Overview

overview

3

Static

static

1

Elmo.jpg

windows10-2004-x64

3

Elmo.jpg

windows11-21h2-x64

3

Resubmissions

16/05/2024, 16:39 UTC

240516-t6faysdh72 3

14/05/2024, 14:36 UTC

240514-ryw8dsbd49 3

14/05/2024, 14:35 UTC

240514-rx7yhaba9y 3

07/05/2024, 14:36 UTC

240507-rysvzabd3w 5

03/05/2024, 10:51 UTC

240503-mx5qxseg99 5

29/04/2024, 18:03 UTC

240429-wm3cgsgg97 3

29/04/2024, 16:46 UTC

240429-t99c7sfg7z 3

24/04/2024, 18:17 UTC

240424-ww3plseg63 3

23/04/2024, 17:19 UTC

240423-vvz2naac23 3

Analysis

  • max time kernel
    1802s
  • max time network
    1807s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2024, 18:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Elmo.jpg

  • Size

    5KB

  • MD5

    a6564d72511a7a126fca09696f55dda7

  • SHA1

    afe5009a79b718a57f7b47295bc2dbaf15f15b6d

  • SHA256

    20656fb66b0629c323be0f5a94ccbcdc7ba7fe8d14c6a11f90de18819cfc48b0

  • SHA512

    bb484a1c1283676583fa04539b77cf5735e45b60ba13e8911a7da417159475cf2b70f2cad7ef2ea7b65067b715ac1bc9c57f2169659da3831e4c32f58f504b0a

  • SSDEEP

    96:nBxQRQwdVJHiRfc3E1yU38aUuurzdm2l492S8VlrRV1TfHUniBTF4Tb42UvMmcUd:BWDCRoE1zUhL492FTVhsn0u2kM

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Elmo.jpg
    1⤵
      PID:1892
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:5012
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ffce92b9758,0x7ffce92b9768,0x7ffce92b9778
        2⤵
          PID:4360
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:2
          2⤵
            PID:2380
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:8
            2⤵
              PID:3556
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:8
              2⤵
                PID:2808
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:1
                2⤵
                  PID:3968
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:1
                  2⤵
                    PID:3632
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4688 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:1
                    2⤵
                      PID:2020
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:8
                      2⤵
                        PID:3144
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:8
                        2⤵
                          PID:5064
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:8
                          2⤵
                            PID:2152
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:8
                            2⤵
                              PID:3580
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4584 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:1
                              2⤵
                                PID:4592
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5504 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:1
                                2⤵
                                  PID:2588
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1880,i,10906295934281066406,16020886245099606026,131072 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3656
                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                1⤵
                                  PID:2324
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4792 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
                                  1⤵
                                    PID:2020
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4796 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
                                    1⤵
                                      PID:2372

