hxxps://shift[.]gearboxsoftware[.]com/rewards

Analysis

max time kernel
453s
max time network
452s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2023, 14:39 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shift.gearboxsoftware.com/rewards

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133236276044030733"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 3996	2396	chrome.exe	87
PID 2396 wrote to memory of 3996	2396	chrome.exe	87
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 3940	2396	chrome.exe	89
PID 2396 wrote to memory of 3940	2396	chrome.exe	89
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://shift.gearboxsoftware.com/rewards
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84be9758,0x7ffa84be9768,0x7ffa84be9778
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:2
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4024 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1600 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4684 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5284 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3264 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5432 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:3064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3748

Network

DNS

76.38.195.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.38.195.152.in-addr.arpa

IN PTR

Response
DNS

199.176.139.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

199.176.139.52.in-addr.arpa

IN PTR

Response
DNS

shift.gearboxsoftware.com

chrome.exe

Remote address:

8.8.8.8:53

Request

shift.gearboxsoftware.com

IN A

Response

shift.gearboxsoftware.com

IN A

3.222.54.73

shift.gearboxsoftware.com

IN A

52.21.13.100

shift.gearboxsoftware.com

IN A

3.221.2.39

shift.gearboxsoftware.com

IN A

34.237.3.131
DNS

250.255.255.239.in-addr.arpa

Remote address:

8.8.8.8:53

Request

250.255.255.239.in-addr.arpa

IN PTR

Response
DNS

163.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.179.250.142.in-addr.arpa

IN PTR

Response

163.179.250.142.in-addr.arpa

IN PTR

ams15s41-in-f31e100net
DNS

189.211.227.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

189.211.227.13.in-addr.arpa

IN PTR

Response

189.211.227.13.in-addr.arpa

IN PTR

server-13-227-211-189ams54r cloudfrontnet
DNS

73.54.222.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.54.222.3.in-addr.arpa

IN PTR

Response

73.54.222.3.in-addr.arpa

IN PTR

ec2-3-222-54-73 compute-1 amazonawscom
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.251.36.10

content-autofill.googleapis.com

IN A

142.251.39.106

content-autofill.googleapis.com

IN A

172.217.168.202

content-autofill.googleapis.com

IN A

216.58.208.106

content-autofill.googleapis.com

IN A

142.250.179.138

content-autofill.googleapis.com

IN A

142.251.36.42

content-autofill.googleapis.com

IN A

142.250.179.170

content-autofill.googleapis.com

IN A

142.250.179.202
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwlQBXgj-w_J3xIFDZAiE60SBQ3LAvZi?alt=proto

chrome.exe

Remote address:

142.251.36.10:443

Request

GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwlQBXgj-w_J3xIFDZAiE60SBQ3LAvZi?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CIGTywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

10.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.36.251.142.in-addr.arpa

IN PTR

Response

10.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f101e100net
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

33.18.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.18.126.40.in-addr.arpa

IN PTR

Response
DNS

176.122.125.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.122.125.40.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

97.97.242.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.97.242.52.in-addr.arpa

IN PTR

Response
DNS

45.8.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.8.109.52.in-addr.arpa

IN PTR

Response
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR

Response
DNS

97.97.242.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.97.242.52.in-addr.arpa

IN PTR

Response
DNS

226.101.242.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.101.242.52.in-addr.arpa

IN PTR

Response
DNS

126.136.241.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.136.241.8.in-addr.arpa

IN PTR

Response
DNS

202.74.101.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.74.101.95.in-addr.arpa

IN PTR

Response

202.74.101.95.in-addr.arpa

IN PTR

a95-101-74-202deploystaticakamaitechnologiescom
DNS

84.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.65.42.20.in-addr.arpa

IN PTR

Response
DNS

100.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.39.251.142.in-addr.arpa

IN PTR

Response

100.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f41e100net
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

172.217.168.206
DNS

206.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.168.217.172.in-addr.arpa

IN PTR

Response

206.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f141e100net
DNS

opentip.kaspersky.com

chrome.exe

Remote address:

