hxxps://docs[.]google[.]com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 02:36 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722237819947594"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{B8A441D9-2C32-4FCE-B42E-E939EF92F8A6}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 4840	3048	chrome.exe	82
PID 3048 wrote to memory of 4840	3048	chrome.exe	82
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 3776	3048	chrome.exe	83
PID 3048 wrote to memory of 4600	3048	chrome.exe	84
PID 3048 wrote to memory of 4600	3048	chrome.exe	84
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85
PID 3048 wrote to memory of 1808	3048	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8234ccc40,0x7ff8234ccc4c,0x7ff8234ccc58
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,13339262824168814727,17079565735434572018,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,13339262824168814727,17079565735434572018,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2032 /prefetch:3
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,13339262824168814727,17079565735434572018,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,13339262824168814727,17079565735434572018,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,13339262824168814727,17079565735434572018,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4544,i,13339262824168814727,17079565735434572018,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4744,i,13339262824168814727,17079565735434572018,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4524 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,13339262824168814727,17079565735434572018,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5076,i,13339262824168814727,17079565735434572018,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5008,i,13339262824168814727,17079565735434572018,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3412

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4660

Network

DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

docs.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

docs.google.com

IN A

Response

docs.google.com

IN A

216.58.213.14
GET

https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit

chrome.exe

Remote address:

216.58.213.14:443

Request

GET /document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit HTTP/2.0
host: docs.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CMyGywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

14.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.213.58.216.in-addr.arpa

IN PTR

Response

14.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f141e100net

14.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f14�H
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

173.194.69.84
GET

https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&followup=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&ltmpl=docs

chrome.exe

Remote address:

173.194.69.84:443

Request

GET /ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&followup=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&ltmpl=docs HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CMyGywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=riK8eCfyf5pndu63WKhPcpAKXTs2jEyQWCMkiCLxKCNU7ZSCZ7tAkgKXS-Ea-2v0GIokqmS97TSzsoC2jDrTnncXJ3e8ALWUFCv0q76mT2U32iCceaGknW8ojQ-vFVY1bfdK9Tc_twbo6NHpxTznYzDF8I2Kn41FCQ0uHlAODizfG3vI
GET

https://accounts.google.com/InteractiveLogin?continue=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&followup=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&ltmpl=docs&osid=1&passive=1209600&service=wise&ifkv=ARpgrqcpxQfflX5GNxZpyhmVc_miqGza9gXepk8Y7W1yA-i2_k-_zvuEkq37ODCuAfVMYecylF0YPg

chrome.exe

Remote address:

173.194.69.84:443

Request

GET /InteractiveLogin?continue=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&followup=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&ltmpl=docs&osid=1&passive=1209600&service=wise&ifkv=ARpgrqcpxQfflX5GNxZpyhmVc_miqGza9gXepk8Y7W1yA-i2_k-_zvuEkq37ODCuAfVMYecylF0YPg HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMyGywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=riK8eCfyf5pndu63WKhPcpAKXTs2jEyQWCMkiCLxKCNU7ZSCZ7tAkgKXS-Ea-2v0GIokqmS97TSzsoC2jDrTnncXJ3e8ALWUFCv0q76mT2U32iCceaGknW8ojQ-vFVY1bfdK9Tc_twbo6NHpxTznYzDF8I2Kn41FCQ0uHlAODizfG3vI
cookie: __Host-GAPS=1:Npa9VW7GYurwTRNuTHeVQ6Qh3gV1wQ:DCKlwYSASCmrVJGj
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

172.217.169.74

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

172.217.169.10
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSJwmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioByHKFf2CpcjaZw==?alt=proto

chrome.exe

Remote address:

142.250.179.234:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSJwmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioByHKFf2CpcjaZw==?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CMyGywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

84.69.194.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.69.194.173.in-addr.arpa

IN PTR

Response

84.69.194.173.in-addr.arpa

IN PTR

ef-in-f841e100net
DNS

68.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

67.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.169.217.172.in-addr.arpa

IN PTR

Response

67.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f31e100net
DNS

234.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.179.250.142.in-addr.arpa

IN PTR

Response

234.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f101e100net
DNS

accounts.youtube.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.youtube.com

IN A

Response

accounts.youtube.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.200.14
GET

https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1289989625&timestamp=1727750179683

chrome.exe

Remote address:

142.250.200.14:443

Request

GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1289989625&timestamp=1727750179683 HTTP/2.0
host: accounts.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMyGywE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

172.217.16.238
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

172.217.16.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

172.217.16.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.179.228
GET

https://www.google.com/favicon.ico

chrome.exe

Remote address:

142.250.179.228:443

Request

GET /favicon.ico HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMyGywE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=riK8eCfyf5pndu63WKhPcpAKXTs2jEyQWCMkiCLxKCNU7ZSCZ7tAkgKXS-Ea-2v0GIokqmS97TSzsoC2jDrTnncXJ3e8ALWUFCv0q76mT2U32iCceaGknW8ojQ-vFVY1bfdK9Tc_twbo6NHpxTznYzDF8I2Kn41FCQ0uHlAODizfG3vI
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f14�I
DNS

228.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.179.250.142.in-addr.arpa

IN PTR

Response

228.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f41e100net
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

241.42.69.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.42.69.40.in-addr.arpa

IN PTR

Response
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.168.227
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.168.227:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 298
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.168.227:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 269
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

227.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.168.217.172.in-addr.arpa

IN PTR

Response

227.168.217.172.in-addr.arpa

IN PTR

ams15s40-in-f31e100net
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.178.14
POST

https://google.com/domainreliability/upload

chrome.exe

Remote address:

142.250.178.14:443

Request

POST /domainreliability/upload HTTP/2.0
host: google.com
content-length: 268
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

216.58.213.14:443

https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit

tls, http2

chrome.exe

2.3kB
10.8kB
17
19

HTTP Request

GET https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit
173.194.69.84:443

https://accounts.google.com/InteractiveLogin?continue=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&followup=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&ltmpl=docs&osid=1&passive=1209600&service=wise&ifkv=ARpgrqcpxQfflX5GNxZpyhmVc_miqGza9gXepk8Y7W1yA-i2_k-_zvuEkq37ODCuAfVMYecylF0YPg

tls, http2

chrome.exe

3.2kB
9.3kB
21
24

HTTP Request

GET https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&followup=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&ltmpl=docs

HTTP Request

GET https://accounts.google.com/InteractiveLogin?continue=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&followup=https://docs.google.com/document/d/1q9qD3WF3HO2i8623pNPFll1_zI-eFbPq5TLII4gG280/edit&ltmpl=docs&osid=1&passive=1209600&service=wise&ifkv=ARpgrqcpxQfflX5GNxZpyhmVc_miqGza9gXepk8Y7W1yA-i2_k-_zvuEkq37ODCuAfVMYecylF0YPg
142.250.179.234:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSJwmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioByHKFf2CpcjaZw==?alt=proto

tls, http2

chrome.exe

1.9kB
6.8kB
15
16

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSJwmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioByHKFf2CpcjaZw==?alt=proto
142.250.200.14:443

https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1289989625&timestamp=1727750179683

tls, http2

chrome.exe

2.7kB
24.8kB
25
27

HTTP Request

GET https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1289989625&timestamp=1727750179683
172.217.16.238:443

play.google.com

tls, http2

chrome.exe

1.0kB
7.6kB
9
9
172.217.16.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

chrome.exe

2.1kB
8.6kB
18
20

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.179.228:443

https://www.google.com/favicon.ico

tls, http2

chrome.exe

2.2kB
8.0kB
15
16

HTTP Request

GET https://www.google.com/favicon.ico
172.217.168.227:443

beacons.gcp.gvt2.com

tls, http2

chrome.exe

999 B
5.6kB
9
8
172.217.168.227:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

2.6kB
7.1kB
20
17

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
173.194.69.84:443

accounts.google.com

tls, http2

chrome.exe

1.0kB
5.6kB
8
8
142.250.178.14:443

https://google.com/domainreliability/upload

tls, http2

chrome.exe

1.9kB
9.3kB
14
16

HTTP Request

POST https://google.com/domainreliability/upload

8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

docs.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

docs.google.com

DNS Response

216.58.213.14
8.8.8.8:53

14.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

14.213.58.216.in-addr.arpa
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

accounts.google.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

173.194.69.84
173.194.69.84:443

accounts.google.com

https

chrome.exe

9.6kB
134.2kB
74
128
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
285 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.179.234