                                    Network

                                    • flag-us
                                      DNS
                                      4.159.190.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      4.159.190.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      95.221.229.192.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      95.221.229.192.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      240.221.184.93.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      240.221.184.93.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      241.150.49.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      241.150.49.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      227.16.217.172.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      227.16.217.172.in-addr.arpa
                                      IN PTR
                                      Response
                                      227.16.217.172.in-addr.arpa
                                      IN PTR
                                      lhr48s28-in-f31e100net
                                      227.16.217.172.in-addr.arpa
                                      IN PTR
                                      mad08s04-in-f3�H
                                    • flag-us
                                      DNS
                                      227.16.217.172.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      227.16.217.172.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      www.google.com
                                      chrome.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      www.google.com
                                      IN A
                                      Response
                                      www.google.com
                                      IN A
                                      216.58.204.68
                                    • flag-gb
                                      GET
                                      https://www.google.com/async/ddljson?async=ntp:2
                                      chrome.exe
                                      Remote address:
                                      216.58.204.68:443
                                      Request
                                      GET /async/ddljson?async=ntp:2 HTTP/2.0
                                      host: www.google.com
                                      sec-fetch-site: none
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: empty
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-us
                                      DNS
                                      68.204.58.216.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      68.204.58.216.in-addr.arpa
                                      IN PTR
                                      Response
                                      68.204.58.216.in-addr.arpa
                                      IN PTR
                                      lhr25s13-in-f681e100net
                                      68.204.58.216.in-addr.arpa
                                      IN PTR
                                      lhr25s13-in-f4�H
                                      68.204.58.216.in-addr.arpa
                                      IN PTR
                                      lhr48s49-in-f4�H
                                    • flag-us
                                      DNS
                                      apis.google.com
                                      chrome.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      apis.google.com
                                      IN A
                                      Response
                                      apis.google.com
                                      IN CNAME
                                      plus.l.google.com
                                      plus.l.google.com
                                      IN A
                                      142.250.180.14
                                    • flag-us
                                      DNS
                                      3.200.250.142.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      3.200.250.142.in-addr.arpa
                                      IN PTR
                                      Response
                                      3.200.250.142.in-addr.arpa
                                      IN PTR
                                      lhr48s29-in-f31e100net
                                    • flag-gb
                                      GET
                                      https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0
                                      chrome.exe
                                      Remote address:
                                      142.250.180.14:443
                                      Request
                                      GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/2.0
                                      host: apis.google.com
                                      sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                      sec-ch-ua-platform: "Windows"
                                      accept: */*
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-us
                                      DNS
                                      14.180.250.142.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      14.180.250.142.in-addr.arpa
                                      IN PTR
                                      Response
                                      14.180.250.142.in-addr.arpa
                                      IN PTR
                                      lhr25s32-in-f141e100net
                                    • flag-us
                                      DNS
                                      157.123.68.40.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      157.123.68.40.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      ogs.google.com
                                      chrome.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      ogs.google.com
                                      IN A
                                      Response
                                      ogs.google.com
                                      IN CNAME
                                      www3.l.google.com
                                      www3.l.google.com
                                      IN A
                                      216.58.212.238
                                    • flag-us
                                      DNS
                                      ogs.google.com
                                      chrome.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      ogs.google.com
                                      IN A
                                    • flag-us
                                      DNS
                                      ogs.google.com
                                      chrome.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      ogs.google.com
                                      IN A
                                    • flag-us
                                      DNS
                                      171.39.242.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      171.39.242.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-gb
                                      GET
                                      https://ogs.google.com/widget/app/so?eom=1&awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
                                      chrome.exe
                                      Remote address:
                                      216.58.212.238:443
                                      Request
                                      GET /widget/app/so?eom=1&awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en HTTP/2.0
                                      host: ogs.google.com
                                      sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      upgrade-insecure-requests: 1
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: navigate
                                      sec-fetch-dest: iframe
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-us
                                      DNS
                                      ssl.gstatic.com
                                      chrome.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      ssl.gstatic.com
                                      IN A
                                      Response
                                      ssl.gstatic.com
                                      IN A
                                      142.250.200.3
                                    • flag-us
                                      DNS
                                      238.212.58.216.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      238.212.58.216.in-addr.arpa
                                      IN PTR
                                      Response
                                      238.212.58.216.in-addr.arpa
                                      IN PTR
                                      ams16s22-in-f2381e100net
                                      238.212.58.216.in-addr.arpa
                                      IN PTR
                                      ams16s22-in-f14�J
                                      238.212.58.216.in-addr.arpa
                                      IN PTR
                                      lhr25s28-in-f14�J
                                    • flag-us
                                      DNS
                                      0.205.248.87.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      0.205.248.87.in-addr.arpa
                                      IN PTR
                                      Response
                                      0.205.248.87.in-addr.arpa
                                      IN PTR
                                      https-87-248-205-0lgwllnwnet
                                    • flag-us
                                      DNS
                                      0.205.248.87.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      0.205.248.87.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      chromewebstore.googleapis.com
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      chromewebstore.googleapis.com
                                      IN A
                                      Response
                                      chromewebstore.googleapis.com
                                      IN A
                                      142.250.187.234
                                      chromewebstore.googleapis.com
                                      IN A
                                      142.250.200.42
                                      chromewebstore.googleapis.com
                                      IN A
                                      172.217.16.234
                                      chromewebstore.googleapis.com
                                      IN A
                                      142.250.200.10
                                      chromewebstore.googleapis.com
                                      IN A
                                      142.250.178.10
                                      chromewebstore.googleapis.com
                                      IN A
                                      216.58.201.106
                                      chromewebstore.googleapis.com
                                      IN A
                                      216.58.204.74
                                      chromewebstore.googleapis.com
                                      IN A
                                      216.58.213.10
                                      chromewebstore.googleapis.com
                                      IN A
                                      216.58.212.202
                                      chromewebstore.googleapis.com
                                      IN A
                                      216.58.212.234
                                      chromewebstore.googleapis.com
                                      IN A
                                      172.217.169.74
                                      chromewebstore.googleapis.com
                                      IN A
                                      142.250.179.234
                                      chromewebstore.googleapis.com
                                      IN A
                                      142.250.180.10
                                      chromewebstore.googleapis.com
                                      IN A
                                      142.250.187.202
                                    • flag-us
                                      DNS
                                      chromewebstore.googleapis.com
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      chromewebstore.googleapis.com
                                      IN Unknown
                                      Response
                                    • flag-us
                                      DNS
                                      pki.goog
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      pki.goog
                                      IN A
                                      Response
                                      pki.goog
                                      IN A
                                      216.239.32.29
                                    • flag-us
                                      DNS
                                      pki.goog
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      pki.goog
                                      IN Unknown
                                      Response
                                    • flag-us
                                      GET
                                      http://pki.goog/gsr1/gsr1.crt
                                      Remote address:
                                      216.239.32.29:80
                                      Request
                                      GET /gsr1/gsr1.crt HTTP/1.1
                                      Host: pki.goog
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 200 OK
                                      Accept-Ranges: bytes
                                      Content-Encoding: gzip
                                      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                      Cross-Origin-Resource-Policy: cross-origin
                                      Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                      Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                      Content-Length: 797
