{"report_id":"87b67ba2-b4f7-4dc1-9571-d498859490e1","version":6,"status":"done","tags":[],"date":"2024-08-03T01:10:26Z","url":{"schema":"http","addr":"r3---sn-5go7ynlk.gvt1.com/edgedl/release2/update2/adj4ctryotgnl3tm7urj3hhfmnia_128.0.6597.0/UpdaterSetup.exe?mh=Ut\u0026pl=21\u0026shardbypass=sd\u0026rm=sn-qxosr76\u0026rrc=104","fqdn":"r3---sn-5go7ynlk.gvt1.com","domain":"gvt1.com","tld":"com"},"ip":{"addr":"173.194.6.8","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T07:11:12Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-08-02 18:13:27","alert_count":0,"request_count":6,"received_data":5325,"sent_data":1962,"comment":"","tags":null,"fingerprints":null},{"fqdn":"o.pki.goog","ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2016-06-13","domain_rank":0,"first_seen":"2024-04-24 13:44:57","last_seen":"2024-08-02 18:48:52","alert_count":0,"request_count":2,"received_data":1398,"sent_data":650,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r3---sn-5go7ynlk.gvt1.com","ip":{"addr":"173.194.6.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-03-03","domain_rank":0,"first_seen":"2022-10-28 09:00:24","last_seen":"2024-07-03 05:54:09","alert_count":1,"request_count":1,"received_data":8914935,"sent_data":611,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"d942b202971f587ef2826e382ef9aaec","sha1":"d1bcc6406e27a240f9ca94847585fc6603e09947","sha256":"fb49593edd92ece3c9ba7361909c4bac53fad47d94775586aa495b2215c354d6","sha512":"b1a7b0abc0d645931ea3ea65e064fb9bbe874b3ee5bd44ea111ef9fa9082b8964535a28a6a2b4498ea5108ca622f2889d3b4064fa5dc05afc08e293147a6fc34","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","size":8914312,"url":{"schema":"https","addr":"r3---sn-5go7ynlk.gvt1.com/edgedl/release2/update2/adj4ctryotgnl3tm7urj3hhfmnia_128.0.6597.0/UpdaterSetup.exe?mh=Ut\u0026pl=21\u0026shardbypass=sd\u0026rm=sn-qxosr76\u0026rrc=104","fqdn":"r3---sn-5go7ynlk.gvt1.com","domain":"gvt1.com","tld":"com"},"ip":{"addr":"173.194.6.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-03","alert":"meth_get_eip","trigger":"r3---sn-5go7ynlk.gvt1.com/edgedl/release2/update2/adj4ctryotgnl3tm7urj3hhfmnia_128.0.6597.0/UpdaterSetup.exe?mh=Ut\u0026pl=21\u0026shardbypass=sd\u0026rm=sn-qxosr76\u0026rrc=104","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-03","alert":"meth_get_eip","trigger":"r3---sn-5go7ynlk.gvt1.com/edgedl/release2/update2/adj4ctryotgnl3tm7urj3hhfmnia_128.0.6597.0/UpdaterSetup.exe?mh=Ut\u0026pl=21\u0026shardbypass=sd\u0026rm=sn-qxosr76\u0026rrc=104","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-03T01:09:59.210701421Z","timestamp":1722647399210,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"2A52E00C2D138753BE73D181F49067827AB153E56CF68D50C690046B1A1873A7\"\r\nLast-Modified: Thu, 01 Aug 2024 06:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=8996\r\nExpires: Sat, 03 Aug 2024 03:39:55 GMT\r\nDate: Sat, 03 Aug 2024 