Click to jump to signature section
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic | Jump to behavior |
| Source: unknown | HTTPS traffic detected: 142.250.186.84:443 -> 192.168.2.3:49756 version: TLS 1.2 |
| Source: global traffic | HTTP traffic detected: GET /1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo HTTP/1.1Host: gsrzhggshb-dot-yamm-track.appspot.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: gsrzhggshb-dot-yamm-track.appspot.com |
| Source: unknown | DNS traffic detected: queries for: accounts.google.com |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49744 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49743 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49741 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49740 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49741 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49740 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49743 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49744 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49756 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49756 |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr | String found in binary or memory: https://accounts.google.com |
| Source: craw_window.js.0.dr | String found in binary or memory: https://accounts.google.com/MergeSession |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr | String found in binary or memory: https://apis.google.com |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr | String found in binary or memory: https://clients2.google.com |
| Source: manifest.json.0.dr | String found in binary or memory: https://clients2.google.com/service/update2/crx |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr | String found in binary or memory: https://clients2.googleusercontent.com |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr, 2c7c40c0-5cfd-461f-9221-aca85076d819.tmp.1.dr, ec7c974b-d1fc-4542-9501-ab21b469a52a.tmp.1.dr | String found in binary or memory: https://dns.google |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr | String found in binary or memory: https://fonts.googleapis.com |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr | String found in binary or memory: https://fonts.gstatic.com |
| Source: craw_window.js.0.dr, craw_background.js.0.dr | String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p |
| Source: History Provider Cache.0.dr | String found in binary or memory: https://gsrzhggshb-dot-yamm-track.appspot.com/1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX3 |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr | String found in binary or memory: https://ogs.google.com |
| Source: craw_window.js.0.dr, manifest.json.0.dr | String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr | String found in binary or memory: https://play.google.com |
| Source: craw_window.js.0.dr, manifest.json.0.dr | String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr | String found in binary or memory: https://ssl.gstatic.com |
| Source: craw_window.js.0.dr, craw_background.js.0.dr | String found in binary or memory: https://www-googleapis-staging.sandbox.google.com |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr | String found in binary or memory: https://www.google.com |
| Source: manifest.json.0.dr | String found in binary or memory: https://www.google.com/ |
| Source: craw_window.js.0.dr | String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1 |
| Source: craw_window.js.0.dr | String found in binary or memory: https://www.google.com/images/cleardot.gif |
| Source: craw_window.js.0.dr | String found in binary or memory: https://www.google.com/images/dot2.gif |
| Source: craw_window.js.0.dr | String found in binary or memory: https://www.google.com/images/x2.gif |
| Source: craw_background.js.0.dr | String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr, craw_window.js.0.dr, craw_background.js.0.dr | String found in binary or memory: https://www.googleapis.com |
| Source: manifest.json.0.dr | String found in binary or memory: https://www.googleapis.com/ |
| Source: manifest.json.0.dr | String found in binary or memory: https://www.googleapis.com/auth/chromewebstore |
| Source: manifest.json.0.dr | String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly |
| Source: manifest.json.0.dr | String found in binary or memory: https://www.googleapis.com/auth/sierra |
| Source: manifest.json.0.dr | String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox |
| Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr | String found in binary or memory: https://www.gstatic.com |
| Source: unknown | HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: unknown | HTTPS traffic detected: 142.250.186.84:443 -> 192.168.2.3:49756 version: TLS 1.2 |
Edit tour
chrome.exe (PID: 908 cmdline: 