                                      X-Content-Type-Options: nosniff
                                      Server: sffe
                                      X-XSS-Protection: 0
                                      Date: Wed, 24 Apr 2024 17:40:28 GMT
                                      Expires: Wed, 24 Apr 2024 18:30:28 GMT
                                      Cache-Control: public, max-age=3000
                                      Age: 2276
                                      Last-Modified: Wed, 20 May 2020 16:45:00 GMT
                                      Content-Type: application/pkix-cert
                                      Vary: Accept-Encoding
                                    • flag-us
                                      GET
                                      http://pki.goog/repo/certs/gtsr1.der
                                      Remote address:
                                      216.239.32.29:80
                                      Request
                                      GET /repo/certs/gtsr1.der HTTP/1.1
                                      Host: pki.goog
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 200 OK
                                      Accept-Ranges: bytes
                                      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                      Cross-Origin-Resource-Policy: cross-origin
                                      Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                      Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                      Content-Length: 1371
                                      X-Content-Type-Options: nosniff
                                      Server: sffe
                                      X-XSS-Protection: 0
                                      Date: Wed, 24 Apr 2024 17:49:02 GMT
                                      Expires: Wed, 24 Apr 2024 18:39:02 GMT
                                      Cache-Control: public, max-age=3000
                                      Age: 1762
                                      Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
                                      Content-Type: application/pkix-cert
                                      Vary: Accept-Encoding
                                    • flag-us
                                      GET
                                      http://pki.goog/repo/certs/gts1c3.der
                                      Remote address:
                                      216.239.32.29:80
                                      Request
                                      GET /repo/certs/gts1c3.der HTTP/1.1
                                      Host: pki.goog
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 200 OK
                                      Accept-Ranges: bytes
                                      Content-Encoding: gzip
                                      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                      Cross-Origin-Resource-Policy: cross-origin
                                      Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                      Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                      Content-Length: 1304
                                      X-Content-Type-Options: nosniff
                                      Server: sffe
                                      X-XSS-Protection: 0
                                      Date: Wed, 24 Apr 2024 17:56:27 GMT
                                      Expires: Wed, 24 Apr 2024 18:46:27 GMT
                                      Cache-Control: public, max-age=3000
                                      Age: 1317
                                      Last-Modified: Mon, 17 Aug 2020 09:45:00 GMT
                                      Content-Type: application/pkix-cert
                                      Vary: Accept-Encoding
                                    • flag-us
                                      DNS
                                      234.187.250.142.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      234.187.250.142.in-addr.arpa
                                      IN PTR
                                      Response
                                      234.187.250.142.in-addr.arpa
                                      IN PTR
                                      lhr25s34-in-f101e100net
                                    • flag-us
                                      DNS
                                      234.187.250.142.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      234.187.250.142.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      29.32.239.216.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      29.32.239.216.in-addr.arpa
                                      IN PTR
                                      Response
                                      29.32.239.216.in-addr.arpa
                                      IN PTR
                                      any-in-201d1e100net
                                    • flag-us
                                      DNS
                                      13.86.106.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      13.86.106.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      13.86.106.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      13.86.106.20.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      13.86.106.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      13.86.106.20.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      104.219.191.52.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      104.219.191.52.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      30.243.111.52.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      30.243.111.52.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      beacons.gcp.gvt2.com
                                      chrome.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      beacons.gcp.gvt2.com
                                      IN A
                                      Response
                                      beacons.gcp.gvt2.com
                                      IN CNAME
                                      beacons-handoff.gcp.gvt2.com
                                      beacons-handoff.gcp.gvt2.com
                                      IN A
                                      192.178.49.163
                                    • flag-us
                                      DNS
                                      beacons.gcp.gvt2.com
                                      chrome.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      beacons.gcp.gvt2.com
                                      IN A
                                    • flag-us
                                      POST
                                      https://beacons.gcp.gvt2.com/domainreliability/upload
                                      chrome.exe
                                      Remote address:
                                      192.178.49.163:443
                                      Request
                                      POST /domainreliability/upload HTTP/2.0
                                      host: beacons.gcp.gvt2.com
                                      content-length: 269
                                      content-type: application/json; charset=utf-8
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-us
                                      POST
                                      https://beacons.gcp.gvt2.com/domainreliability/upload
                                      chrome.exe
                                      Remote address:
                                      192.178.49.163:443
                                      Request
                                      POST /domainreliability/upload HTTP/2.0
                                      host: beacons.gcp.gvt2.com
                                      content-length: 302
                                      content-type: application/json; charset=utf-8
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-us
                                      DNS
                                      163.49.178.192.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      163.49.178.192.in-addr.arpa
                                      IN PTR
                                      Response
                                      163.49.178.192.in-addr.arpa
                                      IN PTR
                                      phx19s05-in-f31e100net
                                    • flag-us
                                      DNS
                                      163.49.178.192.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      163.49.178.192.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      137.71.105.51.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      137.71.105.51.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      159.113.53.23.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      159.113.53.23.in-addr.arpa
                                      IN PTR
                                      Response
                                      159.113.53.23.in-addr.arpa
                                      IN PTR
                                      a23-53-113-159deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      159.113.53.23.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      159.113.53.23.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      50.23.12.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      50.23.12.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      50.23.12.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      50.23.12.20.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      75.159.190.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      75.159.190.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      75.159.190.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      75.159.190.20.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      75.159.190.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      75.159.190.20.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      9.228.82.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      9.228.82.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      9.228.82.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      9.228.82.20.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      206.221.208.4.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      206.221.208.4.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      206.221.208.4.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      206.221.208.4.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      21.114.53.23.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      21.114.53.23.in-addr.arpa
                                      IN PTR
                                      Response
                                      21.114.53.23.in-addr.arpa
                                      IN PTR
                                      a23-53-114-21deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      21.114.53.23.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      21.114.53.23.in-addr.arpa
                                      IN PTR
                                      Response
                                      21.114.53.23.in-addr.arpa
                                      IN PTR
                                      a23-53-114-21deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      56.126.166.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      56.126.166.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      56.126.166.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      56.126.166.20.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      154.173.246.72.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      154.173.246.72.in-addr.arpa
                                      IN PTR
                                      Response
                                      154.173.246.72.in-addr.arpa
                                      IN PTR
                                      a72-246-173-154deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      154.173.246.72.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      154.173.246.72.in-addr.arpa
                                      IN PTR
                                      Response
                                      154.173.246.72.in-addr.arpa
                                      IN PTR
                                      a72-246-173-154deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      156.33.209.4.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      156.33.209.4.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      156.33.209.4.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      156.33.209.4.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      119.110.54.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      119.110.54.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      140.71.91.104.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      140.71.91.104.in-addr.arpa
                                      IN PTR
                                      Response
                                      140.71.91.104.in-addr.arpa
                                      IN PTR
                                      a104-91-71-140deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      140.71.91.104.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      140.71.91.104.in-addr.arpa
                                      IN PTR
                                      Response
                                      140.71.91.104.in-addr.arpa
                                      IN PTR
                                      a104-91-71-140deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      172.210.232.199.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      172.210.232.199.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      172.210.232.199.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      172.210.232.199.in-addr.arpa
                                      IN PTR
                                      Response
                                    • 216.58.204.68:443
                                      https://www.google.com/async/ddljson?async=ntp:2
                                      tls, http2
                                      chrome.exe
                                      1.9kB
                                       7.5kB
                                       21
                                      21