8.8.8.8:53

Request

opentip.kaspersky.com

IN A

Response

opentip.kaspersky.com

IN CNAME

opentip.ha.kaspersky.com

opentip.ha.kaspersky.com

IN A

77.74.177.28

opentip.ha.kaspersky.com

IN A

185.85.12.12

opentip.ha.kaspersky.com

IN A

93.159.230.121
GET

https://opentip.kaspersky.com/

chrome.exe

Remote address:

77.74.177.28:443

Request

GET / HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Purpose: prefetch
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://www.google.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: https://auth.uis.kaspersky.com
Cache-Control: no-store, no-cache, must-revalidate
Content-Encoding: gzip
Content-Security-Policy: default-src opentip.kaspersky.com;style-src 'self' 'unsafe-inline' blob: https://www.gstatic.com/recaptcha/ opentip.kaspersky.com;font-src 'self' data: https://fonts.gstatic.com/ opentip.kaspersky.com;script-src 'self' https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ 'unsafe-inline' https://www.googletagmanager.com/ 'unsafe-inline' https://www.google-analytics.com https://media.kaspersky.com/ 'unsafe-eval' https://dpm.demdex.net/ opentip.kaspersky.com;img-src 'self' data: https://www.gstatic.com/recaptcha/ www.googletagmanager.com https://www.google-analytics.com https://kaspersky.d3.sc.omtrdc.net/ https://cm.everesttech.net/ opentip.kaspersky.com;connect-src 'self' https://www.google.com/recaptcha/ https://www.google-analytics.com/ https://dpm.demdex.net/ opentip.kaspersky.com;frame-src 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha https://www.google.com https://www.googletagmanager.com/ https://kaspersky.demdex.net/ opentip.kaspersky.com;
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Strict-Transport-Security: max-age=31536000; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
Date: Sat, 18 Mar 2023 14:46:27 GMT
Content-Length: 942
GET

https://opentip.kaspersky.com/public/app-fdf97fce0cea.css

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/app-fdf97fce0cea.css HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: application/signed-exchange;v=b3;q=0.7,*/*;q=0.8
Purpose: prefetch
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: style
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Etag: public/app-fdf97fce0cea
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
Date: Sat, 18 Mar 2023 14:46:27 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/favicon.ico

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /favicon.ico HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: application/signed-exchange;v=b3;q=0.7,*/*;q=0.8
Purpose: prefetch
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: https://auth.uis.kaspersky.com
Cache-Control: no-store, no-cache, must-revalidate
Content-Encoding: gzip
Content-Security-Policy: default-src opentip.kaspersky.com;style-src 'self' 'unsafe-inline' blob: https://www.gstatic.com/recaptcha/ opentip.kaspersky.com;font-src 'self' data: https://fonts.gstatic.com/ opentip.kaspersky.com;script-src 'self' https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ 'unsafe-inline' https://www.googletagmanager.com/ 'unsafe-inline' https://www.google-analytics.com https://media.kaspersky.com/ 'unsafe-eval' https://dpm.demdex.net/ opentip.kaspersky.com;img-src 'self' data: https://www.gstatic.com/recaptcha/ www.googletagmanager.com https://www.google-analytics.com https://kaspersky.d3.sc.omtrdc.net/ https://cm.everesttech.net/ opentip.kaspersky.com;connect-src 'self' https://www.google.com/recaptcha/ https://www.google-analytics.com/ https://dpm.demdex.net/ opentip.kaspersky.com;frame-src 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha https://www.google.com https://www.googletagmanager.com/ https://kaspersky.demdex.net/ opentip.kaspersky.com;
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Strict-Transport-Security: max-age=31536000; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
Date: Sat, 18 Mar 2023 14:46:27 GMT
Content-Length: 942
GET

https://opentip.kaspersky.com/ui/checksession

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /ui/checksession HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
Accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Cache-Control: no-cache
Cym9cgwjk: N68K+nZCru6aqCAlFAQKN3+Z15Ky0+Rm5KbdOynmI6oKEAAAAAAAAAAAAAD//5o9Rw0SEGfhfwt8m+KSqoPulprQqUQYuuq+qe8wKhAAAAAAAAAAAAAA//+aPUcNMLqi2NLvMA==
Js-Version:
Date: Sat, 18 Mar 2023 14:46:29 GMT
Content-Length: 0
GET

https://opentip.kaspersky.com/public/70de463581e9807f923d.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/70de463581e9807f923d.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: public/70de463581e9807f923d
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
GET

https://opentip.kaspersky.com/app-fdf97fce0cea.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /app-fdf97fce0cea.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: application/signed-exchange;v=b3;q=0.7,*/*;q=0.8
Purpose: prefetch
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: app-fdf97fce0cea
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:27 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/

chrome.exe

Remote address:

