122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

Resubmissions

06/08/2024, 22:36 UTC

240806-2jnb2swgrd 6

06/08/2024, 22:24 UTC

240806-2bm2bawfkc 7

Analysis

max time kernel
449s
max time network
441s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 22:36 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LauncherFenix-Minecraft-v7.exe
Size

397KB
MD5

d99bb55b57712065bc88be297c1da38c
SHA1

fb6662dd31e8e5be380fbd7a33a50a45953fe1e7
SHA256

122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
SHA512

3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17
SSDEEP

3072:puzvch1rugYc4wqYSRR756K7ItBjgXHUYCnlK:Wch1aIqYSRVM+unlK

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
3452	GameBarPresenceWriter.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LauncherFenix-Minecraft-v7.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674574520937572"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{77D4751A-6610-4648-9A21-27E24430B25F}	svchost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1144	chrome.exe
1144	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4644	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3144	javaw.exe
3144	javaw.exe
4644	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 3144	400	LauncherFenix-Minecraft-v7.exe	85
PID 400 wrote to memory of 3144	400	LauncherFenix-Minecraft-v7.exe	85
PID 1144 wrote to memory of 4624	1144	chrome.exe	93
PID 1144 wrote to memory of 4624	1144	chrome.exe	93
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 4524	1144	chrome.exe	94
PID 1144 wrote to memory of 1652	1144	chrome.exe	95
PID 1144 wrote to memory of 1652	1144	chrome.exe	95
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96
PID 1144 wrote to memory of 3996	1144	chrome.exe	96

C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:400
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3144

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:3452

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbd18bcc40,0x7ffbd18bcc4c,0x7ffbd18bcc58
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2324 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4392,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4708,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5336,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5428,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5504,i,13681930593487926525,17104547053424119281,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1592

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3432

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b3edeaf09431400fa17f3fba4a24ec8f&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b3edeaf09431400fa17f3fba4a24ec8f&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0E9E813A765F6A820A4195E977786B99; domain=.bing.com; expires=Sun, 31-Aug-2025 22:37:16 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A2F13A24D1544D19A4827CE2B4A59651 Ref B: LON04EDGE0619 Ref C: 2024-08-06T22:37:16Z
date: Tue, 06 Aug 2024 22:37:16 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b3edeaf09431400fa17f3fba4a24ec8f&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b3edeaf09431400fa17f3fba4a24ec8f&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0E9E813A765F6A820A4195E977786B99

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=FQqD4zO3phvWe2Q1w_Gr4Igjzja3dca9fiR-yiBcrVA; domain=.bing.com; expires=Sun, 31-Aug-2025 22:37:17 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 286A7938C6BE4E1090F69F6A7B4F3E84 Ref B: LON04EDGE0619 Ref C: 2024-08-06T22:37:17Z
date: Tue, 06 Aug 2024 22:37:16 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b3edeaf09431400fa17f3fba4a24ec8f&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b3edeaf09431400fa17f3fba4a24ec8f&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0E9E813A765F6A820A4195E977786B99; MSPTC=FQqD4zO3phvWe2Q1w_Gr4Igjzja3dca9fiR-yiBcrVA

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 30074ABFC6AD4DFEBD752511CD013044 Ref B: LON04EDGE0619 Ref C: 2024-08-06T22:37:17Z
date: Tue, 06 Aug 2024 22:37:16 GMT
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

71.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.31.126.40.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

www.dropbox.com

javaw.exe

Remote address:

8.8.8.8:53

Request

www.dropbox.com

IN A

Response

www.dropbox.com

IN CNAME

www-env.dropbox-dns.com

www-env.dropbox-dns.com

IN A

162.125.64.18
DNS

18.64.125.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.64.125.162.in-addr.arpa

IN PTR

Response
DNS

ucbf8a56fd708e2f3bffe3fe1009.dl.dropboxusercontent.com

javaw.exe

Remote address:

8.8.8.8:53

Request

ucbf8a56fd708e2f3bffe3fe1009.dl.dropboxusercontent.com

IN A

Response

ucbf8a56fd708e2f3bffe3fe1009.dl.dropboxusercontent.com

IN CNAME

edge-block-www-env.dropbox-dns.com

edge-block-www-env.dropbox-dns.com

IN A

162.125.64.15
DNS

15.64.125.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.64.125.162.in-addr.arpa

IN PTR

Response
DNS

uc4ff547442f865456953eebbb60.dl.dropboxusercontent.com

javaw.exe

Remote address:

8.8.8.8:53

Request

uc4ff547442f865456953eebbb60.dl.dropboxusercontent.com

IN A

Response

uc4ff547442f865456953eebbb60.dl.dropboxusercontent.com

IN CNAME

edge-block-www-env.dropbox-dns.com

edge-block-www-env.dropbox-dns.com

IN A

162.125.64.15
DNS

launchermeta.mojang.com

javaw.exe

Remote address:

8.8.8.8:53

Request

launchermeta.mojang.com

IN A

Response

launchermeta.mojang.com

IN CNAME

launcher-meta-cdn.azureedge.net

launcher-meta-cdn.azureedge.net

IN CNAME

launcher-meta-cdn.afd.azureedge.net

launcher-meta-cdn.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

iniciolauncherfx.tumblr.com

javaw.exe

Remote address:

8.8.8.8:53

Request

iniciolauncherfx.tumblr.com

IN A

Response

iniciolauncherfx.tumblr.com

IN A

74.114.154.18

iniciolauncherfx.tumblr.com

IN A

74.114.154.22
GET

http://iniciolauncherfx.tumblr.com/

javaw.exe

Remote address:

74.114.154.18:80

Request

GET / HTTP/1.1
Accept-Language: en-us;q=0.8,en;q=0.7
Accept-Encoding: gzip
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/615.1 (KHTML, like Gecko) JavaFX/8.0 Safari/615.1
Cache-Control: no-cache
Pragma: no-cache
Host: iniciolauncherfx.tumblr.com
Connection: keep-alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Tue, 06 Aug 2024 22:37:23 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Rid: 3ebd66f92db8eb9efd69c4b1dac9bbd0
P3p: CP="Tumblr's privacy policy is available here: https://www.tumblr.com/policy/en/privacy"
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001
Location: https://iniciolauncherfx.tumblr.com/
X-UA-Compatible: IE=Edge,chrome=1
X-UA-Device: desktop
Vary: X-UA-Device, Accept
DNS

profile.launcherfenix.com.ar

javaw.exe

Remote address:

8.8.8.8:53

Request

profile.launcherfenix.com.ar

IN A

Response

profile.launcherfenix.com.ar

IN A

104.21.72.175

profile.launcherfenix.com.ar

IN A

172.67.153.84
DNS

mc.launcherfenix.com.ar

javaw.exe

Remote address:

8.8.8.8:53

Request

mc.launcherfenix.com.ar

IN A

Response

mc.launcherfenix.com.ar

IN A

104.21.72.175

mc.launcherfenix.com.ar

IN A

172.67.153.84
GET

http://mc.launcherfenix.com.ar/modsloader/mcforge/version_manifest.json

javaw.exe

Remote address:

104.21.72.175:80

Request

GET /modsloader/mcforge/version_manifest.json HTTP/1.1
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Java/1.8.0_381
Host: mc.launcherfenix.com.ar
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

Response

HTTP/1.1 200 OK

Date: Tue, 06 Aug 2024 22:37:24 GMT
Content-Type: application/json
Content-Length: 3408
Connection: keep-alive
Last-Modified: Sun, 02 Feb 2020 18:02:49 GMT
ETag: "5e370ec9-d50"
X-Powered-By: PleskLin
Access-Control-Allow-Origin: https://launcherfenix.com.ar
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JOgjukWXm1q4Skn71dJh4D%2F%2BvOm7OT4MGVJa3v6Zp7kIBS%2BHIxby0Sz3BJHmNrzSnSmGfJyakgPryH02ua%2FwsndagapUMQvKMGpF4L5yuH6B9Yf21HihWvo%2BF1618TeB%2Fq3ydAmVGAZKCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8af282e03e507735-LHR
alt-svc: h3=":443"; ma=86400
DNS

18.154.114.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.154.114.74.in-addr.arpa

IN PTR

Response
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR

Response
DNS

175.72.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

175.72.21.104.in-addr.arpa

IN PTR

Response
DNS

assets.tumblr.com

javaw.exe

Remote address:

8.8.8.8:53

Request

assets.tumblr.com

IN A

Response

assets.tumblr.com

IN A

192.0.77.40
DNS

px.srvcs.tumblr.com

javaw.exe

Remote address:

8.8.8.8:53

Request

px.srvcs.tumblr.com

IN A

Response

px.srvcs.tumblr.com

IN A

192.0.77.40
DNS

static.tumblr.com

javaw.exe

Remote address:

8.8.8.8:53

Request

static.tumblr.com

IN A

Response

static.tumblr.com

IN A

192.0.77.40
DNS

40.77.0.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.77.0.192.in-addr.arpa

IN PTR

Response

40.77.0.192.in-addr.arpa

IN PTR

assetstumblrcom
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.179.196
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.179.196:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.179.196:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CN7nygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.179.196:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

170.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.179.250.142.in-addr.arpa

IN PTR

Response

170.179.250.142.in-addr.arpa

IN PTR

ams15s41-in-f101e100net
DNS

196.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.179.250.142.in-addr.arpa

IN PTR

Response

196.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f41e100net
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.23.206
DNS

206.23.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.217.172.in-addr.arpa

IN PTR

Response

206.23.217.172.in-addr.arpa

IN PTR

ams16s37-in-f141e100net

206.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f206�I

206.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f14�I
DNS

gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A

Response

gofile.io

IN A

45.112.123.126

gofile.io

IN A

51.38.43.18
GET

https://gofile.io/d/aDhzM5

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /d/aDhzM5 HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: text/html; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:43 GMT
etag: W/"27a7-190c87768fe"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 10151
GET

https://gofile.io/dist/css/bootstrap.min.css

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/css/bootstrap.min.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: text/css; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"2fbaa-190c87768da"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 195498
GET

https://gofile.io/dist/css/bootstrap-icons.css

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/css/bootstrap-icons.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: text/css; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"c869-190c87768da"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 51305
GET

https://gofile.io/dist/css/bootstrap-nightfall.css

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/css/bootstrap-nightfall.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: text/css; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"17579-190c87768da"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 95609
GET

https://gofile.io/dist/css/plyr.css

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/css/plyr.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: text/css; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"85ae-190c87768e2"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 34222
GET

https://gofile.io/dist/css/allcss.css

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/css/allcss.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: text/css; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"758-190c87768d6"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 1880
GET

https://gofile.io/dist/img/logo-small-70.png

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/img/logo-small-70.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: image/png
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"93f-190c87768ea"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 2367
GET

https://gofile.io/dist/js/bootstrap.bundle.min.js

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/bootstrap.bundle.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: application/javascript; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"13a49-190c87768ee"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 80457
GET

https://gofile.io/dist/js/sha256.min.js

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/sha256.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: application/javascript; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"2339-190c87768fe"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 9017
GET

https://gofile.io/dist/js/qrcode.min.js

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/qrcode.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: application/javascript; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"4dda-190c87768fe"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 19930
GET

https://gofile.io/dist/js/dayjs.min.js

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/dayjs.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: application/javascript; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"1a0e-190c87768f6"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 6670
GET

https://gofile.io/dist/js/customParseFormat.js

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/customParseFormat.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: application/javascript; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"ea2-190c87768f6"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 3746
GET

https://gofile.io/dist/js/marked.min.js

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/marked.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: application/javascript; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"aca2-190c87768fa"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 44194
GET

https://gofile.io/dist/js/plyr.js

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/plyr.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: application/javascript; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"1b1b2-190c87768fa"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 111026
GET

https://gofile.io/dist/js/chart.umd.min.js

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/chart.umd.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: application/javascript; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"3094c-190c87768f6"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 198988
GET

https://gofile.io/dist/js/alljs.js

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/alljs.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: application/javascript; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"38e8b-191280c1d3f"
expect-ct: max-age=0
last-modified: Tue, 06 Aug 2024 14:16:08 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 233099
GET

https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47 HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://gofile.io
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: font/woff2
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"1d9d0-190c87768e2"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 121296
GET

https://gofile.io/dist/img/favicon96.png

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/img/favicon96.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: image/png
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"b46-190c87768ea"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 2886
GET

https://gofile.io/dist/img/favicon32.png

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/img/favicon32.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: image/png
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"387-190c87768ea"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 903
GET

https://gofile.io/dist/img/favicon16.png

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /dist/img/favicon16.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: image/png
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"1f7-190c87768ea"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 503
GET

https://gofile.io/contents/files.html

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /contents/files.html HTTP/2.0
host: gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: accountToken=xxMSdByz6ONjIDAWCgOU7ngVf4ktGavl

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0
content-type: text/html; charset=UTF-8
date: Tue, 06 Aug 2024 22:37:45 GMT
etag: W/"4a1d-190c87768d6"
expect-ct: max-age=0
last-modified: Fri, 19 Jul 2024 00:49:47 GMT
origin-agent-cluster: ?1
referrer-policy: origin
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 18973
DNS

