hxxps://save[.]spirit-airlines[.]com/pub/acc?_ri_=X0Gzc2X%3DAQpglLjHJlTQG1JtO6kvDoo0PNHLvNJFUDPzfdjzdD6YuRU3KzeP2zeiPfIHSTI2JfdcLA4zfVXtpKX%3DSYYRTRTRT&_ei_=E_EC0WN_x4VE_QTgJLYDtNfR78uWH48A_wrvqXK2wcnFPiANqTbFb3OLJSBO1vYkX4EOjaGZbDhHCvjJLS9L_tZ5cuoFQ7xOI9enkbegbvlfKTNyJwrqXS5bCIIpSxSTO5bA_KglgCDpm4O8pf5I5FzlmwwN7DBwvrKPX0

Analysis

max time kernel
90s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/02/2023, 19:19 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://save.spirit-airlines.com/pub/acc?_ri_=X0Gzc2X%3DAQpglLjHJlTQG1JtO6kvDoo0PNHLvNJFUDPzfdjzdD6YuRU3KzeP2zeiPfIHSTI2JfdcLA4zfVXtpKX%3DSYYRTRTRT&_ei_=E_EC0WN_x4VE_QTgJLYDtNfR78uWH48A_wrvqXK2wcnFPiANqTbFb3OLJSBO1vYkX4EOjaGZbDhHCvjJLS9L_tZ5cuoFQ7xOI9enkbegbvlfKTNyJwrqXS5bCIIpSxSTO5bA_KglgCDpm4O8pf5I5FzlmwwN7DBwvrKPX0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1908	4988	WerFault.exe	43

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1668	chrome.exe
1668	chrome.exe
388	chrome.exe
388	chrome.exe
3460	chrome.exe
3460	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
4064	chrome.exe
4064	chrome.exe
4116	chrome.exe
4116	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 388 wrote to memory of 3420	388	chrome.exe	82
PID 388 wrote to memory of 3420	388	chrome.exe	82
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1900	388	chrome.exe	84
PID 388 wrote to memory of 1668	388	chrome.exe	85
PID 388 wrote to memory of 1668	388	chrome.exe	85
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86
PID 388 wrote to memory of 3480	388	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://save.spirit-airlines.com/pub/acc?_ri_=X0Gzc2X%3DAQpglLjHJlTQG1JtO6kvDoo0PNHLvNJFUDPzfdjzdD6YuRU3KzeP2zeiPfIHSTI2JfdcLA4zfVXtpKX%3DSYYRTRTRT&_ei_=E_EC0WN_x4VE_QTgJLYDtNfR78uWH48A_wrvqXK2wcnFPiANqTbFb3OLJSBO1vYkX4EOjaGZbDhHCvjJLS9L_tZ5cuoFQ7xOI9enkbegbvlfKTNyJwrqXS5bCIIpSxSTO5bA_KglgCDpm4O8pf5I5FzlmwwN7DBwvrKPX0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa998c4f50,0x7ffa998c4f60,0x7ffa998c4f70
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1644 /prefetch:2
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4308 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4524 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4464 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=972 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,16089861002230519617,15893467038201479611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:2628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1364

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 460 -p 4988 -ip 4988
1⤵
PID:3324

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4988 -s 1576
1⤵
- Program crash
PID:1908

Network

DNS

save.spirit-airlines.com

chrome.exe

Remote address:

8.8.8.8:53

Request

save.spirit-airlines.com

IN A

Response

save.spirit-airlines.com

IN A

12.130.188.93
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.168.238
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.36.45
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D163%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D163%2526e%253D1

chrome.exe

Remote address:

172.217.168.238:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D163%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D163%2526e%253D1 HTTP/2.0
host: clients2.google.com
x-goog-update-interactivity: fg
x-goog-update-appid: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
x-goog-update-updater: chromecrx-89.0.4389.114
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

chrome.exe

Remote address:

142.251.36.45:443

Request

POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
host: accounts.google.com
content-length: 1
origin: https://www.google.com
content-type: application/x-www-form-urlencoded
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

chrome.exe

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
Host: edgedl.me.gvt1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 248531
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 2254897c-4ebf-4cba-b259-f491d1e2d6e6
date: Fri, 10 Feb 2023 19:24:45 GMT
age: 86109
last-modified: Fri, 25 Feb 2022 22:08:36 GMT
etag: "c994e6"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
DNS

ssl.gstatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

216.58.208.99
GET

https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb

chrome.exe

Remote address:

216.58.208.99:443

Request

GET /safebrowsing/csd/client_model_v5_variation_6.pb HTTP/2.0
host: ssl.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

dns.google

chrome.exe

Remote address:

8.8.8.8:53

Request

dns.google

IN A

Response

dns.google

IN A

8.8.8.8

dns.google

IN A

8.8.4.4
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
POST

https://update.googleapis.com/service/update2/json?cup2key=10:2863755644&cup2hreq=21b28c57cd8a8a5ca418c2deb91c036b01ea8ba4f102863b330298c096313a67

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json?cup2key=10:2863755644&cup2hreq=21b28c57cd8a8a5ca418c2deb91c036b01ea8ba4f102863b330298c096313a67 HTTP/2.0
host: update.googleapis.com
content-length: 3017
x-goog-update-appid: cmahhnpholdijhjokonmfdjbfmklppij,eeigpngbgcognadeebkilcpcaedhellh,llkgjffcdpffmhiakmfcdcblohccpfmo,gcmjkmgdlgnkkcocmoeiminaijmmjnii,khaoiebndkojlmppeemjhbpbandiljpe,ihnlcenocehgdaegdmhbidjhnhdchfmm,obedbbhbpmojnkanicioggnmelmoomoc,jamhcnnkihinmdlkakkaopbjbbcngflc,hnimpnehoodheedghdeeijklkeaacbdc,giekcmmlnklenlaomppkphknjmnnpneh,aemomkdncapdnfajjbbcbdebjljbpmpj,gkmgaooipdjhmangpemjhigmamcehddo,ojhpjlocmbogdgmfpkhlaaeamibhnphh,ggkkehgbnfjpeggfpleeakpidbkibbmn,ehgidpndbllacpjalkiimkbadgjfnnmc,jflookgnkcckhobaglndicnbbgbonegd,bklopemakmnopmghhmccadeonafabnal,hfnkpimlhhgieaddgfemjhofmfblmnib,oimompecagnajdejgnnjijobebaeigek
x-goog-update-interactivity: bg
x-goog-update-updater: chrome-89.0.4389.114
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 933
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 981
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 9555
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: dcfd4a41-eba0-4861-9889-5fbf48bdb097
date: Fri, 10 Feb 2023 20:08:39 GMT
age: 83535
last-modified: Mon, 29 Mar 2021 22:42:38 GMT
etag: "9deda9"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 29 Mar 2021 22:42:38 GMT
Range: bytes=0-1119
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 1120
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: ac874cd9-cd5c-4d20-81d8-c9cf785877f1
date: Fri, 10 Feb 2023 20:08:39 GMT
age: 83535
last-modified: Mon, 29 Mar 2021 22:42:38 GMT
etag: "9deda9"
content-type: application/octet-stream
content-range: bytes 0-1119/9555
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 29 Mar 2021 22:42:38 GMT
Range: bytes=1120-2886
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 1767
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: ee28802a-26a0-48c6-90ff-1d9a5fda9c0e
date: Fri, 10 Feb 2023 20:08:39 GMT
age: 83537
last-modified: Mon, 29 Mar 2021 22:42:38 GMT
etag: "9deda9"
content-type: application/octet-stream
content-range: bytes 1120-2886/9555
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 29 Mar 2021 22:42:38 GMT
Range: bytes=2887-7176
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 4290
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 64b7fb10-27d6-4cec-ab40-6e5e1d4b126b
date: Fri, 10 Feb 2023 20:08:39 GMT
age: 83539
last-modified: Mon, 29 Mar 2021 22:42:38 GMT
etag: "9deda9"
content-type: application/octet-stream
content-range: bytes 2887-7176/9555
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 29 Mar 2021 22:42:38 GMT
Range: bytes=7177-9554
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 2378
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 3a975e2f-769b-4835-9bad-bf6eb69690cd
date: Fri, 10 Feb 2023 20:08:39 GMT
age: 83541
last-modified: Mon, 29 Mar 2021 22:42:38 GMT
etag: "9deda9"
content-type: application/octet-stream
content-range: bytes 7177-9554/9555
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 113772
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 4e529a91-c513-419e-b77e-34e3de97d3c6
date: Sat, 11 Feb 2023 09:28:27 GMT
age: 35563
last-modified: Mon, 02 Nov 2020 15:59:03 GMT
etag: "764869"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 02 Nov 2020 15:59:03 GMT
Range: bytes=0-17968
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 17969
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: b7372dba-d529-4bd7-9745-6e3a0de7ab58
date: Sat, 11 Feb 2023 09:28:27 GMT
age: 35563
last-modified: Mon, 02 Nov 2020 15:59:03 GMT
etag: "764869"
content-type: application/octet-stream
content-range: bytes 0-17968/113772
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 02 Nov 2020 15:59:03 GMT
Range: bytes=17969-36337
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 18369
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 72736b13-6c03-4c61-aa02-9c977cd2311e
date: Sat, 11 Feb 2023 09:28:27 GMT
age: 35564
last-modified: Mon, 02 Nov 2020 15:59:03 GMT
etag: "764869"
content-type: application/octet-stream
content-range: bytes 17969-36337/113772
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 02 Nov 2020 15:59:03 GMT
Range: bytes=36338-38084
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 1747
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 361214c0-5010-4429-910e-d7395d290b22
date: Sat, 11 Feb 2023 09:28:27 GMT
age: 35565
last-modified: Mon, 02 Nov 2020 15:59:03 GMT
etag: "764869"
content-type: application/octet-stream
content-range: bytes 36338-38084/113772
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 02 Nov 2020 15:59:03 GMT
Range: bytes=38085-113771
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 75687
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 71b32117-964e-4808-a6b0-b5e89cccf3a9
date: Sat, 11 Feb 2023 09:28:27 GMT
age: 35567
last-modified: Mon, 02 Nov 2020 15:59:03 GMT
etag: "764869"
content-type: application/octet-stream
content-range: bytes 38085-113771/113772
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.8.8:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