142.250.178.10

216.58.201.106

172.217.169.74

142.250.180.10

142.250.200.10

172.217.16.234

142.250.187.234

142.250.187.202

216.58.212.202

216.58.204.74

142.250.200.42

172.217.169.10
8.8.8.8:53

84.69.194.173.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

84.69.194.173.in-addr.arpa
8.8.8.8:53

68.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

68.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

67.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

67.169.217.172.in-addr.arpa
8.8.8.8:53

234.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.179.250.142.in-addr.arpa
8.8.8.8:53

accounts.youtube.com

dns

chrome.exe

66 B
110 B
1
1

DNS Request

accounts.youtube.com

DNS Response

142.250.200.14
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

172.217.16.238
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.179.228
172.217.16.238:443

play.google.com

https

chrome.exe

9.9kB
10.5kB
25
27
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

238.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

238.16.217.172.in-addr.arpa
8.8.8.8:53

228.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

228.179.250.142.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

241.42.69.40.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

241.42.69.40.in-addr.arpa
173.194.69.84:443

accounts.google.com

https

chrome.exe

3.2kB
3.9kB
9
11
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

172.217.168.227
173.194.69.84:443

accounts.google.com

https

chrome.exe

3.6kB
8.2kB
8
11
8.8.8.8:53

227.168.217.172.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.168.217.172.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
8.8.8.8:53

google.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.178.14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\19de00d9-454b-4fe7-8260-df6ec35ae18d.tmp

Filesize
99KB

MD5
7ada24d5216b0633d47823a8e19f6129

SHA1
5171edbdf336bf5653e40b4e59a76ca04d3c3924

SHA256
bbea3eb74e038004ce774d4930a5bced8d1d40cdde1f19b5a902d807095922db

SHA512
7978453f6228f78555067ea69c7bdd67d6b3860374a8051d41188d484b1750e2b3df63fe81e1f0af451d6e1286c80e18ffffa39220f7edfcdc32d7757f2f1a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\73cf4fd1-9a54-4c20-a323-a7e0352e5e85.tmp

Filesize
9KB

MD5
47288d14f7b435a680c9aec3d966eba5

SHA1
099c68ab097ede048d2625305d80579a5b9dc9f6

SHA256
5d161128339d3bf2d98d314079c88cb9552d7c62a220ac55cfda37069ba4f254

SHA512
ae17f0b50bb3a2d08f01de03996a19a4352f389755ed640b6eeab988937992330d7bb32b6874641b8ce6d1d17e645db6e33aebf606e0c649275ea678e4cdb2c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5c8c3720174426f82d6bc8eba39f9f93

SHA1
6ac7a994a936cf082e08df9ef302a8e79b195561

SHA256
c70fa25b03997d6f7c454f5881482767cc7f76ec37644099e9867fc8951de2cf

SHA512
88364a39f4dd35b05778f77c1063fdc68e94ed3e23befe20541d1d81a22f7f75d3dbe9aa3c7168863e29aa83fcc6960d0dea196c4150faf8b3b67cc98b095fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
384B

MD5
239b9d17ad7c7f710d70301c59f7bba8

SHA1
3372ade60e0573cacdd730926ccf5a56ab93c026

SHA256
ad081feb59ef63a5703ecbfe65f4a27a68f0c727a677e851443ac2b5aa8ae496

SHA512
8fc7c22279caa0458e37c15aa6424195ec1d742b141a15a23a9f3e57a763faf2270c3bb54be3a5d207a90d91b54aeda60e85e5cdc43de0468674d77b8e8f6386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7c351bf210a99d3f050e390c28e8aeb4

SHA1
cfdd94e423503c9565fe1497d9273b45d4ae1ea5

SHA256
e2bdf31d90311ee8fe8314bcbb986624f1f6ef8e6a47ed8d9833394ee4f68f64

SHA512
58e0dfe053e26ed9009e7e3b3f65769b9cdb886cfcab346146ecb099d92f9ae29078e086c44701bbcd99602ee8aea6a1be6fa1402bf8d3ce0224dc970c46d6f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
41be617e301249184cd5be3d0705545e

SHA1
498b3e7b4168c42d23a21f660020990e7bd439d7

SHA256
fc9af207b34c631413a1baa825c4419fd3ba055ab52614a6482336cba051c2ba

SHA512
90bfa8e1026de38948c8e31c6e6abb5abddcb10d0fc27284bb951bfe9f8792804d1f3bbe2245837133d87671233bbe516963b1fa941339475610d9264a76d837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
d49569170a41601478b07a32b646249a

SHA1
28ccf542c77d7de559b5b979277c1ad1390cb9d1

SHA256
4949859be74cd5a234374feafaaa861385d55f83d59cf9164662ce3453df99ce

SHA512
df77e6023bfb50ddae8268aabf080cdf7b7f5c96bb4727b573d629ec24486c4fd5097c8108321ae9e83fc5dbd6333413a8b8f6806c36da7790e5d8a5d2a1afa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
58f1da3f28dfb3caf306f700640ce4b6