126.123.112.45.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.123.112.45.in-addr.arpa

IN PTR

Response
DNS

api.gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

api.gofile.io

IN A

Response

api.gofile.io

IN A

45.112.123.126

api.gofile.io

IN A

51.38.43.18
POST

https://api.gofile.io/accounts

chrome.exe

Remote address:

45.112.123.126:443

Request

POST /accounts HTTP/2.0
host: api.gofile.io
content-length: 2
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-origin: https://gofile.io
alt-svc: h3=":443"; ma=2592000
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type: application/json; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"b2-mkgHob6a84PiWw+Zr7zOq0GaRyU"
origin-agent-cluster: ?1
referrer-policy: no-referrer
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 178
OPTIONS

https://api.gofile.io/accounts/d93de790-acbd-49b4-9384-447aab82dddf

chrome.exe

Remote address:

45.112.123.126:443

Request

OPTIONS /accounts/d93de790-acbd-49b4-9384-447aab82dddf HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-origin: https://gofile.io
allow: GET,HEAD
alt-svc: h3=":443"; ma=2592000
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
origin-agent-cluster: ?1
referrer-policy: no-referrer
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 8
GET

https://api.gofile.io/accounts/d93de790-acbd-49b4-9384-447aab82dddf

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /accounts/d93de790-acbd-49b4-9384-447aab82dddf HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
authorization: Bearer xxMSdByz6ONjIDAWCgOU7ngVf4ktGavl
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-origin: https://gofile.io
alt-svc: h3=":443"; ma=2592000
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type: application/json; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Tue, 06 Aug 2024 22:37:44 GMT
etag: W/"111-nxGin8snAb5nZ+EqThi78lH00yI"
origin-agent-cluster: ?1
referrer-policy: no-referrer
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 273
OPTIONS

https://api.gofile.io/contents/aDhzM5?wt=4fd6sg89d7s6

chrome.exe

Remote address:

45.112.123.126:443

Request

OPTIONS /contents/aDhzM5?wt=4fd6sg89d7s6 HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-origin: https://gofile.io
allow: GET,HEAD
alt-svc: h3=":443"; ma=2592000
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Tue, 06 Aug 2024 22:37:45 GMT
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
origin-agent-cluster: ?1
referrer-policy: no-referrer
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 8
GET

https://api.gofile.io/contents/aDhzM5?wt=4fd6sg89d7s6

chrome.exe

Remote address:

45.112.123.126:443

Request

GET /contents/aDhzM5?wt=4fd6sg89d7s6 HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
authorization: Bearer xxMSdByz6ONjIDAWCgOU7ngVf4ktGavl
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-origin: https://gofile.io
alt-svc: h3=":443"; ma=2592000
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type: application/json; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Tue, 06 Aug 2024 22:37:45 GMT
etag: W/"30d-Oq/C2kxtJawQvTSyNU//u6MW0wQ"
origin-agent-cluster: ?1
referrer-policy: no-referrer
server: Caddy
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-length: 781
DNS

s.gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

s.gofile.io

IN A

Response

s.gofile.io

IN A

51.75.242.210
GET

https://s.gofile.io/js/script.js

chrome.exe

Remote address:

51.75.242.210:443

Request

GET /js/script.js HTTP/2.0
host: s.gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: accountToken=xxMSdByz6ONjIDAWCgOU7ngVf4ktGavl

Response

HTTP/2.0 200

access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
content-type: application/javascript
cross-origin-resource-policy: cross-origin
date: Tue, 06 Aug 2024 22:37:44 GMT
server: Cowboy
x-content-type-options: nosniff
content-length: 1346
DNS

210.242.75.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.242.75.51.in-addr.arpa

IN PTR

Response

210.242.75.51.in-addr.arpa

IN PTR

mailgofileio
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.179.138

content-autofill.googleapis.com

IN A

172.217.168.234

content-autofill.googleapis.com

IN A

216.58.214.10

content-autofill.googleapis.com

IN A

172.217.23.202

content-autofill.googleapis.com

IN A

142.251.39.106

content-autofill.googleapis.com

IN A

142.251.36.42

content-autofill.googleapis.com

IN A

142.251.36.10

content-autofill.googleapis.com

IN A

142.250.179.202

content-autofill.googleapis.com

IN A

142.250.179.170

content-autofill.googleapis.com

IN A

172.217.168.202
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQmYyA9JLGj4_xIFDRVSgeIhSFNHZYdHaPY=?alt=proto

chrome.exe

Remote address:

142.250.179.138:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQmYyA9JLGj4_xIFDRVSgeIhSFNHZYdHaPY=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CN7nygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://s.gofile.io/api/event

chrome.exe

Remote address:

51.75.242.210:443

Request

POST /api/event HTTP/2.0
host: s.gofile.io
content-length: 74
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 202

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
content-type: text/plain; charset=utf-8
date: Tue, 06 Aug 2024 22:37:44 GMT
server: Cowboy
x-request-id: F-lEsl96YjyFZDAq07HD
content-length: 2
DNS

138.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.179.250.142.in-addr.arpa

IN PTR

Response

138.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f101e100net
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

store8.gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

store8.gofile.io

IN A

Response

store8.gofile.io

IN A

206.168.191.31
GET

https://store8.gofile.io/download/web/5d0668c3-64f2-4b7b-88de-7c238deb3f38/Rise.zip

chrome.exe

Remote address:

206.168.191.31:443

Request

GET /download/web/5d0668c3-64f2-4b7b-88de-7c238deb3f38/Rise.zip HTTP/2.0
host: store8.gofile.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://gofile.io/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: accountToken=xxMSdByz6ONjIDAWCgOU7ngVf4ktGavl

Response

HTTP/2.0 200

accept-ranges: bytes
access-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Encoding, Content-Range
alt-svc: h3=":443"; ma=2592000
content-disposition: attachment; filename*=UTF-8''Rise.zip
content-type: application/zip
date: Tue, 06 Aug 2024 22:37:48 GMT
last-modified: Mon, 05 Aug 2024 09:26:04 GMT
server: Caddy
content-length: 21783021
DNS

31.191.168.206.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.191.168.206.in-addr.arpa

IN PTR

Response
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR

Response
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

142.250.69.3
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

142.250.69.3:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 1057
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

142.250.69.3:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 336
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

beacons4.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons4.gvt2.com

IN A

Response

beacons4.gvt2.com

IN A

216.239.32.116
OPTIONS

https://beacons4.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.116:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: beacons4.gvt2.com
origin: https://beacons.gcp.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://beacons4.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.116:443