                                      HTTP Request

                                      GET https://www.google.com/async/ddljson?async=ntp:2
                                    • 142.250.180.14:443
                                      apis.google.com
                                      tls, http2
                                      chrome.exe
                                      1.3kB
                                       1.6kB
                                       9
                                      6
                                    • 142.250.180.14:443
                                      https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0
                                      tls, http2
                                      chrome.exe
                                      3.1kB
                                       50.1kB
                                       42
                                      49

                                      HTTP Request

                                      GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0
                                    • 13.107.253.64:443
                                      46 B
                                       40 B
                                       1
                                      1
                                    • 216.58.212.238:443
                                      https://ogs.google.com/widget/app/so?eom=1&awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
                                      tls, http2
                                      chrome.exe
                                      2.8kB
                                       26.9kB
                                       33
                                      34

                                      HTTP Request

                                      GET https://ogs.google.com/widget/app/so?eom=1&awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
                                    • 142.250.187.234:443
                                      chromewebstore.googleapis.com
                                      tls
                                      1.1kB
                                       5.2kB
                                       10
                                      8
                                    • 216.239.32.29:80
                                      http://pki.goog/repo/certs/gts1c3.der
                                      http
                                      1.5kB
                                       6.1kB
                                       15
                                      11

                                      HTTP Request

                                      GET http://pki.goog/gsr1/gsr1.crt

                                      HTTP Response

                                      200

                                      HTTP Request

                                      GET http://pki.goog/repo/certs/gtsr1.der

                                      HTTP Response

                                      200

                                      HTTP Request

                                      GET http://pki.goog/repo/certs/gts1c3.der

                                      HTTP Response

                                      200
                                    • 192.178.49.163:443
                                      https://beacons.gcp.gvt2.com/domainreliability/upload
                                      tls, http2
                                      chrome.exe
                                      4.2kB
                                       7.9kB
                                       31
                                      28

