hxxps://www[.]mediafire[.]com/file/rgch58pqbmht4w8/GTA_SA_ANDROID_10_11_12[.]apk/file

Analysis

max time kernel
1650s
max time network
1774s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/02/2023, 23:50 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/rgch58pqbmht4w8/GTA_SA_ANDROID_10_11_12.apk/file

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2948	ChromeRecovery.exe

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2900_1635990592\manifest.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2900_1635990592\_metadata\verified_contents.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2900_1635990592\_metadata\verified_contents.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2900_1635990592\ChromeRecoveryCRX.crx	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2900_1635990592\ChromeRecovery.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2900_1635990592\ChromeRecovery.exe	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2900_1635990592\manifest.json	elevation_service.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 25 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{63E38301-A681-11ED-965B-E20468906380} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1064	chrome.exe
1320	chrome.exe
1320	chrome.exe
2292	chrome.exe
1320	chrome.exe
1320	chrome.exe
2424	chrome.exe
2936	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
780	iexplore.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
780	iexplore.exe
780	iexplore.exe
1288	IEXPLORE.EXE
1288	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 1288	780	iexplore.exe	28
PID 780 wrote to memory of 1288	780	iexplore.exe	28
PID 780 wrote to memory of 1288	780	iexplore.exe	28
PID 780 wrote to memory of 1288	780	iexplore.exe	28
PID 1320 wrote to memory of 1528	1320	chrome.exe	31
PID 1320 wrote to memory of 1528	1320	chrome.exe	31
PID 1320 wrote to memory of 1528	1320	chrome.exe	31
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 972	1320	chrome.exe	32
PID 1320 wrote to memory of 1064	1320	chrome.exe	33
PID 1320 wrote to memory of 1064	1320	chrome.exe	33
PID 1320 wrote to memory of 1064	1320	chrome.exe	33
PID 1320 wrote to memory of 1324	1320	chrome.exe	34
PID 1320 wrote to memory of 1324	1320	chrome.exe	34
PID 1320 wrote to memory of 1324	1320	chrome.exe	34
PID 1320 wrote to memory of 1324	1320	chrome.exe	34
PID 1320 wrote to memory of 1324	1320	chrome.exe	34
PID 1320 wrote to memory of 1324	1320	chrome.exe	34
PID 1320 wrote to memory of 1324	1320	chrome.exe	34
PID 1320 wrote to memory of 1324	1320	chrome.exe	34
PID 1320 wrote to memory of 1324	1320	chrome.exe	34
PID 1320 wrote to memory of 1324	1320	chrome.exe	34
PID 1320 wrote to memory of 1324	1320	chrome.exe	34
PID 1320 wrote to memory of 1324	1320	chrome.exe	34
PID 1320 wrote to memory of 1324	1320	chrome.exe	34

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.mediafire.com/file/rgch58pqbmht4w8/GTA_SA_ANDROID_10_11_12.apk/file
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:780
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:780 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c74f50,0x7fef6c74f60,0x7fef6c74f70
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1032 /prefetch:2
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1644 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3280 /prefetch:2
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3624 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1492 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3812 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3128 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3148 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=964 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=712 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3784 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3140 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3836 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1912 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=712 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1912 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,6590854692072113347,5846137525887125216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1900 /prefetch:8
  2⤵
  PID:2984

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
1⤵
- Drops file in Program Files directory
PID:2900
- C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2900_1635990592\ChromeRecovery.exe
  "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2900_1635990592\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={9eeb13c4-14e0-49ac-bd9f-2ea1ca2ee153} --system
  2⤵
  - Executes dropped EXE
  PID:2948

Network

DNS

www.mediafire.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.mediafire.com

IN A

Response

www.mediafire.com

IN A

104.16.53.48

www.mediafire.com

IN A

104.16.54.48
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.168.238
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.36.45
POST

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

chrome.exe

Remote address:

142.251.36.45:443

Request

POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
host: accounts.google.com
content-length: 1
origin: https://www.google.com
content-type: application/x-www-form-urlencoded
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D178%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D178%2526e%253D1

chrome.exe

Remote address:

172.217.168.238:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D178%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D178%2526e%253D1 HTTP/2.0
host: clients2.google.com
x-goog-update-interactivity: fg
x-goog-update-appid: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
x-goog-update-updater: chromecrx-89.0.4389.114
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

chrome.exe

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
Host: edgedl.me.gvt1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 248531
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 4253d0ac-43e4-46f9-8d05-71608dd58d2a
date: Mon, 06 Feb 2023 03:16:53 GMT
age: 74019
last-modified: Fri, 25 Feb 2022 22:08:36 GMT
etag: "c994e6"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
DNS

dns.google

chrome.exe

Remote address:

8.8.8.8:53

Request

dns.google

IN A

Response

dns.google

IN A

8.8.8.8

dns.google

IN A

8.8.4.4
DNS

dns.google

chrome.exe

Remote address:

8.8.8.8:53

Request

dns.google

IN A

Response

dns.google

IN A

8.8.4.4

dns.google

IN A

8.8.8.8
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAVQAMAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAVQAMAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3NzbAdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3NzbAdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBGFwaXMGZ29vZ2xlA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABBGFwaXMGZ29vZ2xlA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb

chrome.exe

Remote address:

216.58.208.99:443

Request

GET /safebrowsing/csd/client_model_v5_variation_6.pb HTTP/2.0
host: ssl.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0

chrome.exe

Remote address:

216.58.208.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: 1P_JAR=2023-02-06-23
cookie: NID=511=t91Z3CTg-71UCbFha6nn5WKOOSi19vRw7YFjVKGg5ulRyMjaBiaQG8Z2N7WQJx_R_MgK1CZLZA60Edbnrvp6O5hBdA5t3nKzrolCTrD5f30MbYq7133dEpuxQmBmhosEI-Oq5AFmRr1ni9kvXY8sN6occlA8sCKqleTQ9hYwvc8
POST

https://update.googleapis.com/service/update2/json?cup2key=10:1422495588&cup2hreq=93592fd67418a64042391405482722d5f5443f9e79f440802f55167c9c9ba1c6