Request

POST /domainreliability/upload-nel HTTP/2.0
host: beacons4.gvt2.com
content-length: 401
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

3.69.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.69.250.142.in-addr.arpa

IN PTR

Response

3.69.250.142.in-addr.arpa

IN PTR

lcphxq-aa-in-f31e100net

3.69.250.142.in-addr.arpa

IN PTR

qro02s18-in-f3�G
DNS

116.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.32.239.216.in-addr.arpa

IN PTR

Response

116.32.239.216.in-addr.arpa

IN PTR

e2agooglecom
DNS

11.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.173.189.20.in-addr.arpa

IN PTR

Response
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

142.250.69.3

204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b3edeaf09431400fa17f3fba4a24ec8f&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

tls, http2

2.0kB
9.3kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b3edeaf09431400fa17f3fba4a24ec8f&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b3edeaf09431400fa17f3fba4a24ec8f&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b3edeaf09431400fa17f3fba4a24ec8f&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

HTTP Response

204
162.125.64.18:443

www.dropbox.com

tls

javaw.exe

1.4kB
6.0kB
13
14
162.125.64.18:443

www.dropbox.com

tls

javaw.exe

1.7kB
5.3kB
13
11
162.125.64.15:443

ucbf8a56fd708e2f3bffe3fe1009.dl.dropboxusercontent.com

tls

javaw.exe

1.6kB
6.0kB
14
13
162.125.64.18:443

www.dropbox.com

tls

javaw.exe

1.6kB
2.7kB
11
11
162.125.64.18:443

www.dropbox.com

tls

javaw.exe

1.7kB
5.4kB
12
13
162.125.64.15:443

uc4ff547442f865456953eebbb60.dl.dropboxusercontent.com

tls

javaw.exe

9.7kB
492.6kB
187
362
13.107.246.64:443

launchermeta.mojang.com

tls

javaw.exe

4.2kB
184.9kB
77
139
74.114.154.18:80

http://iniciolauncherfx.tumblr.com/

http

javaw.exe

726 B
731 B
6
4

HTTP Request

GET http://iniciolauncherfx.tumblr.com/

HTTP Response

302
104.21.72.175:80

profile.launcherfenix.com.ar

javaw.exe

190 B
132 B
4
3
104.21.72.175:80

http://mc.launcherfenix.com.ar/modsloader/mcforge/version_manifest.json

http

javaw.exe

568 B
4.5kB
7
7

HTTP Request

GET http://mc.launcherfenix.com.ar/modsloader/mcforge/version_manifest.json

HTTP Response

200
74.114.154.18:443

iniciolauncherfx.tumblr.com

tls

javaw.exe

1.6kB
14.9kB
16
20
192.0.77.40:443

assets.tumblr.com

tls

javaw.exe

1.6kB
7.0kB
14
13
192.0.77.40:443

assets.tumblr.com

tls

javaw.exe

1.4kB
5.2kB
12
10
192.0.77.40:443

px.srvcs.tumblr.com

tls

javaw.exe

2.2kB
6.3kB
13
13
192.0.77.40:443

px.srvcs.tumblr.com

tls

javaw.exe

1.7kB
6.4kB
13
14
192.0.77.40:443

static.tumblr.com

tls

javaw.exe

1.5kB
4.8kB
12
9
142.250.179.196:443

https://www.google.com/async/newtab_promos

tls, http2

chrome.exe

2.4kB
10.1kB
27
31

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos
172.217.23.206:443

clients2.google.com

tls, http2

chrome.exe

1.1kB
8.2kB
11
11
45.112.123.126:443

https://gofile.io/contents/files.html

tls, http2

chrome.exe

38.2kB
1.3MB
665
980

HTTP Request

GET https://gofile.io/d/aDhzM5

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/bootstrap.min.css

HTTP Request

GET https://gofile.io/dist/css/bootstrap-icons.css

HTTP Request

GET https://gofile.io/dist/css/bootstrap-nightfall.css

HTTP Request

GET https://gofile.io/dist/css/plyr.css

HTTP Request

GET https://gofile.io/dist/css/allcss.css

HTTP Request

GET https://gofile.io/dist/img/logo-small-70.png

HTTP Request

GET https://gofile.io/dist/js/bootstrap.bundle.min.js

HTTP Request

GET https://gofile.io/dist/js/sha256.min.js

HTTP Request

GET https://gofile.io/dist/js/qrcode.min.js

HTTP Request

GET https://gofile.io/dist/js/dayjs.min.js

HTTP Request

GET https://gofile.io/dist/js/customParseFormat.js

HTTP Request

GET https://gofile.io/dist/js/marked.min.js

HTTP Request

GET https://gofile.io/dist/js/plyr.js

HTTP Request

GET https://gofile.io/dist/js/chart.umd.min.js

HTTP Request

GET https://gofile.io/dist/js/alljs.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon96.png

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon32.png

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon16.png

HTTP Response

200

HTTP Request

GET https://gofile.io/contents/files.html

HTTP Response

200
45.112.123.126:443

gofile.io

tls, http2

chrome.exe

1.1kB
4.7kB
10
9
45.112.123.126:443

https://api.gofile.io/contents/aDhzM5?wt=4fd6sg89d7s6

tls, http2

chrome.exe

3.5kB
8.8kB
42
42

HTTP Request

POST https://api.gofile.io/accounts

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/accounts/d93de790-acbd-49b4-9384-447aab82dddf

HTTP Response

200

HTTP Request

GET https://api.gofile.io/accounts/d93de790-acbd-49b4-9384-447aab82dddf

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/contents/aDhzM5?wt=4fd6sg89d7s6

HTTP Response

200

HTTP Request

GET https://api.gofile.io/contents/aDhzM5?wt=4fd6sg89d7s6

HTTP Response

200
51.75.242.210:443

https://s.gofile.io/js/script.js

tls, http2

chrome.exe

2.5kB
6.4kB
20
19

HTTP Request

GET https://s.gofile.io/js/script.js

HTTP Response

200
142.250.179.138:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQmYyA9JLGj4_xIFDRVSgeIhSFNHZYdHaPY=?alt=proto

tls, http2

chrome.exe

2.1kB
7.0kB
20
20

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQmYyA9JLGj4_xIFDRVSgeIhSFNHZYdHaPY=?alt=proto
51.75.242.210:443

https://s.gofile.io/api/event

tls, http2

chrome.exe

2.7kB
5.1kB
20
18

HTTP Request

POST https://s.gofile.io/api/event

HTTP Response

202
206.168.191.31:443

https://store8.gofile.io/download/web/5d0668c3-64f2-4b7b-88de-7c238deb3f38/Rise.zip

tls, http2

chrome.exe

984.5kB
22.7MB
15053
16280

HTTP Request

GET https://store8.gofile.io/download/web/5d0668c3-64f2-4b7b-88de-7c238deb3f38/Rise.zip

