Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    60s
  • max time network
    62s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2023, 07:03 UTC

General

  • Target

    http://update.googleapis.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" http://update.googleapis.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3444
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4d484f50,0x7fff4d484f60,0x7fff4d484f70
      2⤵
        PID:4268
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2
        2⤵
          PID:4668
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1984 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4188
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 /prefetch:8
          2⤵
            PID:5052
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
            2⤵
              PID:872
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1
              2⤵
                PID:3688
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4244 /prefetch:8
                2⤵
                  PID:3264
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4648 /prefetch:8
                  2⤵
                    PID:4404
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3252
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4728 /prefetch:8
                    2⤵
                      PID:2328
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4976 /prefetch:8
                      2⤵
                        PID:964
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4940 /prefetch:8
                        2⤵
                          PID:4840
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
                          2⤵
                            PID:2104
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4960
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4536
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1596,7422376306330802725,6780829583228567169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4900
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4340

                          Network

                          • flag-us
                            DNS
                            accounts.google.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            accounts.google.com
                            IN A
                            Response
                            accounts.google.com
                            IN A
                            142.251.36.45
                          • flag-us
                            DNS
                            clients2.google.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            clients2.google.com
                            IN A
                            Response
                            clients2.google.com
                            IN CNAME
                            clients.l.google.com
                            clients.l.google.com
                            IN A
                            172.217.168.238
                          • flag-us
                            DNS
                            update.googleapis.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            update.googleapis.com
                            IN A
                            Response
                            update.googleapis.com
                            IN A
                            142.250.179.163
                          • flag-nl
                            POST
                            https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                            chrome.exe
                            Remote address:
                            142.251.36.45:443
                            Request
                            POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
                            host: accounts.google.com
                            content-length: 1
                            origin: https://www.google.com
                            content-type: application/x-www-form-urlencoded
                            sec-fetch-site: none
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: empty
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-nl
                            GET
                            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D83%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D83%2526e%253D1
                            chrome.exe
                            Remote address:
                            172.217.168.238:443
                            Request
                            GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D83%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D83%2526e%253D1 HTTP/2.0
                            host: clients2.google.com
                            x-goog-update-interactivity: fg
                            x-goog-update-appid: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
                            x-goog-update-updater: chromecrx-89.0.4389.114
                            sec-fetch-site: none
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: empty
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-nl
                            GET
                            http://update.googleapis.com/
                            chrome.exe
                            Remote address:
                            142.250.179.163:80
                            Request
                            GET / HTTP/1.1
                            Host: update.googleapis.com
                            Connection: keep-alive
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 404 Not Found
                            Content-Type: text/html; charset=UTF-8
                            Referrer-Policy: no-referrer
                            Content-Length: 1561
                            Date: Fri, 03 Feb 2023 07:04:08 GMT
                          • flag-nl
                            GET
                            http://update.googleapis.com/favicon.ico
                            chrome.exe
                            Remote address:
                            142.250.179.163:80
                            Request
                            GET /favicon.ico HTTP/1.1
                            Host: update.googleapis.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 404 Not Found
                            Content-Type: text/html; charset=UTF-8
                            Referrer-Policy: no-referrer
                            Content-Length: 1572
                            Date: Fri, 03 Feb 2023 07:04:08 GMT
                          • flag-nl
                            GET
                            http://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
                            chrome.exe
                            Remote address:
                            142.251.39.100:80
                            Request
                            GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1
                            Host: www.google.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Accept-Ranges: bytes
                            Content-Type: image/png
                            Cross-Origin-Resource-Policy: cross-origin
                            Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                            Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                            Content-Length: 3170
                            Date: Fri, 03 Feb 2023 07:04:08 GMT
                            Expires: Fri, 03 Feb 2023 07:04:08 GMT
                            Cache-Control: private, max-age=31536000
                            Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                            X-Content-Type-Options: nosniff
                            Server: sffe
                            X-XSS-Protection: 0
