umbral | hxxps://mega[.]nz/file/XcNlTJhQ#5hCN5dICum9c9ceFosZbHXB5dYP6HZKn6TsiTu6dfGw

Analysis

max time kernel
1800s
max time network
1798s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29/09/2024, 19:44 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/XcNlTJhQ#5hCN5dICum9c9ceFosZbHXB5dYP6HZKn6TsiTu6dfGw

Score

10^/10

umbral xworm discovery execution persistence rat stealer trojan

Malware Config

Extracted

Family

umbral

https://discord.com/api/webhooks/1290029641578578002/m1fVsUigNqnmg9qL11KB2Dp0cwdGriuTSOUVDC73kL7e21WxRUV92BT2hxAtiAnCrbXG

Extracted

Family

xworm

Version

3.0

spain-trail.gl.at.ply.gg:51770

Mutex

q2KqNRza4QGi0rMH

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

1
ckJfYrclXPtg9rWY9/xFaQ==

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000800000002aae6-293.dat	family_umbral
behavioral1/memory/3100-294-0x000001A624570000-0x000001A6245B0000-memory.dmp	family_umbral

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000300000002ab3e-296.dat	family_xworm
behavioral1/memory/2948-298-0x0000000000DA0000-0x0000000000DB0000-memory.dmp	family_xworm

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
1048	powershell.exe
5992	powershell.exe
4168	powershell.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nitro Generator.lnk	Nitro Generator.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nitro Generator.lnk	Nitro Generator.exe

Executes dropped EXE 4 IoCs

pid	Process
3100	Fixer.exe
2948	Nitro Generator.exe
1192	Nitro Generator.exe
5912	Nitro Generator.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Windows\CurrentVersion\Run\Nitro Generator = "C:\\Users\\Admin\\AppData\\Roaming\\Nitro Generator.exe"	Nitro Generator.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
11	ip-api.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133721126623436357"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Nitro Generator.rar:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
4168	powershell.exe
4168	powershell.exe
1048	powershell.exe
1048	powershell.exe
5992	powershell.exe
5992	powershell.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2948	Nitro Generator.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5916	chrome.exe
5916	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: 33	1072	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1072	AUDIODG.EXE
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe
Token: SeShutdownPrivilege	5916	chrome.exe
Token: SeCreatePagefilePrivilege	5916	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
1216	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe
5916	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5916 wrote to memory of 2452	5916	chrome.exe	78
PID 5916 wrote to memory of 2452	5916	chrome.exe	78
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4404	5916	chrome.exe	79
PID 5916 wrote to memory of 4204	5916	chrome.exe	80
PID 5916 wrote to memory of 4204	5916	chrome.exe	80
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81
PID 5916 wrote to memory of 1692	5916	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/XcNlTJhQ#5hCN5dICum9c9ceFosZbHXB5dYP6HZKn6TsiTu6dfGw
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6db8cc40,0x7fff6db8cc4c,0x7fff6db8cc58
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,9238860268795102629,5790170821950481008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,9238860268795102629,5790170821950481008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,9238860268795102629,5790170821950481008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,9238860268795102629,5790170821950481008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,9238860268795102629,5790170821950481008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4160,i,9238860268795102629,5790170821950481008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4820,i,9238860268795102629,5790170821950481008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4908,i,9238860268795102629,5790170821950481008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - NTFS ADS
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5312,i,9238860268795102629,5790170821950481008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1500,i,9238860268795102629,5790170821950481008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5060,i,9238860268795102629,5790170821950481008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1072

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1652

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11950:92:7zEvent9227
1⤵
- Suspicious use of FindShellTrayWindow
PID:1216

C:\Users\Admin\Downloads\Nitro Generator\Fixer.exe
"C:\Users\Admin\Downloads\Nitro Generator\Fixer.exe"
1⤵
- Executes dropped EXE
PID:3100
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:4676

C:\Users\Admin\Downloads\Nitro Generator\Nitro Generator.exe
"C:\Users\Admin\Downloads\Nitro Generator\Nitro Generator.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
PID:2948
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Nitro Generator\Nitro Generator.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Nitro Generator.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Nitro Generator.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:5992

C:\Users\Admin\Downloads\Nitro Generator\Nitro Generator.exe
"C:\Users\Admin\Downloads\Nitro Generator\Nitro Generator.exe"
1⤵
- Executes dropped EXE
PID:1192

C:\Users\Admin\Downloads\Nitro Generator\Nitro Generator.exe
"C:\Users\Admin\Downloads\Nitro Generator\Nitro Generator.exe"
1⤵
- Executes dropped EXE
PID:5912