HTTP Response

200
206.168.191.31:443

store8.gofile.io

tls, http2

chrome.exe

1.1kB
4.7kB
9
8
142.250.69.3:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

4.0kB
7.7kB
28
29

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
216.239.32.116:443

https://beacons4.gvt2.com/domainreliability/upload-nel

tls, http2

chrome.exe

2.9kB
8.2kB
27
28

HTTP Request

OPTIONS https://beacons4.gvt2.com/domainreliability/upload-nel

HTTP Request

POST https://beacons4.gvt2.com/domainreliability/upload-nel

8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

71.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

71.31.126.40.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

www.dropbox.com

dns

javaw.exe

61 B
111 B
1
1

DNS Request

www.dropbox.com

DNS Response

162.125.64.18
8.8.8.8:53

18.64.125.162.in-addr.arpa

dns

72 B
122 B
1
1

DNS Request

18.64.125.162.in-addr.arpa
8.8.8.8:53

ucbf8a56fd708e2f3bffe3fe1009.dl.dropboxusercontent.com

dns

javaw.exe

100 B
161 B
1
1

DNS Request

ucbf8a56fd708e2f3bffe3fe1009.dl.dropboxusercontent.com

DNS Response

162.125.64.15
8.8.8.8:53

15.64.125.162.in-addr.arpa

dns

72 B
122 B
1
1

DNS Request

15.64.125.162.in-addr.arpa
8.8.8.8:53

uc4ff547442f865456953eebbb60.dl.dropboxusercontent.com

dns

javaw.exe

100 B
161 B
1
1

DNS Request

uc4ff547442f865456953eebbb60.dl.dropboxusercontent.com

DNS Response

162.125.64.15
8.8.8.8:53

launchermeta.mojang.com

dns

javaw.exe

69 B
282 B
1
1

DNS Request

launchermeta.mojang.com

DNS Response

13.107.246.64
8.8.8.8:53

iniciolauncherfx.tumblr.com

dns

javaw.exe

73 B
105 B
1
1

DNS Request

iniciolauncherfx.tumblr.com

DNS Response

74.114.154.18

74.114.154.22
8.8.8.8:53

profile.launcherfenix.com.ar

dns

javaw.exe

74 B
106 B
1
1

DNS Request

profile.launcherfenix.com.ar

DNS Response

104.21.72.175

172.67.153.84
8.8.8.8:53

mc.launcherfenix.com.ar

dns

javaw.exe

69 B
101 B
1
1

DNS Request

mc.launcherfenix.com.ar

DNS Response

104.21.72.175

172.67.153.84
8.8.8.8:53

18.154.114.74.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.154.114.74.in-addr.arpa
8.8.8.8:53

64.246.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.246.107.13.in-addr.arpa
8.8.8.8:53

175.72.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

175.72.21.104.in-addr.arpa
8.8.8.8:53

assets.tumblr.com

dns

javaw.exe

63 B
79 B
1
1

DNS Request

assets.tumblr.com

DNS Response

192.0.77.40
8.8.8.8:53

px.srvcs.tumblr.com

dns

javaw.exe

65 B
81 B
1
1

DNS Request

px.srvcs.tumblr.com

DNS Response

192.0.77.40
8.8.8.8:53

static.tumblr.com

dns

javaw.exe

63 B
79 B
1
1

DNS Request

static.tumblr.com

DNS Response

192.0.77.40
8.8.8.8:53

40.77.0.192.in-addr.arpa

dns

70 B
101 B
1
1

DNS Request

40.77.0.192.in-addr.arpa
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.179.196
142.250.179.196:443

www.google.com

https

chrome.exe

3.3kB
17.6kB
19
23
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
8.8.8.8:53

170.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

170.179.250.142.in-addr.arpa
8.8.8.8:53

196.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.179.250.142.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

172.217.23.206
172.217.23.206:443

clients2.google.com

https

chrome.exe

3.9kB
8.3kB
14
13
8.8.8.8:53

206.23.217.172.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

206.23.217.172.in-addr.arpa
8.8.8.8:53

gofile.io

dns

chrome.exe

55 B
87 B
1
1

DNS Request

gofile.io

DNS Response

45.112.123.126

51.38.43.18
45.112.123.126:443

gofile.io

https

chrome.exe

6.4kB
5
8.8.8.8:53

126.123.112.45.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

126.123.112.45.in-addr.arpa
8.8.8.8:53

api.gofile.io

dns

chrome.exe

59 B
91 B
1
1

DNS Request

api.gofile.io

DNS Response

45.112.123.126

51.38.43.18
45.112.123.126:443

api.gofile.io

https

chrome.exe

6.4kB
5
8.8.8.8:53

s.gofile.io

dns

chrome.exe

57 B
73 B
1
1

DNS Request

s.gofile.io

DNS Response

51.75.242.210
8.8.8.8:53

210.242.75.51.in-addr.arpa

dns

72 B
100 B
1
1

DNS Request

210.242.75.51.in-addr.arpa
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
237 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.179.138

172.217.168.234

216.58.214.10

172.217.23.202

142.251.39.106

142.251.36.42

142.251.36.10

142.250.179.202

142.250.179.170

172.217.168.202
8.8.8.8:53

138.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

138.179.250.142.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

store8.gofile.io

dns

chrome.exe

62 B
78 B
1
1

DNS Request

store8.gofile.io

DNS Response

206.168.191.31
8.8.8.8:53

31.191.168.206.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

31.191.168.206.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

30.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

30.243.111.52.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

142.250.69.3
8.8.8.8:53

beacons4.gvt2.com

dns

chrome.exe

63 B
79 B
1
1

DNS Request

beacons4.gvt2.com

DNS Response

216.239.32.116
216.239.32.116:443

beacons4.gvt2.com

https

chrome.exe

2.9kB
6.7kB
5
8
8.8.8.8:53

3.69.250.142.in-addr.arpa

dns

71 B
139 B
1
1

DNS Request

3.69.250.142.in-addr.arpa
8.8.8.8:53

116.32.239.216.in-addr.arpa

dns

73 B
101 B
1
1

DNS Request

116.32.239.216.in-addr.arpa
8.8.8.8:53

11.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.173.189.20.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