                          • flag-nl
                            GET
                            http://www.google.com/images/errors/robot.png
                            chrome.exe
                            Remote address:
                            142.251.39.100:80
                            Request
                            GET /images/errors/robot.png HTTP/1.1
                            Host: www.google.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Accept-Ranges: bytes
                            Cross-Origin-Resource-Policy: cross-origin
                            Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                            Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                            Content-Length: 6327
                            X-Content-Type-Options: nosniff
                            Server: sffe
                            X-XSS-Protection: 0
                            Date: Tue, 31 Jan 2023 18:47:55 GMT
                            Expires: Wed, 31 Jan 2024 18:47:55 GMT
                            Cache-Control: public, max-age=31536000
                            Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                            Content-Type: image/png
                            Age: 216973
                          • flag-us
                            DNS
                            edgedl.me.gvt1.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            edgedl.me.gvt1.com
                            IN A
                            Response
                            edgedl.me.gvt1.com
                            IN A
                            34.104.35.123
                          • flag-us
                            GET
                            http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
                            chrome.exe
                            Remote address:
                            34.104.35.123:80
                            Request
                            GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
                            Host: edgedl.me.gvt1.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            accept-ranges: bytes
                            content-disposition: attachment
                            content-security-policy: default-src 'none'
                            server: Google-Edge-Cache
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 0
                            x-request-id: 06974ac8-add7-4770-8e9b-5da1332e81a9
                            content-length: 248531
                            date: Thu, 02 Feb 2023 11:46:46 GMT
                            age: 69442
                            last-modified: Fri, 25 Feb 2022 22:08:36 GMT
                            etag: "c994e6"
                            content-type: application/x-chrome-extension
                            alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                            cache-control: public,max-age=86400
                          • flag-us
                            DNS
                            ssl.gstatic.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ssl.gstatic.com
                            IN A
                            Response
                            ssl.gstatic.com
                            IN A
                            216.58.208.99
                          • flag-gb
                            GET
                            https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
                            chrome.exe
                            Remote address:
                            216.58.208.99:443
                            Request
                            GET /safebrowsing/csd/client_model_v5_variation_6.pb HTTP/2.0
                            host: ssl.gstatic.com
                            sec-fetch-site: none
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: empty
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            dns.google
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            dns.google
                            IN A
                            Response
                            dns.google
                            IN A
                            8.8.8.8
                            dns.google
                            IN A
                            8.8.4.4
                          • flag-us
                            GET
                            https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                            chrome.exe
                            Remote address:
                            8.8.8.8:443
                            Request
                            GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                            host: dns.google
                            accept: application/dns-message
                            accept-language: *
                            user-agent: Chrome
                            accept-encoding: identity
                          • flag-us
                            GET
                            https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                            chrome.exe
                            Remote address:
                            8.8.8.8:443
                            Request
                            GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                            host: dns.google
                            accept: application/dns-message
                            accept-language: *
                            user-agent: Chrome
                            accept-encoding: identity
                          • flag-us
                            GET
                            https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                            chrome.exe
                            Remote address:
                            8.8.8.8:443
                            Request
                            GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                            host: dns.google
                            accept: application/dns-message
                            accept-language: *
                            user-agent: Chrome
                            accept-encoding: identity
                          • flag-us
                            GET
                            https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                            chrome.exe
                            Remote address:
                            8.8.8.8:443
                            Request
                            GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                            host: dns.google
                            accept: application/dns-message
                            accept-language: *
                            user-agent: Chrome
                            accept-encoding: identity
                          • 142.251.36.45:443
                            https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                            tls, http2
                            chrome.exe
                            1.8kB
                            7.6kB
                            16
                            17

                            HTTP Request

                            POST https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                          • 172.217.168.238:443
                            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D83%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D83%2526e%253D1
                            tls, http2
                            chrome.exe
                            2.1kB
                            9.6kB
                            17
                            17

