{"report_id":"371e8285-aff1-4b22-9a7d-ee76aaf5bea4","version":6,"status":"done","tags":[],"date":"2024-09-10T20:06:56Z","url":{"schema":"http","addr":"edgedl.me.gvt1.com/edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq_130.0.6679.0/UpdaterSetup.exe","fqdn":"edgedl.me.gvt1.com","domain":"gvt1.com","tld":"com"},"ip":{"addr":"34.104.35.123","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-28T21:22:12Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-09-09 18:12:09","alert_count":0,"request_count":4,"received_data":3550,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"o.pki.goog","ip":{"addr":"216.58.211.3","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2016-06-13","domain_rank":0,"first_seen":"2024-04-24 13:44:57","last_seen":"2024-09-09 18:24:06","alert_count":0,"request_count":2,"received_data":1422,"sent_data":662,"comment":"","tags":null,"fingerprints":null},{"fqdn":"edgedl.me.gvt1.com","ip":{"addr":"34.104.35.123","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2008-03-03","domain_rank":129,"first_seen":"2021-04-03 00:39:57","last_seen":"2024-09-09 19:06:03","alert_count":1,"request_count":1,"received_data":8917953,"sent_data":555,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-09-09 18:12:09","alert_count":0,"request_count":1,"received_data":887,"sent_data":327,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"c83c1682023df84e4b5ff73464e933ba","sha1":"397327ba74e9c6791543a08bbb6c6a445a8f3498","sha256":"78f0e961eb8bc27f33ead2214157d1f97136ef357c254d91fd0859266ade90f8","sha512":"3b55e11dc656e75459db5b182849c21fbeaa5ad457d043ef013389958724c6d7c64efb6db8950c56bff4686ea398f5898047fe16bd5eed7acb7b132fba5598ad","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","size":8917384,"url":{"schema":"https","addr":"edgedl.me.gvt1.com/edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq_130.0.6679.0/UpdaterSetup.exe","fqdn":"edgedl.me.gvt1.com","domain":"gvt1.com","tld":"com"},"ip":{"addr":"34.104.35.123","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-09-10","alert":"meth_get_eip","trigger":"edgedl.me.gvt1.com/edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq_130.0.6679.0/UpdaterSetup.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-09-10","alert":"meth_get_eip","trigger":"edgedl.me.gvt1.com/edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq_130.0.6679.0/UpdaterSetup.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-10T20:06:29.793288188Z","timestamp":1725998789793,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"3F59C24A6538550F52A4C9B39D9F57B023C9D44D50A846E742B763F74DFC179D\"\r\nLast-Modified: Sun, 08 Sep 2024 09:19:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=17684\r\nExpires: Wed, 11 Sep 2024 01:01:13 GMT\r\nDate: Tue, 10 Sep 2024 20:06:29 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"85b35ef8e54cfd751670f6a6d56541bd","sha1":"162e94ccf2a785ea99c41f45c3a76815a2f8ae5f","sha256":"3f59c24a6538550f52a4c9b39d9f57b023c9d44d50a846e742b763f74dfc179d","sha512":"ff00c3a57b0afd5271ff47fb423989e1d520fa029b23dbd1c89609059b3e895c3bb49e3a344fd88fb45aee27c76964aa7d7aa720cd0ac48c69890856081e9baf","ssdeep":"","tlshash":"95f075f226a0b79071f105241878de34cb24f7ee30c090ca01dc8481fc187d25281408","first_seen":"2024-09-08T14:22:20Z","last_seen":"2024-09-19T21:53:05.385554Z","times_seen":25465,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-10T20:06:29.836171319Z","timestamp":1725998789836,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"FDFD7BC2CF6ECC38FB1098F0FDB33CC28A034BB850556C8BE63823F4C4718BE2\"\r\nLast-Modified: Tue, 10 Sep 2024 00:20:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3085\r\nExpires: Tue, 10 Sep 2024 20:57:54 GMT\r\nDate: Tue, 10 Sep 2024 20:06:29 