142.250.69.3
142.250.69.3:443

beacons.gcp.gvt2.com

https

chrome.exe

3.2kB
7.6kB
8
9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5d4a71a1-c9ba-4ed9-aaf6-60c6e108b12a.tmp

Filesize
9KB

MD5
114be5c4353a7e03c0c46978abcb8f8b

SHA1
00820885893005a81e81a26be17d92cd196714ec

SHA256
30234a10f7fa05133e4ae4a4529e9776e79881fa83345da353113aee8e6784df

SHA512
f0e8cd94122f232a8dda8cd6aec990db072e839446ed8150bb389844da8725aa848df5db9af11fbab93cde33796ab776c58b65e694eba01ead21dbc648723d8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
7380940b264c9395d1a75da7a7482ee7

SHA1
961a6586e2245089cae72b98bfa1d1454851688b

SHA256
8e99b7012af707b4701cc2efedde68135e138854f6f4b3f6888cdc70bdda107d

SHA512
788785a45a0f0f35eccecec2946d80233b86f51f06a1b58f26e11c08464d967339a413af9ee5312d69c401b25f12e79b467699d981ef2f047d363a8501f9d6dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0420b39c782ed5834512ad2901265f7d

SHA1
fec8efcff387e72838c83f07657ac96287059398

SHA256
7f54f2b65c70fc2d3362dbb5be5cadb6ba6642427154a5928dd19eb7ed5a1ea7

SHA512
b216a9d01492b0631452e4f6a1ea34fe55cf0c64e72e0b0d0edda7e382a78d8e85f23e9b727cca1030557bf0042f78cb7671c3340b7f275aba685dd2c33944f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9bf110b63ac200b6bff6bd5975d0fb40

SHA1
9a93685b28088cfe0bf60bf8424e0929ee8a1380

SHA256
474008b686ed4ede0f1180d08143579a4b2d6ee66b376b345832c25f5a4b9bd8

SHA512
a276ed608c01bf4b8a67ed0079f5915f6ed133273004ec05e597b5fb0949ed804a718fe926f3bb9ea0d5255530c5c81ea70b53bfe6ed1d109bfac4f6f3a5e435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
796d089773963e765e9a4595c33b9660

SHA1
76e072436cf1dd12552f792783e35129d818f910

SHA256
f3c8bc9062f6b7df66145c35d7cb51e780cde68c36a9d4de954d9c3df0b76480

SHA512
85c6915700cd00dcddaa68ac3faa98eb2da38e99540e81268f6a954338c904b7ca68ea3b6ec13c35d411023eefd42fd77ba2b9d375801a3415bf47b3f4354705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
f6ed08c61bd3a371325d8f396c458ac3

SHA1
6aa0c1d0bf01b63585123ea26ee7e0ed75d2a200

SHA256
cae395c1c0c4ce4cd0d4fd007bb76a22611f24c27f924cfd36bf754e00638103

SHA512
a50954e3158c3de04b3cc8f5835cd92e53497e2224d7aeaf2da68d0d2eddcbae79fadd93a1e13f6961fa66dd8c0eaae1e0bd3fcc53af918be47373dc41a2b328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46ad7784ccc9bf0ba8902a4f4180a0ad

SHA1
71b963c28acda8e36a751048e171f161281803fc

SHA256
9605bef4e82908c55946dd8bf1dc995ece7e65c729d7b95d3def67b0684acbd1

SHA512
6603a5395c0f581cd2d7cb09593cc64685121c02fa3d9ac4d02b905cbc8fedb1d56602cef564cbd740f8dda293248d1c01e4985aa2b1f96dda005e464ac5fbf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a1bff4fe7754701426e5397d895c132

SHA1
a16529258cee7d7b554d0f24e0a4b74cfdd2f071

SHA256
823bd3c9eb0917b9f17e856d9b898aa266f6beba0086e6361d6034e419369f59

SHA512
91890b2dc36ee2a4989ecbd8554209a406f5258a076f68c351aaa07f8feb88879e320cd9482ba203fbe217a2df5fc03f05cba49cd4db9713fadef741fcb06171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6dd8fdd0e37bc602cb0ff6a3618939e1

SHA1
1f447fbdc6d4af91eb891a7ec2e7a059a06dec17

SHA256
128134bd9641ecac0bd08fdfcb8443092597d27380657907507e82924880f2eb

SHA512
64218e993865c6d5bec8acd26e467c6c52251bc60e92ba1153c33a66475cef896cba6af65e0aed7ed3cd09f04d42a8b46da4cd9dde31261c7f38f832db5a47f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a77d79c0278d398670623ba8b2a25c56

SHA1
989ece18932604fec36e6ae39f66cf3abc997961

SHA256
f6a9e992d6f8e989e848756bf5a064cbd4e7e995a05fba4b8dacac2496a1eb83

SHA512
e0c36f5d0e31c7a87dffcad24379a20ed80cf10f86249494e20df442fdbd02e3b4855a07d63fa9c8b46547bdbfdaf030bb826b2a6ff78e6bdbd96f9b6ba7ea36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0dd7da55269f594c9c5b8d9c1610cfa0

SHA1
3b18ef1563bc9083a98a0ee6a92901f6e61942bd

SHA256
337f7e644b4890f351b94bf9c0a922594ea23021651cc5e2eddf49a5bce7f3bf

SHA512
9d1c9a98691e82d34b2f94fde19561e2d66397f6cce9aa5c855acea7e3cc0f231dd3d843ae6f4198d81300ca1ab8bb1221f61894cd323f6f17807790efeaf5f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6db83455cd43d64d48c69915cdecfdc

SHA1
9f8c8e377afe553ca4f50d6b439a1a7fa9d716bf

SHA256
96dddf850bdc3b05f428455f32f690646943d4426000afc756aaffc42cef89b6

SHA512
34c19cbea61be59a1d051d509b36c3f7e2755d5378f86be8170cd85f297c27b9853f9871e9b008933e6a2e6134b6e72f31a9c3297565a95a0b20e27f188e5423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a320dc61d6011222380a917bc087281

SHA1
e9334a792a06e6d1b84e8776a5add86683d3d8b5

SHA256
8d66ea4d8078c4e5ea600c717b6b8ce508f2578364d55b2e4a3fbe532eec5edd

SHA512
2a7881f08ca11de7df3abeac7f7db671cdb58bcf33905a414de281ea58e795e6bad5935c57c3515e332e20667a88505c490a069d94c377d58455a8291c72fab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e8ffe0a75be605c4e0cc205e4170203