77.74.177.28:443

Request

GET / HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://www.google.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: https://auth.uis.kaspersky.com
Cache-Control: no-store, no-cache, must-revalidate
Content-Encoding: gzip
Content-Security-Policy: default-src opentip.kaspersky.com;style-src 'self' 'unsafe-inline' blob: https://www.gstatic.com/recaptcha/ opentip.kaspersky.com;font-src 'self' data: https://fonts.gstatic.com/ opentip.kaspersky.com;script-src 'self' https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ 'unsafe-inline' https://www.googletagmanager.com/ 'unsafe-inline' https://www.google-analytics.com https://media.kaspersky.com/ 'unsafe-eval' https://dpm.demdex.net/ opentip.kaspersky.com;img-src 'self' data: https://www.gstatic.com/recaptcha/ www.googletagmanager.com https://www.google-analytics.com https://kaspersky.d3.sc.omtrdc.net/ https://cm.everesttech.net/ opentip.kaspersky.com;connect-src 'self' https://www.google.com/recaptcha/ https://www.google-analytics.com/ https://dpm.demdex.net/ opentip.kaspersky.com;frame-src 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha https://www.google.com https://www.googletagmanager.com/ https://kaspersky.demdex.net/ opentip.kaspersky.com;
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Strict-Transport-Security: max-age=31536000; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
Date: Sat, 18 Mar 2023 14:46:29 GMT
Content-Length: 942
GET

https://opentip.kaspersky.com/748-56f93ed8f8b6.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /748-56f93ed8f8b6.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: same-origin
Sec-Fetch-Dest: worker
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: 748-56f93ed8f8b6
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:29 GMT
Content-Length: 720
GET

https://opentip.kaspersky.com/favicon.png

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /favicon.png HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: image/png
Etag: favicon
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
Date: Sat, 18 Mar 2023 14:46:29 GMT
Content-Length: 640
GET

https://opentip.kaspersky.com/public/2177b6907c7061117cd9.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/2177b6907c7061117cd9.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: public/2177b6907c7061117cd9
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/public/d994cadfa38da3f49a2c.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/d994cadfa38da3f49a2c.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: public/d994cadfa38da3f49a2c
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/public/4fe87bc64a1b2a76f9ff.svg

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/4fe87bc64a1b2a76f9ff.svg HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: image/svg+xml
Etag: public/4fe87bc64a1b2a76f9ff
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
DNS

28.177.74.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.177.74.77.in-addr.arpa

IN PTR

Response
DNS

200.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.179.250.142.in-addr.arpa

IN PTR

Response

200.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f81e100net
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.206
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

142.250.179.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

206.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.179.250.142.in-addr.arpa

IN PTR

Response

206.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f141e100net
DNS

2.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.214.58.216.in-addr.arpa

IN PTR

Response

2.214.58.216.in-addr.arpa

IN PTR

ams17s09-in-f21e100net

2.214.58.216.in-addr.arpa

IN PTR

lhr26s05-in-f2�F

2.214.58.216.in-addr.arpa

IN PTR

�]
GET

https://opentip.kaspersky.com/public/36eb66e6324a2429660a.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/36eb66e6324a2429660a.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: public/36eb66e6324a2429660a
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/public/447db3816ae74282e994.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/447db3816ae74282e994.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: public/447db3816ae74282e994
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/public/9b38f40b7d61a8c2dcbf.woff2