01:09:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"1f657e78cc6cd633543a7c714446bc96","sha1":"6c9ce1ef30668bf4e402d553e8c16b7d52871b7f","sha256":"2a52e00c2d138753be73d181f49067827ab153e56cf68d50c690046b1a1873a7","sha512":"b0740273b22942c2c8d301f8c924b49525b37ab39278d58b25fb033630fba6f43b3766e21dba0e24815b1c76dd9c1047343933b06aaee2cc60e50c739aec7b6a","ssdeep":"","tlshash":"3ef00ec5035dbe426a602f0c5eb9ca1b1ea55eed2550a6e038d842e03988bf80ccc638","first_seen":"2024-08-02T04:10:22Z","last_seen":"2024-08-19T14:57:59.873535Z","times_seen":18150,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-03T01:09:59.213133714Z","timestamp":1722647399213,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"542B016F56D55AC6E101E5930905AC5873AB375BB530AE7F2DBBBE98F4663926\"\r\nLast-Modified: Thu, 01 Aug 2024 06:56:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11656\r\nExpires: Sat, 03 Aug 2024 04:24:15 GMT\r\nDate: Sat, 03 Aug 2024 01:09:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"2b7af8743a0baccf520f7d3c63f9aa03","sha1":"d531f4d4c3b83565dbe8f972052708201df0d668","sha256":"542b016f56d55ac6e101e5930905ac5873ab375bb530ae7f2dbbbe98f4663926","sha512":"7057ee9951dfbee47dc98a6fc594eb7421c9500ce77fc52a843899749f030953148787d88da29630f2983cfceef7e5f9cd81cbb5831c99beb69dfaaf3060cb40","ssdeep":"","tlshash":"5bf0c050069876069ea04a202fddd0111a286c7a647074f17cd80666b5207ad4d8e94c","first_seen":"2024-08-01T12:26:57Z","last_seen":"2024-08-19T15:03:08.441696Z","times_seen":27247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-03T01:09:59.500531376Z","timestamp":1722647399500,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"9ED1020CE84380273C514B5C14A8705879D8233ACAAE13B428063BC7B83A067B\"\r\nLast-Modified: Thu, 01 Aug 2024 06:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6304\r\nExpires: Sat, 03 Aug 2024 02:55:03 GMT\r\nDate: Sat, 03 Aug 2024 01:09:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"b84a2e6efef529bac3e0d5dd309babe7","sha1":"b22b4d0e8f84859a83b85939ae4c77d16fde0c93","sha256":"9ed1020ce84380273c514b5c14a8705879d8233acaae13b428063bc7b83a067b","sha512":"9aa013ac1596c4164da95babc32f49259058c328722bff250f1b59f59b62c6cf2e1785c177298d5e8145aa5dd8ce3166ab505f47c9a43679d4f66ce32230c718","ssdeep":"","tlshash":"14f0051e59fe799437b45513696df19916907e50741893f11cd803ddb45eba41ac040c","first_seen":"2024-08-01T18:13:54Z","last_seen":"2024-08-19T15:01:23.412971Z","times_seen":18732,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-03T01:09:59.662119815Z","timestamp":1722647399662,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E9D373F8BCB454C3FC0B4E4D3768E5104C7F4CAD03145468F9D2C0FF89C08143\"\r\nLast-Modified: Thu, 01 Aug 2024 06:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7067\r\nExpires: Sat, 03 Aug 2024 03:07:46 GMT\r\nDate: Sat, 03 Aug 2024 01:09:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"06f86a556a3bc0d04f36267a3081f07f","sha1":"3ca01a6761c66a9434a2ee060e2cb4b685b0b9f8","sha256":"e9d373f8bcb454c3fc0b4e4d3768e5104c7f4cad03145468f9d2c0ff89c08143","sha512":"5d2afaf30f4b626d830d5404cc82ccea273969bba9a832005a64f12aa15e56eb5b5c85876d82dde52c590ca6f5c0e57e3ff801aab3ed9887a1d0b147413a9b5c","ssdeep":"","tlshash":"75f00e8a20ed7b8555a0ac001e78e21afd396abc3c2025e21e9c05f57421bf26dc404c","first_seen":"2024-08-01T08:37:09Z","last_seen":"2024-08-19T15:04:18.900784Z","times_seen":23373,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"o.pki.goog/wr2","fqdn":"o.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-03T01:09:59.749891174Z","timestamp":1722647399749,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /wr2 HTTP/1.1\r\nHost: o.