SHA1
954a3288fc87ae2a42b5408d453c5b2ad6090992

SHA256
a1696114c04d35d37a393cdc181843622a7a4bd6a76e72f937cdb9ef96421969

SHA512
d8eec8be966c0e2584080bc416f1721634cadd81075d90d284088bad465f1871519639090b3cf266d1fc1ed5f42c225ba140c654b7bcde1e49c2845e4c963ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa3d4be8df9f6aaa826638a3e6d13eb6

SHA1
624722a85a9be78916b511c9fe547a1d36e79b10

SHA256
b74074bc4ef29fb8554088495eb5c2697b3d3023904e190763e55d698c63b76a

SHA512
ec9cc4debc07756a829641fbc72566385e65661beaa4607b9d695461475dc8286f61b228cf9bba7318d440dd7f196e570a5256b1b03cbfeb1e2902d1b3b9d792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
64627c5223f84db3765ed021a1d5d6f5

SHA1
a0dd5a59f03012334b1d9e1a425e54bb64a138ce

SHA256
670ef111dc5c3571b50aea86e20a88e52197716dc60bb5b2ff59652bf0309439

SHA512
a0b0fc673ee4407fa7f11eb5aca05ce5336416666d0b30f5825a4c54b5b3013c7bb157cb3fcd78bfcbc5919d921a44c208a7991aa56033247a7c1ed093557029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db5cb90f4ab6eaa976e5484a099a9dd2

SHA1
67aee10b9f39edf9b38c7aca22f8db6e712eff93

SHA256
5f7ec9652fde4a67abe3e318038c42147ed6f5beaa9b028586d192d4ac546293

SHA512
67d9b264e80e6a1b3d93a8fd197d30dcd6a478beeac65f7b77f26557412d37cc1cdd3a1f1e0c2157f3274bae669b9882860e66ac00468b4ab659a081134ada49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3cca59822df36f0d7af3aacc65883680

SHA1
6ab4a1c961850068bdf6a93d7d18a5b1330bb745

SHA256
fb8a984836dc56a684dca641cab8cf95b090675c41c0b076194f6bb8575b73b5

SHA512
77bc4f85f06aea04aa81c1bccc14b1ce5f4e24b72e75d8c6eb466fb29278ab6bdff1926ffdd4c24730a37dc532979dda6e77fe665399c8565125c57f75207710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2df3763551e7c05a757b16ec43e1533c

SHA1
79b11a68e8a4e69534adaa72917a12d5ca9918fc

SHA256
6ec2a7adec1bc204e13110a66ef501e1ecf7e09c83254f41dc0b454fbcf20760

SHA512
d3022c8bb8233b30b29a1cc54e6c6cc573b538f98e731cb63c6613b353bb01f8fc64df6f3e88b42441937a0a5d86dbd36740db8986432985cf4478cbfe5905ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0204bd6f881126137515fcec89286b19

SHA1
3ce8a8d6a2cbe9f0ee8c56666fb86ff300e0dcac

SHA256
26236a2a182979a261407878ad897d0c8652bd437f4d29938ef3ce53ac34a866

SHA512
ba7432722b1be9f2244a7106d28cb52cfff93e21f41ea1b2798b8622a7f00124d25bb28212597b9ffbed46b77dbf77591c4c6c0b4daa6b5742c79e9273ab2680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86a0a5ca89740024cd1616cd5b5fc644

SHA1
5ef8875c8f6bdaf66936d3f8466f83558e56b984

SHA256
cbe1d8d4330e295197af7076ca8ae8580b1779b1c559425d8de0917e55fac988

SHA512
363fc42d76334dcbaf3255497635dacfe67ec044e72e82cd52433038adfd2a56df7c86657437f19ebbf033f0a7161b36b53af37c81a1e99f5ee9fe981e3028b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd0411db7c893e4d110e686a4a054e9b

SHA1
1298455b326317b90ee1638470dbfdf8696156f7

SHA256
12f31c80cdbfb59bf4878826d119540099e7690a8a402f6a7f914ec9f02c4c0e

SHA512
7d6d00ef5cafe5750ac62dac9dee2b1885c3a989467298d2a2bca584436c235d7bf507bc855c93d7ef37d395b1357b202356398bc23e4b54194ee69a8c01b17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55a755ea9c8fa773fb0d5e34949d5135

SHA1
553ee82f92b7aaa6e46277c59a829ec165242e83

SHA256
b1ac47aa0afcdbb4a7ff04062bdd628cce02b85565931def7656971f4bd32910

SHA512
322a8a5442609d140d6a090818ac12f200ba38a8460a0697f3ed95073b35d2b74290ce06deb45e145fb07365e73740edb96d11dbc8a91beccb6072f85f36318f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
773fb78824ce644df00427dd4970e4f4

SHA1
6d679294161750732d414a95ed541ff52aebd6d6

SHA256
619221ae706065176ec8216cab3bd561b5b838b8170058ed445095a40fd23c76

SHA512
fda0a9eb79243df6c59b1d801e433b0b5eef6f64fe7250a59e9c1b48f9d146ad3e059fd72fa290b2b07c2d190af7d3ca7e428d2cbe442b2fbc3014c35715784e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba8aeb292c3fec4d5ecf7d30779923c4

SHA1
61eab7d6ae3d512870baa39f416b34238e7cf42e

SHA256
5d7a6dbb93a3c48ae5879fcbec968af5bc990d9d57aeaa22e9e23185449914c2

SHA512
5d2708dc4264bbb5a600d27e74efd77a7c3ae047f2b6b9d169140758a2473509e3e550f5e8f5ff18df21e7b62d5d29977062a56a1f5cb2f889e243042adc0118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf81008e1558e89a695c35f5b9739c4a

SHA1
5b2eca2d2e94ee749f6f4175525a2c314bb18645

SHA256
744c20805e6a7bfff83c36b3afd5132683a0a2a3d19134558f9fb3fdd6aa0787

SHA512
d033161e7ff9ac9532afc6a1e184996156cad792316f50b7ef11dde7dbf9965317d3fbe6c95edfc2cad8326879d3618fce85dfa842f20023253d51552da16c1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72949d8330253e0c3dcfa9f5c86f7db8

SHA1
493ccb62f4e6171f345c50e434553366baf1a743

SHA256
aa1cc4b4b76dee2718c03c1dfa97318ab39e71047c9990a4a7cf8e433f6aff89

SHA512
e9eec50c1273e41314139933b3b1772357ef6bd7f555674f3b113dc37b90bd6be7b46637aaaa978f9af4776418afb5e2058d4cbb45b4125e4a8af1753bbad30f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26655b010358cb1700c356d787fad199