                            HTTP Request

                            GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D83%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D83%2526e%253D1
                          • 142.250.179.163:80
                            http://update.googleapis.com/favicon.ico
                            http
                            chrome.exe
                            1.1kB
                            3.8kB
                            7
                            8

                            HTTP Request

                            GET http://update.googleapis.com/

                            HTTP Response

                            404

                            HTTP Request

                            GET http://update.googleapis.com/favicon.ico

                            HTTP Response

                            404
                          • 142.250.179.163:80
                            update.googleapis.com
                            chrome.exe
                            144 B
                            104 B
                            3
                            2
                          • 142.251.39.100:80
                            http://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
                            http
                            chrome.exe
                            667 B
                            4.0kB
                            6
                            6

                            HTTP Request

                            GET http://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png

                            HTTP Response

                            200
                          • 142.251.39.100:80
                            http://www.google.com/images/errors/robot.png
                            http
                            chrome.exe
                            677 B
                            7.3kB
                            7
                            9

                            HTTP Request

                            GET http://www.google.com/images/errors/robot.png

                            HTTP Response

                            200
                          • 34.104.35.123:80
                            http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
                            http
                            chrome.exe
                            4.8kB
                            256.6kB
                            96
                            187

                            HTTP Request

                            GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

                            HTTP Response

                            200
                          • 216.58.208.99:443
                            https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
                            tls, http2
                            chrome.exe
                            3.5kB
                            91.9kB
                            55
                            73

                            HTTP Request

                            GET https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
                          • 8.8.8.8:443
                            https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                            tls, http2
                            chrome.exe
                            1.5kB
                            6.9kB
                            13
                            13

                            HTTP Request

                            GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                          • 8.8.8.8:443
                            https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                            tls, http2
                            chrome.exe
                            1.8kB
                            7.7kB
                            15
                            18

                            HTTP Request

                            GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                            HTTP Request

                            GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                          • 8.8.8.8:443
                            https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                            tls, http2
                            chrome.exe
                            1.5kB
                            6.9kB
                            13
                            13

                            HTTP Request

                            GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                          • 209.197.3.8:80
                            322 B
                            7
                          • 20.189.173.12:443
                            322 B
                            7
                          • 87.248.202.1:80
                            92 B
                            2
                          • 224.0.0.251:5353
                            chrome.exe
                            2.1kB
                            35
                          • 8.8.8.8:53
                            accounts.google.com
                            dns
                            chrome.exe
                            65 B
                            81 B
                            1
                            1

                            DNS Request

                            accounts.google.com

                            DNS Response

                            142.251.36.45

                          • 8.8.8.8:53
                            clients2.google.com
                            dns
                            chrome.exe
                            65 B
                            105 B
                            1
                            1

                            DNS Request

                            clients2.google.com

                            DNS Response

                            172.217.168.238

                          • 8.8.8.8:53
                            update.googleapis.com
                            dns
                            chrome.exe
                            67 B
                            83 B
                            1
                            1

                            DNS Request

                            update.googleapis.com

                            DNS Response

                            142.250.179.163

                          • 8.8.8.8:53
                            edgedl.me.gvt1.com
                            dns
                            chrome.exe
                            64 B
                            80 B
                            1
                            1

                            DNS Request

                            edgedl.me.gvt1.com

                            DNS Response

                            34.104.35.123

                          • 8.8.8.8:53
                            ssl.gstatic.com
                            dns
                            chrome.exe
                            61 B
                            77 B
                            1
                            1

                            DNS Request

                            ssl.gstatic.com

                            DNS Response

                            216.58.208.99

                          • 8.8.8.8:53
                            dns.google
                            dns
                            chrome.exe
                            56 B
                            88 B
                            1
                            1

                            DNS Request

                            dns.google

                            DNS Response

                            8.8.8.8
                            8.8.4.4

                          MITRE ATT&CK Enterprise v6

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.