                                      HTTP Request

                                      POST https://beacons.gcp.gvt2.com/domainreliability/upload

                                      HTTP Request

                                      POST https://beacons.gcp.gvt2.com/domainreliability/upload
                                    • 8.8.8.8:53
                                      4.159.190.20.in-addr.arpa
                                      dns
                                      71 B
                                       157 B
                                       1
                                      1

                                      DNS Request

                                      4.159.190.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      95.221.229.192.in-addr.arpa
                                      dns
                                      73 B
                                       144 B
                                       1
                                      1

                                      DNS Request

                                      95.221.229.192.in-addr.arpa

                                    • 8.8.8.8:53
                                      240.221.184.93.in-addr.arpa
                                      dns
                                      73 B
                                       144 B
                                       1
                                      1

                                      DNS Request

                                      240.221.184.93.in-addr.arpa

                                    • 8.8.8.8:53
                                      241.150.49.20.in-addr.arpa
                                      dns
                                      72 B
                                       158 B
                                       1
                                      1

                                      DNS Request

                                      241.150.49.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      227.16.217.172.in-addr.arpa
                                      dns
                                      146 B
                                       140 B
                                       2
                                      1

                                      DNS Request

                                      227.16.217.172.in-addr.arpa

                                      DNS Request

                                      227.16.217.172.in-addr.arpa

                                    • 8.8.8.8:53
                                      www.google.com
                                      dns
                                      chrome.exe
                                      60 B
                                       76 B
                                       1
                                      1

                                      DNS Request

                                      www.google.com

                                      DNS Response

                                      216.58.204.68

                                    • 216.58.204.68:443
                                      www.google.com
                                      https
                                      chrome.exe
                                      9.5kB
                                       120.1kB
                                       72
                                      112
                                    • 8.8.8.8:53
                                      68.204.58.216.in-addr.arpa
                                      dns
                                      72 B
                                       169 B
                                       1
                                      1

                                      DNS Request

                                      68.204.58.216.in-addr.arpa

                                    • 224.0.0.251:5353
                                      chrome.exe
                                      204 B
                                       3
                                    • 8.8.8.8:53
                                      apis.google.com
                                      dns
                                      chrome.exe
                                      61 B
                                       98 B
                                       1
                                      1

                                      DNS Request

                                      apis.google.com

                                      DNS Response

                                      142.250.180.14

                                    • 8.8.8.8:53
                                      3.200.250.142.in-addr.arpa
                                      dns
                                      72 B
                                       110 B
                                       1
                                      1

                                      DNS Request

                                      3.200.250.142.in-addr.arpa

                                    • 8.8.8.8:53
                                      14.180.250.142.in-addr.arpa
                                      dns
                                      73 B
                                       112 B
                                       1
                                      1

                                      DNS Request

                                      14.180.250.142.in-addr.arpa

                                    • 8.8.8.8:53
                                      157.123.68.40.in-addr.arpa
                                      dns
                                      72 B
                                       146 B
                                       1
                                      1

                                      DNS Request

                                      157.123.68.40.in-addr.arpa

                                    • 8.8.8.8:53
                                      ogs.google.com
                                      dns
                                      chrome.exe
                                      180 B
                                       97 B
                                       3
                                      1

                                      DNS Request

                                      ogs.google.com

                                      DNS Request

                                      ogs.google.com

                                      DNS Request

                                      ogs.google.com

                                      DNS Response

                                      216.58.212.238

                                    • 8.8.8.8:53
                                      171.39.242.20.in-addr.arpa
                                      dns
                                      72 B
                                       158 B
                                       1
                                      1

                                      DNS Request

                                      171.39.242.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      ssl.gstatic.com
                                      dns
                                      chrome.exe
                                      61 B
                                       77 B
                                       1
                                      1

                                      DNS Request

                                      ssl.gstatic.com

                                      DNS Response

                                      142.250.200.3

                                    • 8.8.8.8:53
                                      238.212.58.216.in-addr.arpa
                                      dns
                                      73 B
                                       173 B
                                       1
                                      1

                                      DNS Request

                                      238.212.58.216.in-addr.arpa

                                    • 8.8.8.8:53
                                      0.205.248.87.in-addr.arpa
                                      dns
                                      142 B
                                       116 B
                                       2
                                      1

                                      DNS Request

                                      0.205.248.87.in-addr.arpa

                                      DNS Request

                                      0.205.248.87.in-addr.arpa

                                    • 216.58.204.68:443
                                      www.google.com
                                      https
                                      chrome.exe
                                      6.2kB
                                       55.7kB
                                       44
                                      63
                                    • 8.8.8.8:53
                                      chromewebstore.googleapis.com
                                      dns
                                      75 B
                                       299 B
                                       1
                                      1