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json?cup2key=10:1422495588&cup2hreq=93592fd67418a64042391405482722d5f5443f9e79f440802f55167c9c9ba1c6 HTTP/2.0
host: update.googleapis.com
content-length: 3034
x-goog-update-appid: ihnlcenocehgdaegdmhbidjhnhdchfmm,obedbbhbpmojnkanicioggnmelmoomoc,llkgjffcdpffmhiakmfcdcblohccpfmo,hnimpnehoodheedghdeeijklkeaacbdc,hfnkpimlhhgieaddgfemjhofmfblmnib,cmahhnpholdijhjokonmfdjbfmklppij,khaoiebndkojlmppeemjhbpbandiljpe,gcmjkmgdlgnkkcocmoeiminaijmmjnii,giekcmmlnklenlaomppkphknjmnnpneh,ehgidpndbllacpjalkiimkbadgjfnnmc,bklopemakmnopmghhmccadeonafabnal,aemomkdncapdnfajjbbcbdebjljbpmpj,jflookgnkcckhobaglndicnbbgbonegd,ojhpjlocmbogdgmfpkhlaaeamibhnphh,gkmgaooipdjhmangpemjhigmamcehddo,jamhcnnkihinmdlkakkaopbjbbcngflc,eeigpngbgcognadeebkilcpcaedhellh,oimompecagnajdejgnnjijobebaeigek,ggkkehgbnfjpeggfpleeakpidbkibbmn
x-goog-update-interactivity: bg
x-goog-update-updater: chrome-89.0.4389.114
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 1071
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 1085
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 1008
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 1031
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 1002
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 950
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 990
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 1012
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 935
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 148557
x-request-id: 0e02f003-dcb3-4e29-992e-2e6a2ac8b311
date: Mon, 06 Feb 2023 14:49:24 GMT
age: 32696
last-modified: Mon, 16 May 2022 15:33:39 GMT
etag: "debf6d"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 16 May 2022 15:33:39 GMT
Range: bytes=0-6175
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 6176
x-request-id: 6c7317bd-08bb-483c-80d5-8a05368b1953
date: Mon, 06 Feb 2023 14:49:24 GMT
age: 32710
last-modified: Mon, 16 May 2022 15:33:39 GMT
etag: "debf6d"
content-type: application/octet-stream
content-range: bytes 0-6175/148557
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 16 May 2022 15:33:39 GMT
Range: bytes=6176-16892
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 10717
x-request-id: 46998df5-abf7-474c-9e5c-6638df95ff48
date: Mon, 06 Feb 2023 14:49:24 GMT
age: 32721
last-modified: Mon, 16 May 2022 15:33:39 GMT
etag: "debf6d"
content-type: application/octet-stream
content-range: bytes 6176-16892/148557
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 16 May 2022 15:33:39 GMT
Range: bytes=16893-26537
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 9645
x-request-id: 9bd9f67a-1757-4826-959d-436980ea829a
date: Mon, 06 Feb 2023 14:49:24 GMT
age: 32727
last-modified: Mon, 16 May 2022 15:33:39 GMT
etag: "debf6d"
content-type: application/octet-stream
content-range: bytes 16893-26537/148557
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 16 May 2022 15:33:39 GMT
Range: bytes=26538-35451
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 8914
x-request-id: e81136ef-f198-4ccc-9cf7-3984cb91ec97
date: Mon, 06 Feb 2023 14:49:24 GMT
age: 32729
last-modified: Mon, 16 May 2022 15:33:39 GMT
etag: "debf6d"
content-type: application/octet-stream
content-range: bytes 26538-35451/148557
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 16 May 2022 15:33:39 GMT
Range: bytes=35452-56157
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 20706
x-request-id: c204a175-d254-4c19-bbcd-bf0bfb55c1e0
date: Mon, 06 Feb 2023 14:49:24 GMT
age: 32731
last-modified: Mon, 16 May 2022 15:33:39 GMT
etag: "debf6d"
content-type: application/octet-stream
content-range: bytes 35452-56157/148557
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 16 May 2022 15:33:39 GMT
Range: bytes=56158-102384
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 46227
x-request-id: 28c6f9d0-e850-4d99-aa98-5724fa9be677
date: Mon, 06 Feb 2023 14:49:24 GMT
age: 32735
last-modified: Mon, 16 May 2022 15:33:39 GMT
etag: "debf6d"
content-type: application/octet-stream
content-range: bytes 56158-102384/148557
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 16 May 2022 15:33:39 GMT
Range: bytes=102385-148556
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 46172
x-request-id: 74fc6d4c-3bb1-4af8-8167-3668b96c2dfa
date: Mon, 06 Feb 2023 14:49:24 GMT
age: 32737
last-modified: Mon, 16 May 2022 15:33:39 GMT
etag: "debf6d"
content-type: application/octet-stream
content-range: bytes 102385-148556/148557
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
DNS

safebrowsing.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

safebrowsing.googleapis.com

IN A

Response

safebrowsing.googleapis.com

IN A

142.250.179.170
GET

https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

chrome.exe

Remote address:

142.250.179.170:443

Request

GET /v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/2.0
host: safebrowsing.googleapis.com
x-http-method-override: POST
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABB2JlYWNvbnMDZ2NwBGd2dDIDY29tAAABAAEAACkQAAAAAAAATwAMAEsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABB2JlYWNvbnMDZ2NwBGd2dDIDY29tAAABAAEAACkQAAAAAAAATwAMAEsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABCGNsaWVudHMyBmdvb2dsZQNjb20AAAEAAQAAKRAAAAAAAABQAAwATAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABCGNsaWVudHMyBmdvb2dsZQNjb20AAAEAAQAAKRAAAAAAAABQAAwATAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABCGJlYWNvbnM0BGd2dDIDY29tAAABAAEAACkQAAAAAAAAUgAMAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABCGJlYWNvbnM0BGd2dDIDY29tAAABAAEAACkQAAAAAAAAUgAMAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABCGJlYWNvbnMyBGd2dDIDY29tAAABAAEAACkQAAAAAAAAUgAMAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABCGJlYWNvbnMyBGd2dDIDY29tAAABAAEAACkQAAAAAAAAUgAMAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