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/9b38f40b7d61a8c2dcbf.woff2 HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
Origin: https://opentip.kaspersky.com
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: font
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: font/woff
Etag: public/9b38f40b7d61a8c2dcbf
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/395-ecc13e6ee74a.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /395-ecc13e6ee74a.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://opentip.kaspersky.com/https%3A%2F%2Fshift.gearboxsoftware.com%2Fhome%3Fredirect_to%3Dhttps%253A%252F%252Fshift.gearboxsoftware.com%252Frewards/?tab=lookup
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: 395-ecc13e6ee74a
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:40 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/public/8dd59e879f89f8fb07a3.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/8dd59e879f89f8fb07a3.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: public/8dd59e879f89f8fb07a3
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/374-d526444935a0.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /374-d526444935a0.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: 374-d526444935a0
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/public/f1cbb8d8a0bb5b596609.woff2

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/f1cbb8d8a0bb5b596609.woff2 HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
Origin: https://opentip.kaspersky.com
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: font
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: font/woff
Etag: public/f1cbb8d8a0bb5b596609
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/public/b100ce48871a57eddb04.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/b100ce48871a57eddb04.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://opentip.kaspersky.com/https%3A%2F%2Fshift.gearboxsoftware.com%2Fhome%3Fredirect_to%3Dhttps%253A%252F%252Fshift.gearboxsoftware.com%252Frewards/?tab=lookup
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: public/b100ce48871a57eddb04
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:40 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/public/e143a7bad1b62e211e8d.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/e143a7bad1b62e211e8d.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: public/e143a7bad1b62e211e8d
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/ui/cybermap?date_range_mode=m&type=rmw

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /ui/cybermap?date_range_mode=m&type=rmw HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
Accept: application/json, text/plain, */*
cym9cgwjk: N68K+nZCru6aqCAlFAQKN3+Z15Ky0+Rm5KbdOynmI6oKEAAAAAAAAAAAAAD//5o9Rw0SEGfhfwt8m+KSqoPulprQqUQYuuq+qe8wKhAAAAAAAAAAAAAA//+aPUcNMLqi2NLvMA==
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Cache-Control: no-cache
Content-Encoding: gzip
Content-Type: application/octet-stream
Expires: Sat, 01 Jan 2000 00:00:00 GMT
If-Modified-Since: 0
Pragma: no-cache
Vary: Accept-Encoding
Date: Sat, 18 Mar 2023 14:46:30 GMT
Content-Length: 1098
GET

https://opentip.kaspersky.com/public/4dafa41c92d788502d9d.woff2

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/4dafa41c92d788502d9d.woff2 HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
Origin: https://opentip.kaspersky.com
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: font
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: font/woff
Etag: public/4dafa41c92d788502d9d
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
GET

https://opentip.kaspersky.com/ui/cybermapfile

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /ui/cybermapfile HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
Accept: application/json, text/plain, */*
cym9cgwjk: N68K+nZCru6aqCAlFAQKN3+Z15Ky0+Rm5KbdOynmI6oKEAAAAAAAAAAAAAD//5o9Rw0SEGfhfwt8m+KSqoPulprQqUQYuuq+qe8wKhAAAAAAAAAAAAAA//+aPUcNMLqi2NLvMA==
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://opentip.kaspersky.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: no-cache
Content-Encoding: gzip
Content-Type: application/json
Cym9cgwjk: pNdKAK54Rac2Y+DuWIymkLE1bDh8cgbgLRCpVqYy3/MKEAAAAAAAAAAAAAD//5o9Rw0SEGfhfwt8m+KSqoPulprQqUQYuvK+qe8wKhAAAAAAAAAAAAAA//+aPUcNMLqq2NLvMA==
Expires: Sat, 01 Jan 2000 00:00:00 GMT
If-Modified-Since: 0
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Pragma: no-cache
Vary: Accept-Encoding
Date: Sat, 18 Mar 2023 14:46:30 GMT
Transfer-Encoding: chunked
POST

https://opentip.kaspersky.com/ui/lookup

chrome.exe

Remote address:

77.74.177.28:443

Request

POST /ui/lookup HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
Content-Length: 104
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
Accept: application/json, text/plain, */*
cym9cgwjk: N68K+nZCru6aqCAlFAQKN3+Z15Ky0+Rm5KbdOynmI6oKEAAAAAAAAAAAAAD//5o9Rw0SEGfhfwt8m+KSqoPulprQqUQYuuq+qe8wKhAAAAAAAAAAAAAA//+aPUcNMLqi2NLvMA==
Content-Type: application/octet-stream
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://opentip.kaspersky.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://opentip.kaspersky.com/?tab=lookup
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Cache-Control: no-cache
Content-Encoding: gzip
Content-Type: application/octet-stream
Cym9cgwjk: itCUEfuPWRz64hqITsC2RqqJpWU4WS2hbvg6UlDGbUMKEAAAAAAAAAAAAAD//5o9Rw0SEGfhfwt8m+KSqoPulprQqUQYm7O/qe8wKhAAAAAAAAAAAAAA//+aPUcNMJvr2NLvMA==
Expires: Sat, 01 Jan 2000 00:00:00 GMT
If-Modified-Since: 0
Pragma: no-cache
Vary: Accept-Encoding
Date: Sat, 18 Mar 2023 14:46:40 GMT
Content-Length: 481
GET

https://opentip.kaspersky.com/public/ee20fc2d6b146c07e15b.js

chrome.exe

Remote address:

77.74.177.28:443

Request

GET /public/ee20fc2d6b146c07e15b.js HTTP/1.1
Host: opentip.kaspersky.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://opentip.kaspersky.com/https%3A%2F%2Fshift.gearboxsoftware.com%2Fhome%3Fredirect_to%3Dhttps%253A%252F%252Fshift.gearboxsoftware.com%252Frewards/?tab=lookup
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.598017541.1679154388; _gid=GA1.2.1986761637.1679154388; _gat_gtag_UA_168691510_1=1

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Type: application/javascript
Etag: public/ee20fc2d6b146c07e15b
Last-Modified: Wed, 11 Jan 2023 16:51:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Sat, 18 Mar 2023 14:46:40 GMT
Transfer-Encoding: chunked
DNS

110.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.39.251.142.in-addr.arpa

IN PTR

Response

110.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f141e100net
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.179.138

content-autofill.googleapis.com

IN A

142.251.36.42

content-autofill.googleapis.com

IN A

172.217.168.234

content-autofill.googleapis.com

IN A

142.250.179.170

content-autofill.googleapis.com

IN A

142.250.179.202

content-autofill.googleapis.com

IN A

142.251.36.10

content-autofill.googleapis.com

IN A

142.251.39.106

content-autofill.googleapis.com

IN A

172.217.168.202

content-autofill.googleapis.com

IN A

216.58.208.106
DNS

138.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.179.250.142.in-addr.arpa

IN PTR

Response

138.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f101e100net

3.222.54.73:443

shift.gearboxsoftware.com

tls

chrome.exe

70.7kB
1.7MB
1026
1286
142.251.36.10:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwlQBXgj-w_J3xIFDZAiE60SBQ3LAvZi?alt=proto

tls, http2

chrome.exe

2.0kB
7.3kB
20
21

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwlQBXgj-w_J3xIFDZAiE60SBQ3LAvZi?alt=proto
20.54.89.15:443

260 B
5
13.89.179.10:443

322 B
7
93.184.221.240:80

322 B
7
93.184.221.240:80

322 B
7
93.184.221.240:80

322 B
7
173.223.113.164:443

322 B
7
173.223.113.131:80

322 B
7
204.79.197.203:80

api.msn.com

322 B
7
77.74.177.28:443

https://opentip.kaspersky.com/public/70de463581e9807f923d.js

tls, http

chrome.exe

9.7kB
309.2kB
129
235

HTTP Request

GET https://opentip.kaspersky.com/

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/public/app-fdf97fce0cea.css

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/favicon.ico

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/ui/checksession

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/public/70de463581e9807f923d.js

HTTP Response

200
77.74.177.28:443

https://opentip.kaspersky.com/public/4fe87bc64a1b2a76f9ff.svg

tls, http

chrome.exe

17.0kB
635.4kB
255
485

HTTP Request

GET https://opentip.kaspersky.com/app-fdf97fce0cea.js

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/748-56f93ed8f8b6.js

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/favicon.png

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/public/2177b6907c7061117cd9.js

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/public/d994cadfa38da3f49a2c.js

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/public/4fe87bc64a1b2a76f9ff.svg