SHA1
8664055bb6ed57294e5c2f5ed1af0e85c51b9087

SHA256
b01e4e8a710b0013ebb7d3d2485e0c26293676f79003fda85455f1c219391454

SHA512
ed1b496f973bc757fa0940ca3a05224b3129165b748aa270c53621f26cda70f5fd6e164ac1c99d6338835da350a805216288ddd1af5047fdb94901a5f2d026ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fefa5358938e7ca6ca93da1462a48ccb

SHA1
4229293c596ed42f2b812647f1526c78aa40cbe8

SHA256
975ff1b90074908900ae143e70aae98ed12632277b782e0ef54d270bd3f5e55c

SHA512
13b99aa6c4afca3071348c01e9aa38ec01cb6507d1d27738c28ec7f8d6da6dd8bf911b5ffad1e0c3d2d9f84abe4eba846ea3e9e93b0a92bfabf88baa30ced07b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c4abfaa34885493f78cfbdb46a233e5

SHA1
76bdaa24a0a47bc3ae5af948acd6954dea009022

SHA256
4d9fec8634eeb910d39bd104014ffabee9b7878cbecd9b412d457d1c4af8edad

SHA512
2221994f333da2c5649a5c39d5236182056321a5c490344f684be8a5b27ac34783749b9ca78ba32c457fd39090197478db428676d880f058f3bf094f7e0cfb0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd0e1e559c6321f696bdf23c039ec92c

SHA1
1b0183ac14d9b7233ed04b9eca4d7261ec5335bc

SHA256
fd0e8f403f523d76c472fcd32eff67ebf502f466e49e0656ff0524a5b5b06fb9

SHA512
2cbdb3c75681974c2f4ec455246d726611f5a597bdb7e61af3f5b8fa1ce61add4455b66e1158188b1bd564883647db2f4e3745ccd1ac5fc3d0388ada568751b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
023b19344f158af873f1065062beb959

SHA1
2f7bc10e6d9cc4baf384cb1a7e3d2dd1b0ea71fb

SHA256
e31cdc492370ba5d3391c687ce9f481e7eb5e1e36446adbf2fbfd7735f30f4b1

SHA512
e24755e823c5d364af07ab8aa66e1525f81e99dda0490dea566d9994cc085674268013b341ed26d9ffae3fa6155d75343c10bd336474821387a9a94d2c54272a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd4fe82c87194bb9cd783a26552d5e47

SHA1
4984abde62d44b4996c4962c4aa199fe36a3c967

SHA256
cc211c373fc884db106d13fb52ce03ec6b005215d8d36bbae99ce3dda4a5ac7b

SHA512
e5309d343728fce140391830814b9744912938dff1ef97e6541ffde96cdc37be7de47a0ac4c98a3578caa5e6dcd8b01e481aee50f7908bd7749eef6b3d9cdfaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c49c6b5d58f9f6c7b06ed250505c140

SHA1
4ec237f5875428bd40f1341a8ce3b1f9bd01deed

SHA256
48d21f396c6eb3a5facc5731946c981225a90ed580670031bf2617323c762201

SHA512
cecc7da748d471c59217203df35da4ee638b742ea797c8f033c4665fe89efaa6177608b0f296d1e9245cc93d44d187ac0e4a2d8aea7d73ff7dd3a2a2d419bfe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e04da7ad6054eb22092ad511eebf6b52

SHA1
fe7bab880bbadf1215d73cd4a4f18ea789103079

SHA256
694e39f7880de84af63370168b696aa956aecece88eb01a781b8c277f75d7536

SHA512
1735deb194df64dbc0d0af41879dfc30d8bea3dc874c27d90e979cc123ff767d628af162d63c9d10f68ee781893f6af6422bee6677be8118cc2bc9c3ba5524ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3fb99ea8af03b0cd8ef19c459c4e41ba

SHA1
4420073e21950ecb1dde394757f0c82ad0487aeb

SHA256
6a99ec2b940e412a3bc22dcf2cfbb1d79c774f5e02edbc7eae97a8132d636cbe

SHA512
7a7c7912f4654a16c178797bcb7373c13510f2560631db0737848c3663201322e74046dbd41eb69ad02ab8c2d93626ba090c3a3e5404526642c3a9597618e5d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
cadd4ab8832f0903e471b95757a3492a

SHA1
9454a06247ae12caf1211e4023f53e02e0871feb

SHA256
8a6c0b70c67a3a2335aa170d3eb3c4b3cffb2e9e3958b65cfea7d8faa09c30c9

SHA512
8af3b8a75feb49598e36a35aa5157cb2f5cd9a26d2c63221a741e2924702157448f2641d49d82bd42754a1087e526cd0e3d590df923435390506c2b633aec9f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.