142.250.200.35:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 513
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

142.250.200.35:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 335
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://clients2.google.com/domainreliability/upload-nel

chrome.exe

Remote address:

172.217.168.238:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: clients2.google.com
origin: https://beacons.gcp.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://clients2.google.com/domainreliability/upload-nel

chrome.exe

Remote address:

172.217.168.238:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: clients2.google.com
origin: https://beacons.gcp.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 1003140
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 4077d927-c53e-4447-8d44-047b29b3e160
date: Mon, 06 Feb 2023 11:20:55 GMT
age: 45390
last-modified: Wed, 01 Feb 2023 00:15:04 GMT
etag: "12ad975"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 01 Feb 2023 00:15:04 GMT
Range: bytes=0-148622
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 148623
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 3db7f804-cead-4e04-af34-b75eec4e7960
date: Mon, 06 Feb 2023 11:20:55 GMT
age: 45391
last-modified: Wed, 01 Feb 2023 00:15:04 GMT
etag: "12ad975"
content-type: application/octet-stream
content-range: bytes 0-148622/1003140
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 01 Feb 2023 00:15:04 GMT
Range: bytes=148623-485344
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 336722
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 45f3cfec-8b59-4692-a7d5-54d919e152f4
date: Mon, 06 Feb 2023 11:20:55 GMT
age: 45393
last-modified: Wed, 01 Feb 2023 00:15:04 GMT
etag: "12ad975"
content-type: application/octet-stream
content-range: bytes 148623-485344/1003140
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 01 Feb 2023 00:15:04 GMT
Range: bytes=485345-1003139
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 517795
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: cfdaf9d4-14f0-4878-9cff-8924120f2d96
date: Mon, 06 Feb 2023 11:20:55 GMT
age: 45395
last-modified: Wed, 01 Feb 2023 00:15:04 GMT
etag: "12ad975"
content-type: application/octet-stream
content-range: bytes 485345-1003139/1003140
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
OPTIONS

https://beacons4.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.116:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: beacons4.gvt2.com
origin: https://beacons.gcp.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons4.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.116:443

Request

POST /domainreliability/upload-nel HTTP/2.0
host: beacons4.gvt2.com
content-length: 411
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://beacons2.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

142.251.220.195:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: beacons2.gvt2.com
origin: https://beacons4.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons2.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

142.251.220.195:443

Request

POST /domainreliability/upload-nel HTTP/2.0
host: beacons2.gvt2.com
content-length: 410
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
HEAD

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 2876
x-request-id: ef3d09f5-7c3c-4f52-a5ff-bc861e533582
date: Mon, 06 Feb 2023 04:58:58 GMT
age: 68464
last-modified: Wed, 23 Mar 2022 16:40:40 GMT
etag: "d1bcdc"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 23 Mar 2022 16:40:40 GMT
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 2876
x-request-id: 0bad0d2f-64ab-4251-ad0c-2be52cade75c
date: Mon, 06 Feb 2023 04:58:58 GMT
age: 68466
last-modified: Wed, 23 Mar 2022 16:40:40 GMT
etag: "d1bcdc"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
HEAD