                                      DNS Request

                                      chromewebstore.googleapis.com

                                      DNS Response

                                      142.250.187.234
                                      142.250.200.42
                                      172.217.16.234
                                      142.250.200.10
                                      142.250.178.10
                                      216.58.201.106
                                      216.58.204.74
                                      216.58.213.10
                                      216.58.212.202
                                      216.58.212.234
                                      172.217.169.74
                                      142.250.179.234
                                      142.250.180.10
                                      142.250.187.202

                                    • 8.8.8.8:53
                                      chromewebstore.googleapis.com
                                      dns
                                      75 B
                                       132 B
                                       1
                                      1

                                      DNS Request

                                      chromewebstore.googleapis.com

                                    • 8.8.8.8:53
                                      pki.goog
                                      dns
                                      54 B
                                       70 B
                                       1
                                      1

                                      DNS Request

                                      pki.goog

                                      DNS Response

                                      216.239.32.29

                                    • 8.8.8.8:53
                                      pki.goog
                                      dns
                                      54 B
                                       128 B
                                       1
                                      1

                                      DNS Request

                                      pki.goog

                                    • 8.8.8.8:53
                                      234.187.250.142.in-addr.arpa
                                      dns
                                      148 B
                                       113 B
                                       2
                                      1

                                      DNS Request

                                      234.187.250.142.in-addr.arpa

                                      DNS Request

                                      234.187.250.142.in-addr.arpa

                                    • 8.8.8.8:53
                                      29.32.239.216.in-addr.arpa
                                      dns
                                      72 B
                                       107 B
                                       1
                                      1

                                      DNS Request

                                      29.32.239.216.in-addr.arpa

                                    • 8.8.8.8:53
                                      13.86.106.20.in-addr.arpa
                                      dns
                                      213 B
                                       157 B
                                       3
                                      1

                                      DNS Request

                                      13.86.106.20.in-addr.arpa

                                      DNS Request

                                      13.86.106.20.in-addr.arpa

                                      DNS Request

                                      13.86.106.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      104.219.191.52.in-addr.arpa
                                      dns
                                      73 B
                                       147 B
                                       1
                                      1

                                      DNS Request

                                      104.219.191.52.in-addr.arpa

                                    • 8.8.8.8:53
                                      30.243.111.52.in-addr.arpa
                                      dns
                                      72 B
                                       158 B
                                       1
                                      1

                                      DNS Request

                                      30.243.111.52.in-addr.arpa

                                    • 8.8.8.8:53
                                      beacons.gcp.gvt2.com
                                      dns
                                      chrome.exe
                                      132 B
                                       112 B
                                       2
                                      1

                                      DNS Request

                                      beacons.gcp.gvt2.com

                                      DNS Request

                                      beacons.gcp.gvt2.com

                                      DNS Response

                                      192.178.49.163

                                    • 8.8.8.8:53
                                      163.49.178.192.in-addr.arpa
                                      dns
                                      146 B
                                       111 B
                                       2
                                      1

                                      DNS Request

                                      163.49.178.192.in-addr.arpa

                                      DNS Request

                                      163.49.178.192.in-addr.arpa

                                    • 192.178.49.163:443
                                      beacons.gcp.gvt2.com
                                      https
                                      chrome.exe
                                      3.3kB
                                       7.8kB
                                       10
                                      10
                                    • 8.8.8.8:53
                                      137.71.105.51.in-addr.arpa
                                      dns
                                      72 B
                                       158 B
                                       1
                                      1

                                      DNS Request

                                      137.71.105.51.in-addr.arpa

                                    • 192.178.49.163:443
                                      beacons.gcp.gvt2.com
                                      https
                                      chrome.exe
                                      2.3kB
                                       3.6kB
                                       8
                                      9
                                    • 8.8.8.8:53
                                      159.113.53.23.in-addr.arpa
                                      dns
                                      144 B
                                       137 B
                                       2
                                      1

                                      DNS Request

                                      159.113.53.23.in-addr.arpa

                                      DNS Request

                                      159.113.53.23.in-addr.arpa

                                    • 192.178.49.163:443
                                      beacons.gcp.gvt2.com
                                      https
                                      chrome.exe
                                      2.7kB
                                       3.9kB
                                       13
                                      13
                                    • 8.8.8.8:53
                                      50.23.12.20.in-addr.arpa
                                      dns
                                      140 B
                                       156 B
                                       2
                                      1

                                      DNS Request

                                      50.23.12.20.in-addr.arpa

                                      DNS Request

                                      50.23.12.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      75.159.190.20.in-addr.arpa
                                      dns
                                      216 B
                                       158 B
                                       3
                                      1

                                      DNS Request

                                      75.159.190.20.in-addr.arpa

                                      DNS Request

                                      75.159.190.20.in-addr.arpa

                                      DNS Request

                                      75.159.190.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      9.228.82.20.in-addr.arpa
                                      dns
                                      140 B
                                       156 B
                                       2
                                      1