SHA1
88fbab7046bdbe84cde82df47efc3344afcb4294

SHA256
9041310b2f0641d0620021a2210947e26defd5081206e709b89b02cf3e340e81

SHA512
27e562e54ffe4a47a8fe0b97e8c4253388ca96d36fca756c3cc5460127c8543b02e5b90b74530a0b52ab3006097f81ca0c8a72cf8be0ab04a20cd9ad80c15162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff1334248c53d4151fb24305d52b5f9c

SHA1
e2fcb1d8c751736b5c806607d507d187691307ce

SHA256
21d1e4cc4aa41d0d2d6b6c02de5158e45ff46b71398ed77c1092a74c78058a6a

SHA512
c86212debb1567996acdd2013cfa197d84f7be0ff2222cd0e22dfc71b1e3240cf43dab7cc4a99f3ea57f6e341b661011e7c82eeed1246f54ebc5a84d6baed705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b63d6fd6c3c970eafd34ab55cfad4307

SHA1
122e0dc8f0139ce7786ee34a37f39aa9c2b3d87e

SHA256
5823c9112b80fd514a1f947bf12cf950075e34e6b64cd776e76a67f72e29e433

SHA512
af06bedc224a94ef330024e6958488201236d071b5fc7c5c95d9345facd52ebfb947fa4c65bc4735a347b6c5b5e9b834e26ca146db14416cefca6b18c298362a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fa86a6eb3eae96c3d0b5bde35b50f88

SHA1
dca34fe8d63c9cb08aa172afaaac819aaf202f04

SHA256
064a4d307674c5704b7ffa3c38b0f56a476bcbcd6dd28697cf3da4d820bcaf4e

SHA512
75b6b1d0ee02383ee391688c6a48e7f42fe83d9005376b2da4c2e0dcce577b0f51632a79277d7d63a512abbc0a2b6c3e84caee1e9445b5aa014a54775a5f6fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5c43068166701b35630accd6945a141

SHA1
39bbb7cb2cd1992202a59563d55a9e7945fcfd9f

SHA256
041627c00a48dbea00e86b9f273cb3c34ca231327023892d3eed585b51fe20d1

SHA512
b764baf3f00f9dcb17f48a1b66c5ef2ad3a3911256c524a4a378ef2b46e942981f42e368f176b878f5ccd0deb82185ae7fb89cbacc2c50eed6aeaf93b7cefff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aafe4b5ef6e141ef4282bf777859b2c9

SHA1
9e6b38af9a0ddb3a2082828037dae7e349fd264a

SHA256
23475e0e567f1c2b6263335497a54586cce691001e98d75c1b5fac6655376e98

SHA512
6b87ae0aeb8a05b8ee5c96b27c477d59a7bff93e30ddc286a736298b0258506e4338c3e71df00a04a20396f798be1e68aca10c84027b56c952900e88c4f22daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6bbad9164d418fc24557b869c36edd53

SHA1
8d2581a3636273fe2d3413fcc4957bd0504db5b4

SHA256
9a831aa6d7030e569bbe757cba5540f53a77031b1687af301197b0f5433063eb

SHA512
969b548fb0459e395e0b836f39e315e8c15247c4697af56d9e617d6cd8bca5755beaaf292b57772f12715a4217230ec6d361f6162c61efc02dd1967d2688ffe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1c086566545064b274de21c9a4503997

SHA1
56985acc6276285cdf7a667f416826fbc6519c6e

SHA256
1c5148defb5114efe398bc394469fc4a2aca8b7f0e86aa4d637469781a24516a

SHA512
c90250ea19e709250ef15fa895a1d8c115dfe80c1d182328d528848c45c91c326dad8ea8f76b1da5e37352e11b18c0c222846ac2591fe9c38420a1cebb60d503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
63d760c602d4408c4a13df38736cb65a

SHA1
31641167254fdf5f4c4defc75a60b2d041bbe8a5

SHA256
78d51d65cd3a9cb0a219c0d6c8f03a68278a1f3dcb4269f6f2469109127354e9

SHA512
dd4b964696dd44712e645a8feb8fce50cb7a2dc6cdbbc4c9e3db59ca404739a8a93d3c0ada4c22148cf4cc5e61a38bbf5b92d61ecf0e8544bd2d7be67494dcd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
be8b266f43cad6fe0d022e758addcd55

SHA1
541b1ae956c2729e5979ee916e7624b48f0d4477

SHA256
f0247d08ca77f2ce6ff6d37bd0b4aa6b89cc166c64a109d484d8b6cfd0d5c8be

SHA512
f9f6c43b74f5578f169e9351ddb734a68ca42b16ca42c253c691eeaf0da080a804f8257bfe9cf9dae66023ee94247252e0401dc4d6681dc3825a58057d147bb7

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcherfenix.jar

Filesize
500KB

MD5
84591cf8bbe4b94d5a83b2cdd605d4b5

SHA1
85f1dbf03d2b4c52e067849b93c3f4c7ec284886

SHA256
b8c2bf47cb70a77582c302284554ecd4a29f9ee55c09fc2193b3ba942d5884ae

SHA512
31ff3523bedc87efd5040c46fdaff325c29fa109a912b729c81660c0737505e9dbd2f9bc0a443bfce12ede2569d023cc1f56f6bea0943a669f4f85e0f420830d

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/400-17-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/3144-116-0x000001CE49E10000-0x000001CE49E11000-memory.dmp

Filesize
4KB

Download
memory/3144-2-0x000001CE4B620000-0x000001CE4B890000-memory.dmp

Filesize
2.4MB

Download
memory/3144-16-0x000001CE49E10000-0x000001CE49E11000-memory.dmp

Filesize
4KB

Download
memory/3144-54-0x000001CE49E10000-0x000001CE49E11000-memory.dmp

Filesize
4KB

Download
memory/3144-59-0x000001CE49E10000-0x000001CE49E11000-memory.dmp

Filesize
4KB

Download
memory/3144-61-0x000001CE49E10000-0x000001CE49E11000-memory.dmp

Filesize
4KB

Download
memory/3144-67-0x000001CE49E10000-0x000001CE49E11000-memory.dmp

Filesize
4KB

Download
memory/3144-70-0x000001CE49E10000-0x000001CE49E11000-memory.dmp

Filesize
4KB

Download
memory/3144-76-0x000001CE49E10000-0x000001CE49E11000-memory.dmp

Filesize
4KB

Download
memory/3144-86-0x000001CE49E10000-0x000001CE49E11000-memory.dmp

Filesize
4KB

Download
memory/3144-139-0x000001CE49E10000-0x000001CE49E11000-memory.dmp

Filesize
4KB

Download
memory/3144-710-0x000001CE4B620000-0x000001CE4B890000-memory.dmp

Filesize
2.4MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response