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 6760942
x-request-id: c86f64bc-ec49-4a58-b233-df2f081570bf
date: Mon, 06 Feb 2023 17:00:47 GMT
age: 25321
last-modified: Wed, 10 Oct 2018 17:49:21 GMT
etag: "2e2fe7"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
Range: bytes=0-659609
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 659610
x-request-id: a77dec24-11b4-4744-b412-403d5a1565e6
date: Mon, 06 Feb 2023 17:00:47 GMT
age: 25323
last-modified: Wed, 10 Oct 2018 17:49:21 GMT
etag: "2e2fe7"
content-type: application/x-chrome-extension
content-range: bytes 0-659609/6760942
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
Range: bytes=659610-1762531
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 1102922
x-request-id: 42fb3a7f-755f-4796-80a2-d619bbf4f012
date: Mon, 06 Feb 2023 17:00:47 GMT
age: 25324
last-modified: Wed, 10 Oct 2018 17:49:21 GMT
etag: "2e2fe7"
content-type: application/x-chrome-extension
content-range: bytes 659610-1762531/6760942
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
Range: bytes=1762532-3975475
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 2212944
x-request-id: b6b436a8-7443-4d3f-a970-8c95fed586d3
date: Mon, 06 Feb 2023 17:00:47 GMT
age: 25326
last-modified: Wed, 10 Oct 2018 17:49:21 GMT
etag: "2e2fe7"
content-type: application/x-chrome-extension
content-range: bytes 1762532-3975475/6760942
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
Range: bytes=3975476-6760941
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 2785466
x-request-id: 0108d14b-3d9d-4f99-b19a-261ecbaefbc5
date: Mon, 06 Feb 2023 17:00:47 GMT
age: 25328
last-modified: Wed, 10 Oct 2018 17:49:21 GMT
etag: "2e2fe7"
content-type: application/x-chrome-extension
content-range: bytes 3975476-6760941/6760942
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ljcfhm4dlaj5r7t5eisspxo6ee_7853/hfnkpimlhhgieaddgfemjhofmfblmnib_7853_all_ehvn6oreb7pi6f5jl6d2h6hfty.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/ljcfhm4dlaj5r7t5eisspxo6ee_7853/hfnkpimlhhgieaddgfemjhofmfblmnib_7853_all_ehvn6oreb7pi6f5jl6d2h6hfty.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 25290
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 6c55421c-cd4a-4573-b2a2-d781d1641522
date: Mon, 06 Feb 2023 20:21:50 GMT
last-modified: Mon, 06 Feb 2023 20:19:54 GMT
etag: "12d1785"
content-type: application/octet-stream
age: 13447
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ljcfhm4dlaj5r7t5eisspxo6ee_7853/hfnkpimlhhgieaddgfemjhofmfblmnib_7853_all_ehvn6oreb7pi6f5jl6d2h6hfty.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ljcfhm4dlaj5r7t5eisspxo6ee_7853/hfnkpimlhhgieaddgfemjhofmfblmnib_7853_all_ehvn6oreb7pi6f5jl6d2h6hfty.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 06 Feb 2023 20:19:54 GMT
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 25290
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: f521cf5f-6a79-454d-80f0-b3fa07941011
date: Mon, 06 Feb 2023 20:21:50 GMT
last-modified: Mon, 06 Feb 2023 20:19:54 GMT
etag: "12d1785"
content-type: application/octet-stream
age: 13449
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: fe9b800d-493a-4f04-aa23-c71cd0c64547
content-length: 9555
date: Mon, 06 Feb 2023 09:02:31 GMT
age: 54397
last-modified: Mon, 29 Mar 2021 22:42:38 GMT
etag: "9deda9"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 29 Mar 2021 22:42:38 GMT
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 97a0b013-93f1-49d7-8cdc-2abc65b6378e
content-length: 9555
date: Mon, 06 Feb 2023 09:02:31 GMT
age: 54399
last-modified: Mon, 29 Mar 2021 22:42:38 GMT
etag: "9deda9"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 5571
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: b5f6b951-829d-42be-8410-3e525d7bcb48
date: Mon, 06 Feb 2023 10:00:09 GMT
age: 51138
last-modified: Thu, 19 Jan 2023 23:21:44 GMT
etag: "1258e3f"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 19 Jan 2023 23:21:44 GMT
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 5571
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: caed15de-e475-46bc-8db5-f34b88671691
date: Mon, 06 Feb 2023 10:00:09 GMT
age: 51139
last-modified: Thu, 19 Jan 2023 23:21:44 GMT
etag: "1258e3f"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 374691c2-ae5b-4f46-b3bf-dd2b34ae66e0
content-length: 41029
date: Mon, 06 Feb 2023 16:38:30 GMT
age: 27449
last-modified: Fri, 16 Dec 2022 17:42:20 GMT
etag: "10d3771"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 16 Dec 2022 17:42:20 GMT
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: b556f891-29e4-414f-ac34-cb7a3157a723
content-length: 41029
date: Mon, 06 Feb 2023 16:38:30 GMT
age: 27451
last-modified: Fri, 16 Dec 2022 17:42:20 GMT
etag: "10d3771"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