                                      DNS Request

                                      9.228.82.20.in-addr.arpa

                                      DNS Request

                                      9.228.82.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      206.221.208.4.in-addr.arpa
                                      dns
                                      144 B
                                       316 B
                                       2
                                      2

                                      DNS Request

                                      206.221.208.4.in-addr.arpa

                                      DNS Request

                                      206.221.208.4.in-addr.arpa

                                    • 8.8.8.8:53
                                      21.114.53.23.in-addr.arpa
                                      dns
                                      142 B
                                       270 B
                                       2
                                      2

                                      DNS Request

                                      21.114.53.23.in-addr.arpa

                                      DNS Request

                                      21.114.53.23.in-addr.arpa

                                    • 8.8.8.8:53
                                      56.126.166.20.in-addr.arpa
                                      dns
                                      144 B
                                       158 B
                                       2
                                      1

                                      DNS Request

                                      56.126.166.20.in-addr.arpa

                                      DNS Request

                                      56.126.166.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      154.173.246.72.in-addr.arpa
                                      dns
                                      146 B
                                       278 B
                                       2
                                      2

                                      DNS Request

                                      154.173.246.72.in-addr.arpa

                                      DNS Request

                                      154.173.246.72.in-addr.arpa

                                    • 8.8.8.8:53
                                      156.33.209.4.in-addr.arpa
                                      dns
                                      142 B
                                       314 B
                                       2
                                      2

                                      DNS Request

                                      156.33.209.4.in-addr.arpa

                                      DNS Request

                                      156.33.209.4.in-addr.arpa

                                    • 8.8.8.8:53
                                      119.110.54.20.in-addr.arpa
                                      dns
                                      72 B
                                       158 B
                                       1
                                      1

                                      DNS Request

                                      119.110.54.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      140.71.91.104.in-addr.arpa
                                      dns
                                      144 B
                                       274 B
                                       2
                                      2

                                      DNS Request

                                      140.71.91.104.in-addr.arpa

                                      DNS Request

                                      140.71.91.104.in-addr.arpa

                                    • 8.8.8.8:53
                                      172.210.232.199.in-addr.arpa
                                      dns
                                      148 B
                                       256 B
                                       2
                                      2

                                      DNS Request

                                      172.210.232.199.in-addr.arpa

                                      DNS Request

                                      172.210.232.199.in-addr.arpa

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      192B

                                      MD5

                                      454598e896ccfe3ad2fcc856a6f295d3

                                      SHA1

                                      f2c590d17f6d89190552d5007a4b499101d3028a

                                      SHA256

                                      b690edb3007f8db5ea0d0c1c5c6cb3457082a5df3faada62e36fed8e0ce50b44

                                      SHA512

                                      b38e59603170075c97e32021559274313a62203d6e08d07d8906c6da2e0cc3c333db3ac9182f9dd2439dbdb9421f1e3d05a33c69690457576e8bc9e250e5bab9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      e33ad33e530f4e2b82ffbc1a903b3af4

                                      SHA1

                                      6711faf84b6a8ed79a4a4f547ccad8ced58a2e30

                                      SHA256

                                      4e0bce1b557467c56adb759ee978b86c05f29761203b67f131d88ab8cb276716

                                      SHA512

                                      bd3ee4439ad29b3682bed1dc86ed6b9226688060aba6353d1bdec2703237e73d1b4f3be93dc3adcfa3d70a385b51305007f872e7506853fa57fe4df382943572

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      6f90502f6cc0320a94f06c01cf8e08b4

                                      SHA1

                                      66794c287f731fd2ffc25c9d3d0a1858bb90ebf1

                                      SHA256

                                      c3b52ee3e5d7749990f3a61e5b9693c284c6dbd09eee6b8a3fe95d931e6d4047

                                      SHA512

                                      e5fb93df1ccce56c1f9bb5aa8d343d12a936e5d13efa11f37740decdc789ea776423e8bee49714772976e8b3b298981bf0cac93e071ac1773e879ebdad74165c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      90bf3d08f52e3477792da42a0a8a9cde

                                      SHA1

                                      de2d411a4273f8482962c3d1e04c95ad9e382d81

                                      SHA256

                                      60291fa03c7b72aeb10522ac30d043e63021c5ecdabe8c722a4fcd201e9a9b2c

                                      SHA512

                                      81b729e362664d43e76714fd19c2828848d1854a6b0667e0041348fc2667c03d9b3d6821974e0bfcf868aa193ec6abe36e4d5a33338c855a7fa864ef9f3f7afd

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      fc9b8f8bd741f543a3f9e5b0a3ab2e5c

                                      SHA1

                                      f8674aaa9e1262708d0111863105768dc85b73cd

                                      SHA256

                                      9b6540a484fa6f9cbbeaa0723e884a6c830428c07c21ff034670c0d3ad761881

                                      SHA512

                                      3f0067d22649da05c91f960769611a72eeba4e0646dbf5ee3d80c6d12e42b9aa39f37928b303d5136358e062dfd8120d64481b05f4d490ec0ca21a9eb5c9c1b1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      e356c0234ba8ec96a3b770bb21cfcb48