chrome.exe

Remote address:

142.250.179.170:443

Request

GET /v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/2.0
host: safebrowsing.googleapis.com
x-http-method-override: POST
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br

117.18.237.29:80

92 B
80 B
2
2
172.217.168.238:443

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D163%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D163%2526e%253D1

tls, http2

chrome.exe

2.0kB
9.6kB
15
16

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D163%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D163%2526e%253D1
142.251.36.45:443

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

tls, http2

chrome.exe

1.7kB
7.5kB
15
17

HTTP Request

POST https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
12.130.188.93:443

save.spirit-airlines.com

tls

chrome.exe

2.2kB
6.5kB
11
13
12.130.188.93:443

save.spirit-airlines.com

tls

chrome.exe

1.9kB
6.8kB
10
14
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

http

chrome.exe

4.8kB
256.6kB
96
187

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

HTTP Response

200
12.130.188.93:443

save.spirit-airlines.com

tls

chrome.exe

1.9kB
5.3kB
10
12
216.58.208.99:443

https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb

tls, http2

chrome.exe

2.9kB
91.9kB
43
73

HTTP Request

GET https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
52.152.110.14:443

260 B
5
13.89.179.9:443

322 B
7
104.80.225.205:443

322 B
7
8.8.8.8:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

1.5kB
6.9kB
12
14

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
8.8.8.8:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

2.4kB
8.8kB
21
27

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
8.8.8.8:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

1.5kB
6.9kB
12
14

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
209.197.3.8:80

322 B
7
209.197.3.8:80

322 B
7
209.197.3.8:80

322 B
7
142.250.179.163:443

https://update.googleapis.com/service/update2/json

tls, http2

chrome.exe

8.1kB
13.3kB
28
35

HTTP Request

POST https://update.googleapis.com/service/update2/json?cup2key=10:2863755644&cup2hreq=21b28c57cd8a8a5ca418c2deb91c036b01ea8ba4f102863b330298c096313a67

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA

http

5.7kB
133.7kB
62
106

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

HTTP Response

206

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA

HTTP Response

206
8.8.8.8:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

1.9kB
7.8kB
17
20

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
142.250.179.170:443

https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

tls, http2

chrome.exe

96.2kB
5.3MB
2062
3805

HTTP Request

GET https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

224.0.0.251:5353

3.1kB
52
8.8.8.8:53

save.spirit-airlines.com

dns

chrome.exe

70 B
86 B
1
1

DNS Request

save.spirit-airlines.com

DNS Response

12.130.188.93
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

172.217.168.238
8.8.8.8:53

accounts.google.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.251.36.45
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123
8.8.8.8:53

ssl.gstatic.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

216.58.208.99
8.8.8.8:53

dns.google

dns

chrome.exe

56 B
88 B
1
1

DNS Request

dns.google

DNS Response

8.8.8.8

8.8.4.4
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

128 B
80 B
2
1

DNS Request

edgedl.me.gvt1.com

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.