Network

DNS

mega.nz

chrome.exe

Remote address:

8.8.8.8:53

Request

mega.nz

IN A

Response

mega.nz

IN A

31.216.145.5

mega.nz

IN A

31.216.144.5
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

216.58.213.10

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

216.58.212.234
DNS

8.8.8.8.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

g.api.mega.co.nz

chrome.exe

Remote address:

8.8.8.8:53

Request

g.api.mega.co.nz

IN A

Response

g.api.mega.co.nz

IN CNAME

lu.api.mega.co.nz

lu.api.mega.co.nz

IN A

66.203.125.13

lu.api.mega.co.nz

IN A

66.203.125.12

lu.api.mega.co.nz

IN A

66.203.125.15

lu.api.mega.co.nz

IN A

66.203.125.16

lu.api.mega.co.nz

IN A

66.203.125.14

lu.api.mega.co.nz

IN A

66.203.125.11
DNS

13.125.203.66.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

13.125.203.66.in-addr.arpa

IN PTR

Response

13.125.203.66.in-addr.arpa

IN PTR

bt3apimegaconz
DNS

221.168.44.89.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

221.168.44.89.in-addr.arpa

IN PTR

Response

221.168.44.89.in-addr.arpa

IN PTR

89-44-168-221ipdcluxcom
DNS

gstatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

gstatic.com

IN A

Response

gstatic.com

IN A

216.58.201.99
DNS

1.112.95.208.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

1.112.95.208.in-addr.arpa

IN PTR

Response

1.112.95.208.in-addr.arpa

IN PTR

ip-apicom
DNS

spain-trail.gl.at.ply.gg

chrome.exe

Remote address:

8.8.8.8:53

Request

spain-trail.gl.at.ply.gg

IN A

Response

spain-trail.gl.at.ply.gg

IN A

147.185.221.22
DNS

13.173.189.20.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

13.173.189.20.in-addr.arpa

IN PTR

Response
DNS

77.190.18.2.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

77.190.18.2.in-addr.arpa

IN PTR

Response

77.190.18.2.in-addr.arpa

IN PTR

a2-18-190-77deploystaticakamaitechnologiescom
GET

https://mega.nz/file/XcNlTJhQ

chrome.exe

Remote address:

31.216.145.5:443

Request

GET /file/XcNlTJhQ HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
Content-Length: 859
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: DENY
X-Robots-Tag: noindex
Set-Cookie: geoip=GB
Content-Security-Policy: default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz ad.mega.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz
Connection: Keep-Alive
GET

https://mega.nz/secureboot.js?r=1727307409

chrome.exe

Remote address:

31.216.145.5:443

Request

GET /secureboot.js?r=1727307409 HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://mega.nz/file/XcNlTJhQ
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 57727
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/loading-sprite_v4.png

chrome.exe

Remote address:

31.216.145.5:443

Request

GET /loading-sprite_v4.png HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://mega.nz/file/XcNlTJhQ
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 3414
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
GET

https://mega.nz/favicon.ico?v=3

chrome.exe

Remote address:

31.216.145.5:443

Request

GET /favicon.ico?v=3 HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://mega.nz/file/XcNlTJhQ
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/x-icon
Content-Length: 1029
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/sw.js?v=1

chrome.exe

Remote address:

31.216.145.5:443

Request

GET /sw.js?v=1 HTTP/1.1
Host: mega.nz
Connection: keep-alive
Cache-Control: max-age=0
Accept: */*
Service-Worker: script
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: same-origin
Sec-Fetch-Dest: serviceworker
Referer: https://mega.nz/file/XcNlTJhQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 1208
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/decrypter.js

chrome.exe

Remote address:

31.216.145.5:443

Request

GET /decrypter.js HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: same-origin
Sec-Fetch-Dest: worker
Referer: https://mega.nz/file/XcNlTJhQ
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 817
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/aesasm.js

chrome.exe

Remote address:

31.216.145.5:443

Request

GET /aesasm.js HTTP/1.1
Host: mega.nz
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://mega.nz/decrypter.js
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 17915
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/manifest.json

chrome.exe

Remote address:

31.216.145.5:443

Request

GET /manifest.json HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: manifest
Referer: https://mega.nz/file/XcNlTJhQ
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Content-Length: 275
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://eu.static.mega.co.nz/4/lang/en_cb347e524f13fc736db4abb6ade3ce995fc1eb5197302d681c310dbc5e62e7be.json