last-modified: Wed, 17 Jul 2019 00:41:02 GMT
accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 5bf062d6-1ba7-4a1e-ae5f-c8cd15c6cadd
date: Mon, 06 Feb 2023 08:41:05 GMT
age: 56316
content-type: application/octet-stream
content-length: 5406
etag: "413d8a"
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 17 Jul 2019 00:41:02 GMT
User-Agent: Microsoft BITS/7.5
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

last-modified: Wed, 17 Jul 2019 00:41:02 GMT
accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 25f3b28b-fdd4-4491-8b00-d5958b85d12f
date: Mon, 06 Feb 2023 08:41:05 GMT
age: 56317
content-type: application/octet-stream
content-length: 5406
etag: "413d8a"
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server

104.16.53.48:443

www.mediafire.com

tls

IEXPLORE.EXE

686 B
5.6kB
8
8
104.16.53.48:443

www.mediafire.com

tls

IEXPLORE.EXE

686 B
5.6kB
8
8
142.251.36.45:443

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

tls, http2

chrome.exe

2.0kB
7.7kB
21
23

HTTP Request

POST https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
172.217.168.238:443

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D178%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D178%2526e%253D1

tls, http2

chrome.exe

2.3kB
11.1kB
20
24

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D178%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D178%2526e%253D1
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

http

chrome.exe

5.4kB
257.4kB
108
198

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

HTTP Response

200
8.8.8.8:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

2.9kB
9.4kB
31
38

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBGFwaXMGZ29vZ2xlA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

3.4kB
10.9kB
34
45

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAVQAMAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3NzbAdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABBGFwaXMGZ29vZ2xlA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
216.58.208.99:443

https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb

tls, http2

chrome.exe

3.3kB
92.3kB
51
80

HTTP Request

GET https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
216.58.208.110:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0

tls, http2

chrome.exe

2.7kB
46.2kB
32
46

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0
142.250.179.163:443

https://update.googleapis.com/service/update2/json

tls, http2

chrome.exe

21.1kB
23.6kB
101
130

HTTP Request

POST https://update.googleapis.com/service/update2/json?cup2key=10:1422495588&cup2hreq=93592fd67418a64042391405482722d5f5443f9e79f440802f55167c9c9ba1c6

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

1.8kB
7.3kB
19
21

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

http

6.3kB
162.1kB
74
126

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

HTTP Response

206
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

1.9kB
7.3kB
20
21

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
142.250.179.170:443

https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

tls, http2

chrome.exe

214.8kB
12.8MB
4640
9155

HTTP Request

GET https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABCGJlYWNvbnMyBGd2dDIDY29tAAABAAEAACkQAAAAAAAAUgAMAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

3.3kB
5.7kB
35
43

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABB2JlYWNvbnMDZ2NwBGd2dDIDY29tAAABAAEAACkQAAAAAAAATwAMAEsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABCGNsaWVudHMyBmdvb2dsZQNjb20AAAEAAQAAKRAAAAAAAABQAAwATAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABCGJlYWNvbnM0BGd2dDIDY29tAAABAAEAACkQAAAAAAAAUgAMAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABCGJlYWNvbnMyBGd2dDIDY29tAAABAAEAACkQAAAAAAAAUgAMAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
142.250.200.35:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

3.4kB
7.5kB
29
30

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
172.217.168.238:443

https://clients2.google.com/domainreliability/upload-nel

tls, http2

chrome.exe

2.5kB
5.7kB
26
28

HTTP Request

OPTIONS https://clients2.google.com/domainreliability/upload-nel

HTTP Request

OPTIONS https://clients2.google.com/domainreliability/upload-nel
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3

http

19.1kB
1.0MB
384
751

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adacwonpgv7tzwuw37ltbvdyki2q_20230124.505550798/obedbbhbpmojnkanicioggnmelmoomoc_20230124.505550798_all_ENUS_adytscpkyvbgujaoimhtwkt4k2bq.crx3