HTTP Response

200
142.250.179.206:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

chrome.exe

1.7kB
8.4kB
13
14

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
77.74.177.28:443

https://opentip.kaspersky.com/395-ecc13e6ee74a.js

tls, http

chrome.exe

5.8kB
95.5kB
51
86

HTTP Request

GET https://opentip.kaspersky.com/public/36eb66e6324a2429660a.js

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/public/447db3816ae74282e994.js

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/public/9b38f40b7d61a8c2dcbf.woff2

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/395-ecc13e6ee74a.js

HTTP Response

200
77.74.177.28:443

https://opentip.kaspersky.com/public/8dd59e879f89f8fb07a3.js

tls, http

chrome.exe

2.5kB
49.9kB
27
44

HTTP Request

GET https://opentip.kaspersky.com/public/8dd59e879f89f8fb07a3.js

HTTP Response

200
77.74.177.28:443

https://opentip.kaspersky.com/public/b100ce48871a57eddb04.js

tls, http

chrome.exe

4.6kB
74.8kB
41
67

HTTP Request

GET https://opentip.kaspersky.com/374-d526444935a0.js

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/public/f1cbb8d8a0bb5b596609.woff2

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/public/b100ce48871a57eddb04.js

HTTP Response

200
77.74.177.28:443

https://opentip.kaspersky.com/public/ee20fc2d6b146c07e15b.js

tls, http

chrome.exe

12.6kB
345.1kB
154
284

HTTP Request

GET https://opentip.kaspersky.com/public/e143a7bad1b62e211e8d.js

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/ui/cybermap?date_range_mode=m&type=rmw

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/public/4dafa41c92d788502d9d.woff2

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/ui/cybermapfile

HTTP Response

200

HTTP Request

POST https://opentip.kaspersky.com/ui/lookup

HTTP Response

200

HTTP Request

GET https://opentip.kaspersky.com/public/ee20fc2d6b146c07e15b.js

HTTP Response

200

8.8.8.8:53

76.38.195.152.in-addr.arpa

dns

72 B
143 B
1
1

DNS Request

76.38.195.152.in-addr.arpa
8.8.8.8:53

199.176.139.52.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

199.176.139.52.in-addr.arpa
8.8.8.8:53

shift.gearboxsoftware.com

dns

chrome.exe

71 B
135 B
1
1

DNS Request

shift.gearboxsoftware.com

DNS Response

3.222.54.73

52.21.13.100

3.221.2.39

34.237.3.131
8.8.8.8:53

250.255.255.239.in-addr.arpa

dns

74 B
131 B
1
1

DNS Request

250.255.255.239.in-addr.arpa
8.8.8.8:53

163.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

163.179.250.142.in-addr.arpa
8.8.8.8:53

189.211.227.13.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

189.211.227.13.in-addr.arpa
8.8.8.8:53

73.54.222.3.in-addr.arpa

dns

70 B
123 B
1
1

DNS Request

73.54.222.3.in-addr.arpa
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
205 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.251.36.10

142.251.39.106

172.217.168.202

216.58.208.106

142.250.179.138

142.251.36.42

142.250.179.170

142.250.179.202
8.8.8.8:53

10.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

10.36.251.142.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

33.18.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

33.18.126.40.in-addr.arpa
8.8.8.8:53

176.122.125.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

176.122.125.40.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

97.97.242.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.97.242.52.in-addr.arpa
8.8.8.8:53

45.8.109.52.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

45.8.109.52.in-addr.arpa
8.8.8.8:53

2.36.159.162.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

2.36.159.162.in-addr.arpa
8.8.8.8:53

97.97.242.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.97.242.52.in-addr.arpa
8.8.8.8:53

226.101.242.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

226.101.242.52.in-addr.arpa
8.8.8.8:53

126.136.241.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

126.136.241.8.in-addr.arpa
8.8.8.8:53

202.74.101.95.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

202.74.101.95.in-addr.arpa
8.8.8.8:53

84.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

84.65.42.20.in-addr.arpa
8.8.8.8:53

100.39.251.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

100.39.251.142.in-addr.arpa
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