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"6bd7ab339c70a2fbeee4c8c0acd11d01","sha1":"d73d3395447b2a06e32c1e3efb673107259de9d2","sha256":"fdfd7bc2cf6ecc38fb1098f0fdb33cc28a034bb850556c8be63823f4c4718be2","sha512":"7cc6d530bea83774ef6829c6db75313b8685dedaba842aea688588976d0984075c4764c97846f62b255386d8ba552298f55f78cfc5fd38824ff26e8509e1c3f1","ssdeep":"","tlshash":"c8f00efa2aa77170e7a23a2369a6fe6f19307dde7910805250908fd24b60bb8da40009","first_seen":"2024-09-10T06:38:11Z","last_seen":"2024-09-19T21:33:01.953343Z","times_seen":23843,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-10T20:06:30.249153903Z","timestamp":1725998790249,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"6D53E4415D0C45468D4481CF09E5EA095019A86AF85CCD64064EB060AB802455\"\r\nLast-Modified: Tue, 10 Sep 2024 02:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12402\r\nExpires: Tue, 10 Sep 2024 23:33:12 GMT\r\nDate: Tue, 10 Sep 2024 20:06:30 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c02cbc5c5d1b0406dcc246d4bd1a6d2b","sha1":"4926c8ef9661a0a06ddca8476543ba0016f6db23","sha256":"6d53e4415d0c45468d4481cf09e5ea095019a86af85ccd64064eb060ab802455","sha512":"54e1f5e26cbc4cc061fcbe9545e9aeb6fe6cce51a980dafe0d9f8abd1e55d46a9155a98d9ec11c4b63b8acd16776693ee302f4acb02d93dba3f11ee488d34a7a","ssdeep":"","tlshash":"87f00e7737d2bf88be76081664f8e11579d5eeee3440188205cc88e27774bba5e8c08d","first_seen":"2024-09-10T16:41:35Z","last_seen":"2024-09-19T21:25:55.865433Z","times_seen":8473,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"o.pki.goog/s/wr3/CPQ","fqdn":"o.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"216.58.211.3","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-10T20:06:30.547212625Z","timestamp":1725998790547,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /s/wr3/CPQ HTTP/1.1\r\nHost: o.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Tue, 10 Sep 2024 20:06:30 GMT\r\nCache-Control: public, max-age=14400\r\nServer: scaffolding on HTTPServer2\r\nContent-Length: 471\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":471,"mime_type":"application/octet-stream","magic":"data","md5":"2f144cdc043d1e8f915fcac2a7f66b8b","sha1":"9e031fd0cfed14d49a0aaf6ded4b374219db3a5a","sha256":"da87c13b00a820ca790efdfaa73d8f8e1ae9e52fe0c34ff0e9ecd22577a69802","sha512":"61a1e029df9c234adf616c1b26a2de536fa8b6716a342572ebed9cbf7c2f52b649a503920b31cbb0dfa8649fcaa5829eb83150a193498b7a53363b8fd84cc9c8","ssdeep":"","tlshash":"62f0d4e561b410b4b422dd9d09b66f33665c9d1a34f948450e311fd7821af7e98690dc","first_seen":"2024-09-10T22:06:59Z","last_seen":"2024-09-19T21:22:16.414056Z","times_seen":3,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-10T20:06:30.680348863Z","timestamp":1725998790680,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"1A381B926D3ED1420DC33EC68EB8FF332A94FF175191A0564C07552B80C7A3D7\"\r\nLast-Modified: Tue, 10 Sep 2024 02:33:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7904\r\nExpires: Tue, 10 Sep 2024 22:18:14 GMT\r\nDate: Tue, 10 Sep 2024 20:06:30 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"49e3d04c2eb4d704e7e7c90e2dc519c0","sha1":"33f04bc1c596585870c7b00e24bf9bef4d01dc8e","sha256":"1a381b926d3ed1420dc33ec68eb8ff332a94ff175191a0564c07552b80c7a3d7","sha512":"b276448c67ac2621c13aa9129a5a6eb705d8e1b9d181a21e99024c2a95f79d90a017059ed068d493a42bed982c902b2374e672652d49982305a1081c67c36786","ssdeep":"","tlshash":"c5f00e9a27a3bb01bb25a5106cfad1187e34deee382428c114e449b27487fb5b8c012c","first_seen":"2024-09-10T08:04:08Z","last_seen":"2024-09-19T21:32:06.155063Z","times_seen":14499,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"o.pki.goog/s/wr3/CPQ","fqdn":"o.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"216.58.211.3","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-10T20:06:30.764949449Z","timestamp":1725998790764,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /s/wr3/CPQ HTTP/1.1\r\nHost: o.