HTTP Response

206
216.239.32.116:443

https://beacons4.gvt2.com/domainreliability/upload-nel

tls, http2

chrome.exe

2.8kB
7.8kB
25
27

HTTP Request

OPTIONS https://beacons4.gvt2.com/domainreliability/upload-nel

HTTP Request

POST https://beacons4.gvt2.com/domainreliability/upload-nel
142.251.220.195:443

https://beacons2.gvt2.com/domainreliability/upload-nel

tls, http2

chrome.exe

2.8kB
7.5kB
26
29

HTTP Request

OPTIONS https://beacons2.gvt2.com/domainreliability/upload-nel

HTTP Request

POST https://beacons2.gvt2.com/domainreliability/upload-nel
142.251.220.195:443

beacons2.gvt2.com

tls, https

chrome.exe

1.3kB
5.9kB
16
18
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

http

975 B
5.7kB
8
9

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

HTTP Response

200
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

http

119.5kB
7.0MB
2560
5010

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

HTTP Response

206
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ljcfhm4dlaj5r7t5eisspxo6ee_7853/hfnkpimlhhgieaddgfemjhofmfblmnib_7853_all_ehvn6oreb7pi6f5jl6d2h6hfty.crx3

http

1.4kB
27.9kB
17
24

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ljcfhm4dlaj5r7t5eisspxo6ee_7853/hfnkpimlhhgieaddgfemjhofmfblmnib_7853_all_ehvn6oreb7pi6f5jl6d2h6hfty.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ljcfhm4dlaj5r7t5eisspxo6ee_7853/hfnkpimlhhgieaddgfemjhofmfblmnib_7853_all_ehvn6oreb7pi6f5jl6d2h6hfty.crx3

HTTP Response

200
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

http

963 B
11.7kB
10
12

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

HTTP Response

200
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3

http

1.0kB
8.4kB
9
10

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3

HTTP Response

200
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3

http

1.6kB
45.0kB
22
36

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3

HTTP Response

200
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

http

865 B
7.5kB
8
10

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE

HTTP Response

200

8.8.8.8:53

www.mediafire.com

dns

IEXPLORE.EXE

63 B
95 B
1
1

DNS Request

www.mediafire.com

DNS Response

104.16.53.48

104.16.54.48
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

172.217.168.238
8.8.8.8:53

accounts.google.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.251.36.45
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123
8.8.8.8:53

dns.google

dns

chrome.exe

56 B
88 B
1
1

DNS Request

dns.google

DNS Response

8.8.8.8

8.8.4.4
8.8.8.8:53

dns.google

dns

chrome.exe

56 B
88 B
1
1

DNS Request

dns.google

DNS Response

8.8.4.4

8.8.8.8
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

320 B
5

DNS Request

edgedl.me.gvt1.com

DNS Request

edgedl.me.gvt1.com

DNS Request

edgedl.me.gvt1.com

DNS Request

edgedl.me.gvt1.com

DNS Request

edgedl.me.gvt1.com
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123
8.8.8.8:53

safebrowsing.googleapis.com

dns

chrome.exe

73 B
89 B
1
1

DNS Request

safebrowsing.googleapis.com

DNS Response

142.250.179.170

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2900_1635990592\ChromeRecovery.exe

Filesize
253KB

MD5
49ac3c96d270702a27b4895e4ce1f42a

SHA1
55b90405f1e1b72143c64113e8bc65608dd3fd76

SHA256
82aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f

SHA512
b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3

Filesize
141KB

MD5
ea1c1ffd3ea54d1fb117bfdbb3569c60

SHA1
10958b0f690ae8f5240e1528b1ccffff28a33272

SHA256
7c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d

SHA512
6c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf

Download Submit
memory/2948-58-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response