172.217.168.206
172.217.168.206:443

apis.google.com

https

chrome.exe

6.1kB
88.2kB
47
76
8.8.8.8:53

206.168.217.172.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.168.217.172.in-addr.arpa
8.8.8.8:53

opentip.kaspersky.com

dns

chrome.exe

67 B
140 B
1
1

DNS Request

opentip.kaspersky.com

DNS Response

77.74.177.28

185.85.12.12

93.159.230.121
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
8.8.8.8:53

28.177.74.77.in-addr.arpa

dns

71 B
156 B
1
1

DNS Request

28.177.74.77.in-addr.arpa
8.8.8.8:53

200.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

200.179.250.142.in-addr.arpa
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.206
142.250.179.206:443

play.google.com

https

chrome.exe

4.2kB
7.3kB
8
11
8.8.8.8:53

206.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.179.250.142.in-addr.arpa
8.8.8.8:53

2.214.58.216.in-addr.arpa

dns

71 B
152 B
1
1

DNS Request

2.214.58.216.in-addr.arpa
8.8.8.8:53

110.39.251.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

110.39.251.142.in-addr.arpa
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
221 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.179.138

142.251.36.42

172.217.168.234

142.250.179.170

142.250.179.202

142.251.36.10

142.251.39.106

172.217.168.202

216.58.208.106
142.250.179.138:443

content-autofill.googleapis.com

https

chrome.exe

3.4kB
7.1kB
8
11
8.8.8.8:53

138.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

138.179.250.142.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
5c635f855d972f2f369f96a10b3970e8

SHA1
df0ea7dacbcc062d3dce8d8c888a11c8f51d6cb7

SHA256
9f229a49aa730c1dc3dde5fe4f65b25306d2c3a8a94fa88b98a257221b580a01

SHA512
06841c77cdef5fb1518b407853e106d5bd42799659e14ce88223cc1fa5b1988e799faffe102c4c3df300e88c9f3bae2119c442de7ef2c60c81be2f32b9a61265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
12d807354f3322cece25f469a1d257fa

SHA1
5614c4314021f340ce2e6093471f0b66d6c08c7e

SHA256
c1dc75d5ac31e7f4fa3dbb67af1c4a16ba55ec7371750b2a2b46d0079eded272

SHA512
64c2b3df3100e4b56ad4ee7bb5c8f32dcc98774902a09e3ef663c9aeead56ed24743bd5f38343ccb42a9f37b1f153af3074d84efb58afb45c7545f064b6a510a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_opentip.kaspersky.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0f741908776ab970b220df4cf64053ed

SHA1
b9a5f4c8f29ae976870f6254ff2f332242498305

SHA256
5fbf7f4a389f30725e0cbfc1baaf7172f34708c5325ca4776c18e3a661abcf49

SHA512
81bf30ec0d56a5e28e41e4e797ce8c06587d0594d0ffbd9c2233b6dfa7632c2a503e8b46c2616b88adbf47d8a1b3d3d14f3afe155faeb7f467248a1b15a50857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fad4baba41f75edf39de3a03519f7ba8

SHA1
bba5d452d30fe84392c9ae98fd01e6f4ac949565

SHA256
2e4b8b20312f94a822ff019299751db794a2b295617616b80c649dd00e51d4dd

SHA512
a807c9e1157144753c1026accb0b15ade4f2a3de463635a5882549c02654a0a35cebf85e0fd9c4424d113cb6ad554ab6a74b32a9c545c9b98779caa07dcd7745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
0e5c3e6c6e8acc7a0490098ae10fcc5d

SHA1
53c67176466527ba3b2b465a820941af61237eca

SHA256
8aa81a4fc962c9a1b07bf8d9eee1b78e7c8a1318a4ef3605b194f1239d14927f

SHA512
4620beb0ac0a54799a8c17eafa5224d85bbbd7dd8f4ad82efd3f1f5fd5555c189bf05c9d581c3233c8f04611dc034be375ccf84ba50be773d5ca66722c9a6379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ad2dad1f100cf846a4add8a1eaf9f499