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 03 Aug 2024 01:09:59 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 471\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":471,"mime_type":"application/octet-stream","magic":"data","md5":"fd50e113d7a5b33d5a716b3ae2aaf59e","sha1":"af536441833cc1b5389e5368eddfaa158f99cbf3","sha256":"a459acc1e448d6a80c339b95fac33bcd5f6e46a95c01ae06bdcc13fe523b9375","sha512":"96b791a1fb99be2bd4c1ab3d7fbf184f3946f7ab34f9b4165e3f5b21c7d314d7ef9acf21393b96acab0d80bc57fa1374bbf39a150da36a1629deecfa9ebcffba","ssdeep":"","tlshash":"80f05c9128362dd18f216c0023caf0193d28ae3821bc7793ac3cd6aa3c84b740b449ba","first_seen":"2024-08-02T04:47:46Z","last_seen":"2024-08-19T14:57:47.352547Z","times_seen":23,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"o.pki.goog/wr2","fqdn":"o.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-03T01:09:59.941008993Z","timestamp":1722647399941,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /wr2 HTTP/1.1\r\nHost: o.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 03 Aug 2024 01:09:59 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 471\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":471,"mime_type":"application/octet-stream","magic":"data","md5":"fd50e113d7a5b33d5a716b3ae2aaf59e","sha1":"af536441833cc1b5389e5368eddfaa158f99cbf3","sha256":"a459acc1e448d6a80c339b95fac33bcd5f6e46a95c01ae06bdcc13fe523b9375","sha512":"96b791a1fb99be2bd4c1ab3d7fbf184f3946f7ab34f9b4165e3f5b21c7d314d7ef9acf21393b96acab0d80bc57fa1374bbf39a150da36a1629deecfa9ebcffba","ssdeep":"","tlshash":"80f05c9128362dd18f216c0023caf0193d28ae3821bc7793ac3cd6aa3c84b740b449ba","first_seen":"2024-08-02T04:47:46Z","last_seen":"2024-08-19T14:57:47.352547Z","times_seen":23,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r3---sn-5go7ynlk.gvt1.com/edgedl/release2/update2/adj4ctryotgnl3tm7urj3hhfmnia_128.0.6597.0/UpdaterSetup.exe?mh=Ut\u0026pl=21\u0026shardbypass=sd\u0026rm=sn-qxosr76\u0026rrc=104","fqdn":"r3---sn-5go7ynlk.gvt1.com","domain":"gvt1.com","tld":"com"},"ip":{"addr":"173.194.6.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-03T01:09:59.698Z","timestamp":1722647399698,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.c.docs.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Jul 2024 14:34:06 GMT","end":"Tue, 24 Sep 2024 14:34:05 GMT"},"fingerprint":{"sha1":"6C:53:8D:31:BE:19:4F:5B:40:5F:DD:1A:A7:8A:B4:32:3A:6F:0F:DF","sha256":"43:9E:C5:0C:6C:F6:1F:FD:3F:90:49:DF:C4:97:0C:E1:C1:7D:D2:91:10:29:85:DD:C2:79:B8:BC:CA:01:41:89"}}},"request":{"raw":"GET /edgedl/release2/update2/adj4ctryotgnl3tm7urj3hhfmnia_128.0.6597.0/UpdaterSetup.exe?mh=Ut\u0026pl=21\u0026shardbypass=sd\u0026rm=sn-qxosr76\u0026rrc=104 HTTP/1.1\r\nHost: r3---sn-5go7ynlk.gvt1.