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Tue, 10 Sep 2024 20:06:30 GMT\r\nCache-Control: public, max-age=14400\r\nServer: scaffolding on HTTPServer2\r\nContent-Length: 471\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":471,"mime_type":"application/octet-stream","magic":"data","md5":"2f144cdc043d1e8f915fcac2a7f66b8b","sha1":"9e031fd0cfed14d49a0aaf6ded4b374219db3a5a","sha256":"da87c13b00a820ca790efdfaa73d8f8e1ae9e52fe0c34ff0e9ecd22577a69802","sha512":"61a1e029df9c234adf616c1b26a2de536fa8b6716a342572ebed9cbf7c2f52b649a503920b31cbb0dfa8649fcaa5829eb83150a193498b7a53363b8fd84cc9c8","ssdeep":"","tlshash":"62f0d4e561b410b4b422dd9d09b66f33665c9d1a34f948450e311fd7821af7e98690dc","first_seen":"2024-09-10T22:06:59Z","last_seen":"2024-09-19T21:22:16.414056Z","times_seen":3,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"edgedl.me.gvt1.com/edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq_130.0.6679.0/UpdaterSetup.exe","fqdn":"edgedl.me.gvt1.com","domain":"gvt1.com","tld":"com"},"ip":{"addr":"34.104.35.123","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-09-10T20:06:30.477Z","timestamp":1725998790477,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"edgedl.me.gvt1.com","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Wed, 04 Sep 2024 13:32:32 GMT","end":"Fri, 04 Oct 2024 14:28:28 GMT"},"fingerprint":{"sha1":"45:D1:46:B7:F7:8E:0D:F0:30:17:12:80:A5:29:86:E5:E5:75:A8:C8","sha256":"92:9B:0A:5A:36:7B:6C:F7:3F:8A:C8:8E:92:08:A5:2B:5F:42:CA:FF:AA:F3:36:D6:83:BB:D7:BA:44:04:5D:F3"}}},"request":{"raw":"GET /edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq_130.0.6679.0/UpdaterSetup.exe HTTP/1.1\r\nHost: edgedl.me.gvt1.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-disposition: attachment\r\ncontent-security-policy: default-src 'none'\r\nserver: Google-Edge-Cache\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 0\r\nx-request-id: bc087561-d316-43cf-85d4-097fe41ea8f7\r\ncontent-length: 8917384\r\ndate: Mon, 09 Sep 2024 23:04:10 GMT\r\nage: 75740\r\nlast-modified: Mon, 26 Aug 2024 10:25:05 GMT\r\netag: \"3085318\"\r\ncontent-type: application/octet-stream\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000\r\ncache-control: public,max-age=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8917384,"size_decoded":8917384,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","md5":"c83c1682023df84e4b5ff73464e933ba","sha1":"397327ba74e9c6791543a08bbb6c6a445a8f3498","sha256":"78f0e961eb8bc27f33ead2214157d1f97136ef357c254d91fd0859266ade90f8","sha512":"3b55e11dc656e75459db5b182849c21fbeaa5ad457d043ef013389958724c6d7c64efb6db8950c56bff4686ea398f5898047fe16bd5eed7acb7b132fba5598ad","ssdeep":"196608:ZNWvMZmI8qx5AxLg+mB6qDVKrNo+RpPOSdeIZ5yH+7BzLZMYFnIwBxu330G:Za4Wqx5YLg+y/DVKrNoCPoIZ5I+7B/25","tlshash":"7a969c12f9a09131f5a33276b93c67395d723e329b3589cb87802c986fb07d1653939b","first_seen":"2024-08-31T01:07:43Z","last_seen":"2024-10-15T23:09:33.646936Z","times_seen":40,"resource_available":false,"data":null}},"time_used":998,"timings":{"blocked":75,"dns":0,"connect":8,"send":0,"wait":13,"receive":834,"ssl":65},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-09-10","alert":"meth_get_eip","trigger":"edgedl.me.gvt1.com/edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq_130.0.6679.0/UpdaterSetup.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}],"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-10T20:06:32.684668126Z","timestamp":1725998792684,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"63274B199D0425D6B2283C6A23DF2AB604B62BE6614D18B74DECFF86727EB1CA\"\r\nLast-Modified: Tue, 10 Sep 2024 02:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7995\r\nExpires: Tue, 10 Sep 2024 22:19:47 GMT\r\nDate: Tue, 10 Sep 2024 20:06:32 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"9166ec047d1a1a5f81e7d3837eabbc9a","sha1":"7ed1e5b331a854776d5c422d2ded1329b74c7044","sha256":"63274b199d0425d6b2283c6a23df2ab604b62be6614d18b74decff86727eb1ca","sha512":"eccdf21111a9d11bade45d6e1ae17ab4407de07db4346a6f5014e31368c3aefd921c02ecd7708de9595037c42895ae0cfc4cb65f76e57f5461333f6ab3c29b39","ssdeep":"","tlshash":"a7f00ed13122fd19397e982b68c9d5262f622db2240d35e49ed991e128267ec72e824c","first_seen":"2024-09-10T06:55:13Z","last_seen":"2024-09-19T21:33:01.959276Z","times_seen":11566,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}