                                      SHA1

                                      0a8bb06627cb1e26149a8948d4a510fbd14ebcda

                                      SHA256

                                      2237fd293c9cf94a6d5c5e69d78644dc0fbf7adbe5934771901a522f448431b2

                                      SHA512

                                      290e385da987f5dfe77dbede3116c805f492767594b66e030c7b7e9473f4142a691a1ed4e51b3816c6068313572415b50eabf4310d63aa150d4c97a1225d055a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                      Filesize

                                      369B

                                      MD5

                                      fcd0fd797a3571a051d0c0a3f5924568

                                      SHA1

                                      dc08f6143d0b1e815ed90fc54b3e25aaa755c2c6

                                      SHA256

                                      95fae659e65cf37db82a84a955c5e799a12ed94101c4420e9cbef9195fbc1b41

                                      SHA512

                                      dddbafd3481298157d11d995eefd67eb2469f93fb31bdfd80c4a1689b53af0b2fc8cd862b809582ab9d6ba368c0b5eea32aed80f2ec2a243721d888a8ccced96

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                      Filesize

                                      537B

                                      MD5

                                      e09a6d29c8b7fd69af8108d2dc1c2b5e

                                      SHA1

                                      dfba971992d100607c7cf7b44261f9633f41bc93

                                      SHA256

                                      ef016987e8734341e25ac10b002c71fefa51c948cc83629493f2e9f2e5858b1a

                                      SHA512

                                      25c0b9a14471182a578b3173eaa7ef809122649e11196c4c58cbb9195a4153a861fe8aa1d27c80f863fff75e7de74c7ed8470adab5c4a329137a47a627a36bf7

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      0962b63c7646fbdfc6f2206bb5de7a4f

                                      SHA1

                                      dfa7f2009e20ad5cf967862cc2d71415d108e450

                                      SHA256

                                      445466eb3a4682433da895a7558d29e3e7ff96d682c0291ce30856627aa2ac80

                                      SHA512

                                      2b82f25aa5aea7d42c87b9eb4f818223e8586f7753851d6ca113eb63fa881bdef6f389b62138c357ed6130e53bddb24c591386daf4df95ad58aa6433c9b19716

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      4491aa64e0c61b9be008f1d21ae95626

                                      SHA1

                                      6508a862af749fc3e1c2aba860a9d4b2fa6dbd06

                                      SHA256

                                      5be608381fb656d3f5e499da9c3a399f93db6043d6b6c4284a0f5b2316ca823d

                                      SHA512

                                      6dc87885836a2c0de2d0ad8995a21bc01b5a96b9c60cb569a5170fec17d3ca427ebe017b2549f7c69106396fcc77e7a5736e2dcbf41d47ce397820b05c76c58b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      0c3c3584a337f7f0d47f53dd64a84d02

                                      SHA1

                                      2d360aaaf46ef63e7bd76569eb22728d316ce573

                                      SHA256

                                      cc8491e53bfb83717cc370f71ff7a0589d1b8f2c27f04f8ecc1af9011a16ccbc

                                      SHA512

                                      032a7d129c3df0539f19c9673603f60c4451309bfbc57f6a3843fc648f1331c2472cd296fbd68a37978960953d1fd1f7bf3b56252f3b70c738232795becccb91

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      ad900ce427abe1cf26d57eae13d6e266

                                      SHA1

                                      ac0fc04c7fc8c228def85aa222a1124a5247927e

                                      SHA256

                                      b96ec28135cb5aed5805324aa37c4d79e8c1acaf64ebac8dd3be01073366de14

                                      SHA512

                                      f3bd7c6be6c68c65b193581f2e1a745461006149318ed5a8fd3eae7e1fc93607bab730d66d7fc892a2a25cc396ab4aa93d8f51cf617bf93e638170b1a2789927

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                      Filesize

                                      264KB

                                      MD5

                                      631adcf1820295f4dfb01cef58feda48

                                      SHA1

                                      e4f0b628a18d5351c57bdc77b37b5b2f8687a26e

                                      SHA256

                                      d9d40158b13cb21cfcf82fd947c172ec230e0baee1d314b27b0f18635c12f8c4

                                      SHA512

                                      899ed1cc3fc271a07b1d7f79c22f78b6fda5529da18cd334cc5629ecb49454828957485d8aca746dbee917f198d5fb2f21d13ee4e815d5b7446212ed340048cc

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                      Filesize

                                      2B

                                      MD5

                                      99914b932bd37a50b983c5e7c90ae93b

                                      SHA1

                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                      SHA256

                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                      SHA512

                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                      Download Submit

                                    We care about your privacy.

                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.