4L-myq158_gxZNcxmOU8xpJgC7A2TI6fMPC6fC0k5WlfetEE_EnM7ZZ3dA30Zlqn68QNinqzCkxIG0WDaZStw-G7lcBx1TUsIqpjIwKnjqppXHH3QlluqNdQjEgHPHfwRUpZ9NZh32JygXKK_QACW93xmiUUL-3YslVCwFtQ88zoZx5uezwryvdC0uBIWWhQbUjlQWVJkYmMzGBo56Pq6qnD_PqQ5iJ0DkR7ZG1FhXrdp1RgLbsyrYsIQ-Pd1PyKGt321J3pjvRFi60Gg3QnKNWxZeef4ucIJaP8Iv4kBkv-dhoGhXPuJj-pn05zGM1nRSx9461grSH-sHgQbAkLLgCBOrPiCJ0FMpN2269eoxA-BwEmdwkA-wbaI-1JcYz09d90zPDq51XuT86S3ocsmLaWKtJK-s6yHOPosOHICmo5r0ilkbGQNWamZSYdCJMQV-u38OYmSjJNk0rTIiKSJ1TlaRcbvBlIOMD9l42ktMflFFL4xKE8mhC1PZBkEkTp8jvCN4JyE8L9nzrKtottNlYGPIFVUgsfKPKUVazGkzQPjAoofmBAPcodYmNseAVrpr5HTq413FD9zZFDvs0GuwGCPu0rJRPPjq-0auIQ3Ff5rH409OPzuiLBlYPEpbsdEU4obbmHUI8SargrAjKso4BSs_rf8tYmZQnlwf68Ib94bVEl7WyhV8n_fkaYBGrIcT4K5Y/ALBNUaYAAAAAY6WHKnREgCR19kuiUEneDtQMWGH_Vy89/
142.250.179.195:443

https://www.recaptcha.net/recaptcha/api.js?render=explicit

tls, http2

chrome.exe

1.9kB
13.9kB
18
22

HTTP Request

GET https://www.recaptcha.net/recaptcha/api.js?render=explicit
142.251.39.106:443

https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCUvUCfiJoqPiEgUNSoWeUg==?alt=proto

tls, http2

chrome.exe

1.8kB
6.5kB
15
16

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCUvUCfiJoqPiEgUNSoWeUg==?alt=proto
142.251.39.110:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

chrome.exe

1.8kB
8.6kB
16
16

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
74.125.34.46:443

https://www.virustotal.com/gui/manifest.json

tls, http2

chrome.exe

1.6kB
5.0kB
14
15

HTTP Request

GET https://www.virustotal.com/gui/manifest.json
93.184.221.240:80

276 B
6
93.184.221.240:80

276 B
6
142.250.179.195:443

https://update.googleapis.com/service/update2/json?cup2key=10:1800388193&cup2hreq=0c6e8b4596ae7765101ff11fbcebbca5f064b9d4d5a91993b574f53bb880cf36

tls, http2

chrome.exe

5.5kB
11.0kB
19
20

HTTP Request

POST https://update.googleapis.com/service/update2/json?cup2key=10:1800388193&cup2hreq=0c6e8b4596ae7765101ff11fbcebbca5f064b9d4d5a91993b574f53bb880cf36
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

http

8.9kB
222.0kB
99
168

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

HTTP Response

206

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrir7gejsjla4vjhvqdx23w4mta_9.41.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.41.0_all_adazbiririz6mrhekuvwx2r4zjiq.crx3

HTTP Response

206

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

HTTP Response

200

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx

HTTP Response

200

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

HTTP Response

200
8.8.8.8:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

2.0kB
7.9kB
18
21

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
142.250.179.202:443

safebrowsing.googleapis.com

tls, https

chrome.exe

104.3kB
6.2MB
2238
4424
142.250.179.131:443

beacons.gcp.gvt2.com

tls

chrome.exe

747 B
4.6kB
5
6
142.250.179.131:443

beacons.gcp.gvt2.com

tls

chrome.exe

897 B
4.6kB
7
7
35.184.229.211:443

tls, https

chrome.exe

1.2kB
696 B
11
11
172.217.166.99:443

tls

chrome.exe

1.8kB
7.1kB
16
21
172.217.166.99:443

beacons2.gvt2.com

tls, https

chrome.exe

949 B
5.3kB
8
8
172.217.168.227:443

https://beacons.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

1.9kB
6.6kB
14
13

HTTP Request

POST https://beacons.gvt2.com/domainreliability/upload
34.86.82.41:443

https://e2c26.gcp.gvt2.com/nel/

tls, http2

chrome.exe

1.9kB
5.9kB
15
19

HTTP Request

POST https://e2c26.gcp.gvt2.com/nel/

HTTP Response

204

8.8.8.8:53

download.cdn.mozilla.net

dns

chrome.exe

70 B
125 B
1
1

DNS Request

download.cdn.mozilla.net

DNS Response

34.117.35.28
224.0.0.251:5353

2.9kB
49
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.250.179.174
8.8.8.8:53

accounts.google.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

172.217.168.237
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.179.142
8.8.8.8:53

dns.google

dns

chrome.exe

56 B
88 B
1
1

DNS Request

dns.google

DNS Response

8.8.8.8

8.8.4.4
8.8.8.8:443

dns.google

https

chrome.exe

6.4kB
13.4kB
28
28
142.251.39.110:443

https

chrome.exe

4.4kB
17.0kB
17
16
142.251.39.110:443

https

chrome.exe

5.4kB
9.0kB
7
7
8.8.8.8:443

dns.google

https

chrome.exe

3.2kB
6.4kB
6
6
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123
142.250.179.195:443

https

chrome.exe

7.7kB
8.4kB
13
13
8.8.8.8:443

dns.google

https

chrome.exe

2.9kB
5.5kB
4
4
8.8.8.8:443

dns.google

https

chrome.exe

2.3kB
3.6kB
8
7
172.217.166.99:443

https

chrome.exe

5.0kB
11.0kB
9
13
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123
142.250.179.195:443

https

chrome.exe

2.9kB
2.4kB
5
4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2636_1221139948\ChromeRecovery.exe

Filesize
253KB

MD5
49ac3c96d270702a27b4895e4ce1f42a

SHA1
55b90405f1e1b72143c64113e8bc65608dd3fd76

SHA256
82aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f

SHA512
b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3

Filesize
141KB

MD5
ea1c1ffd3ea54d1fb117bfdbb3569c60

SHA1
10958b0f690ae8f5240e1528b1ccffff28a33272

SHA256
7c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d

SHA512
6c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf

Download Submit
C:\Users\Admin\Downloads\firefox-71.0-72.0.2.partial.mar.sn3mg90.partial

Filesize
20.3MB

MD5
cbb5c45b084982f331963e53ce1018d3

SHA1
790dc9f80884ff2ad88627e29b55cfd8058c94c7

SHA256
909812f6cd8c68d016297f479473253edcdaf8728cc047759cf944f0a7c3d1fc

SHA512
81da0af34c61d61ea0cbe9c1cbfdcbf0a6c6260614b7625a9cce07e3846260b45198967dbd0ad958a27eddbc0d538cfef2e250ace5c25ea3c02eb2bb2010fa06

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request