SHA1
d48f2a73d54c9c7d7f7b12718895b593a0323a5c

SHA256
3b6d5b93f9a4e884f5ebecbb569e803625009599f83bdcaac26508f1c55e4416

SHA512
7c7782341f3b76d8eecff351b595ffaf553bcf06b9d118e0d67a187765b8cf6ac24bc600ababc8d35290c1da25f056570d78373d7fb2ae32917d49c57cc3fa57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
aa2fc47e42e95180aa02532065a72ce0

SHA1
859b031e53fc6e43633bc164eb6d71382f7b43c1

SHA256
0e71bedaa83a16d8905fef10cbf8ca4d21ad9bcd087e7cc815c1e7f4f8b2e87f

SHA512
ea91f558b688069651bb2bc7867e897575ca0043127eab64059de30d584350dfcb60ef86e6aa814645f2839e3b6888a074e73e1707c477af0619fd79ffcfb58f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
80ad36e899b26938c9741b12a00e6a84

SHA1
14159c4954c1bdcca377de77eabf4eed263b4a25

SHA256
bb45f07d3f2420abad75152f9bdbb020176c7c68d31fb1cfbaeef21e87d581fb

SHA512
600ba8b04d98be8c6559caf9e1e7ae1ca1645d55cc691038309888ded48311e09090c9996c322bc2e16de422544509f288ab297d9d610e97e45296196963f5ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
06c6a63e23b7a3cb83984b74109121eb

SHA1
5cc56f5f56cb8d231619165775a302334d3dc252

SHA256
614ec40ca82d1543894329aefb0373eeb4610346e6073ef8bc9872a3a379235e

SHA512
0b8d2861195c336996c4be08b8d22c2a7b6658d0e96671ea0217297a337fb06ae16f3a15581b9d9c8697d9ec502e2dd4bfc3f8bfc8b3cd01346fc65096bd6b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
bf643a9ae7d9c47c491c1ae78887dec7

SHA1
fb095dc9fb477a996d3666bd95f7327e4d6cb8cb

SHA256
4fa45ba4a756a1a49494d64242cb61fce88d9fa4ca83a82d761e248c0fd0c345

SHA512
4174137ccc57a3a030690945f18dbcc5c6cf3f7850f482d757165b9b18f70af0894a0c3beb1e8b17f4622e93d0ca54dd8c9d38c2c41837c19fdd8c091645c1d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
e4ca7cf47c30b5f87ab44914d46d8451

SHA1
a647f3232f75f8653e9af70226ea0e98203e66e6

SHA256
eed889153f856b9b60d55f4ec7043dffc9997d1c299e22edae348a9ce6c2bf5b

SHA512
37fb7c4ebc201fc891e252130df2fde86a6246dfbd30f042d801a82b646067bb35467a563c59bc6a49c4f130dfc640e34fa83dc57fb776788677a828bb64644c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
48917b8406c8ce4d959f38bc170305af

SHA1
7afc01561e265c1803d467294d1101e5c887d700

SHA256
b3e01e01ae7e4ab0669f86b4e9edb59b313c77bec428cd64cde7f23d763670c9

SHA512
ecc357d8aad51d23e11efc9481657442cf70ff65a0e69c254a21d5691a0f273c4c0679d8e4e1393e758c592f17f01aa4e0f445f72ac476821fc9463ef9d41727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
6bfa88c24997a28bb8b93328eda0ac27

SHA1
d9bcad68819a0b76c15791d24a6ffeae41c93cb8

SHA256
8258f766015fa69705c6dd718ca6f241b8c80b370052f78af48802f2bc332e8f

SHA512
1d66b3a4897d0a0d4d6f602ebde98263870da2002b4d8f64a79ed55880524070986b5bef7fe3443c64c1324a1fa82aebb3bd982691bf9c07560f292535a42065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ce508.TMP

Filesize
100KB

MD5
48aae682256a5e551a323df119d4577b

SHA1
df9a577a9a6f7c2a832c882d69ae8400e2606f4a

SHA256
31264ba64bd0bd40c371154747e65a50be4c8299ee9498bb52dfbfaa3d52349a

SHA512
e2ad50f4374dd96b2225e9f4ee931b7db358df7a9181ef00fd90c164195d3844994149f17ae101ca9167a78f5f7b3b529c7102b6f2456b2b31b9a766135ad39b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request