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: public,max-age=86400\r\nContent-Disposition: attachment\r\nContent-Length: 8914312\r\nContent-Security-Policy: default-src 'none'\r\nContent-Type: application/octet-stream\r\nEtag: \"2d8bf0a\"\r\nServer: downloads\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-Xss-Protection: 0\r\nDate: Sat, 03 Aug 2024 01:09:47 GMT\r\nLast-Modified: Mon, 15 Jul 2024 08:38:11 GMT\r\nConnection: keep-alive\r\nAlt-Svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000, h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46\"\r\nVary: Origin\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8914312,"size_decoded":8914312,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","md5":"d942b202971f587ef2826e382ef9aaec","sha1":"d1bcc6406e27a240f9ca94847585fc6603e09947","sha256":"fb49593edd92ece3c9ba7361909c4bac53fad47d94775586aa495b2215c354d6","sha512":"b1a7b0abc0d645931ea3ea65e064fb9bbe874b3ee5bd44ea111ef9fa9082b8964535a28a6a2b4498ea5108ca622f2889d3b4064fa5dc05afc08e293147a6fc34","ssdeep":"196608:6xfKlmR5/9Bz6nKuvueLWj9HC/Zfy5hPza21BNmxIVFuvgW8B:6bR57WnKYueL88ZK5Za21BNmxQFuvg","tlshash":"83969d12f6a09135f5a33231b93c6b3d5e363e319b358acb86442c982fb07d1653979b","first_seen":"2024-07-20T21:10:34Z","last_seen":"2024-08-19T16:15:07.357133Z","times_seen":31,"resource_available":false,"data":null}},"time_used":1174,"timings":{"blocked":52,"dns":0,"connect":9,"send":0,"wait":8,"receive":1062,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-03","alert":"meth_get_eip","trigger":"r3---sn-5go7ynlk.gvt1.com/edgedl/release2/update2/adj4ctryotgnl3tm7urj3hhfmnia_128.0.6597.0/UpdaterSetup.exe?mh=Ut\u0026pl=21\u0026shardbypass=sd\u0026rm=sn-qxosr76\u0026rrc=104","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}],"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-03T01:10:02.193545365Z","timestamp":1722647402193,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5D3FE5575B14F6F240E86C4C5065E8F3F79A6F20039EFCE544E7597166C1AE0F\"\r\nLast-Modified: Thu, 01 Aug 2024 06:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=16199\r\nExpires: Sat, 03 Aug 2024 05:40:00 GMT\r\nDate: Sat, 03 Aug 2024 01:10:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7b71bbce2c5e563fde3afb60497eb33b","sha1":"ffe77143d7aae5b966b693211336919b872de46a","sha256":"5d3fe5575b14f6f240e86c4c5065e8f3f79a6f20039efce544e7597166c1ae0f","sha512":"74b26d7ae39d9dcb1edf5fee9cb2c138bbc2c82f3586365580a0ed3270b19d3e8fd100f2914c64f1b5cadcaf6073eba610a22ac4a19f56e4afce0e72293070d8","ssdeep":"","tlshash":"acf00e4a079d6e462b6dc8443d84fa215d640daa742030f42accc2a572b07e46ac641c","first_seen":"2024-08-01T13:13:22Z","last_seen":"2024-08-19T15:03:08.4448Z","times_seen":14162,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-03T01:10:02.195097106Z","timestamp":1722647402195,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5D3FE5575B14F6F240E86C4C5065E8F3F79A6F20039EFCE544E7597166C1AE0F\"\r\nLast-Modified: Thu, 01 Aug 2024 06:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=16199\r\nExpires: Sat, 03 Aug 2024 05:40:00 GMT\r\nDate: Sat, 03 Aug 2024 01:10:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7b71bbce2c5e563fde3afb60497eb33b","sha1":"ffe77143d7aae5b966b693211336919b872de46a","sha256":"5d3fe5575b14f6f240e86c4c5065e8f3f79a6f20039efce544e7597166c1ae0f","sha512":"74b26d7ae39d9dcb1edf5fee9cb2c138bbc2c82f3586365580a0ed3270b19d3e8fd100f2914c64f1b5cadcaf6073eba610a22ac4a19f56e4afce0e72293070d8","ssdeep":"","tlshash":"acf00e4a079d6e462b6dc8443d84fa215d640daa742030f42accc2a572b07e46ac641c","first_seen":"2024-08-01T13:13:22Z","last_seen":"2024-08-19T15:03:08.4448Z","times_seen":14162,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}