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/lang/en_cb347e524f13fc736db4abb6ade3ce995fc1eb5197302d681c310dbc5e62e7be.json HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:21 GMT
content-type: application/json
content-length: 378742
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-5c776"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-1_ed4d09c067524631ba4f93c8318fada5e09c4c099d49a88781733821edfe8e48.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-1_ed4d09c067524631ba4f93c8318fada5e09c4c099d49a88781733821edfe8e48.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:21 GMT
content-type: application/javascript
content-length: 408648
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-63c48"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-2_d4751f46fd7156b0eed6b9e753db3df136f621e7ab2fd8dceade57242c814d33.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-2_d4751f46fd7156b0eed6b9e753db3df136f621e7ab2fd8dceade57242c814d33.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:21 GMT
content-type: application/javascript
content-length: 509844
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-7c794"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-3_d8014b108685fca3cf5e75c17dbd0aad08b2132b95b391c21aa027fbb1ad9bcf.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-3_d8014b108685fca3cf5e75c17dbd0aad08b2132b95b391c21aa027fbb1ad9bcf.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:21 GMT
content-type: application/javascript
content-length: 521382
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-7f4a6"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-4_6450a54915a1302d551267a155725ccca1f1e5f1072cf3313071cdcc366b5d55.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-4_6450a54915a1302d551267a155725ccca1f1e5f1072cf3313071cdcc366b5d55.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:22 GMT
content-type: application/javascript
content-length: 484371
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-76413"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-5_9a11cc1d4e89a314d3ec0e885056aa572b0d5d5b787d0c8b8e0a9fe1a90cee94.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-5_9a11cc1d4e89a314d3ec0e885056aa572b0d5d5b787d0c8b8e0a9fe1a90cee94.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:22 GMT
content-type: application/javascript
content-length: 479753
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-75209"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-6_bd184c4fd9ca1145bcd2e2aa978b37c949c410e3cb05052a4d9dd6bf727b7677.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-6_bd184c4fd9ca1145bcd2e2aa978b37c949c410e3cb05052a4d9dd6bf727b7677.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:22 GMT
content-type: application/javascript
content-length: 521132
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-7f3ac"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/css/mega-1_07d7f1cae5f34137fc1b4cca77ca88bebb96f2ee241b4d8de4a1cb1c347628bd.css

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/css/mega-1_07d7f1cae5f34137fc1b4cca77ca88bebb96f2ee241b4d8de4a1cb1c347628bd.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:22 GMT
content-type: text/css
content-length: 480356
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-75464"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/html/templates_34a32689ba46359ea541ae21bc3a85846cfe6afaba2911338aa04666eba23cc3.json

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/html/templates_34a32689ba46359ea541ae21bc3a85846cfe6afaba2911338aa04666eba23cc3.json HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:22 GMT
content-type: application/json
content-length: 763994
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-ba85a"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-7_ef8755958dc3ed928da3382a69c36cf6ec2bfb1a98f1d9e71165ab81fe735e6a.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-7_ef8755958dc3ed928da3382a69c36cf6ec2bfb1a98f1d9e71165ab81fe735e6a.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:22 GMT
content-type: application/javascript
content-length: 310110
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-4bb5e"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-8_396c8c50c49feb2408530d530924d38f324853b7007892d82725ec0496993952.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-8_396c8c50c49feb2408530d530924d38f324853b7007892d82725ec0496993952.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:22 GMT
content-type: application/javascript
content-length: 446757
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-6d125"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/css/bottom-pages-animations.css-postbuild_077437ba5398f2997efea39e55f89eadd473667177aba0b14a48c8b57c60af43.css

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/css/bottom-pages-animations.css-postbuild_077437ba5398f2997efea39e55f89eadd473667177aba0b14a48c8b57c60af43.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:22 GMT
content-type: text/css
content-length: 10479
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-28ef"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-9_04ab5afde4357c1aaa61284f7349461ff843276ab4d9159e2c622758fc783fcb.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-9_04ab5afde4357c1aaa61284f7349461ff843276ab4d9159e2c622758fc783fcb.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:22 GMT
content-type: application/javascript
content-length: 512859
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-7d35b"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/css/mega-2_6e1f04b4b799ebb30061dacc73808d643a09f162b61a3721ef0e66ebc511ccae.css

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/css/mega-2_6e1f04b4b799ebb30061dacc73808d643a09f162b61a3721ef0e66ebc511ccae.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:22 GMT
content-type: text/css
content-length: 250525
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-3d29d"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-10_5e906d738618166f0b8c675399da6209f4aa8e39ffeb5e6028fe632bcf14a2f1.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-10_5e906d738618166f0b8c675399da6209f4aa8e39ffeb5e6028fe632bcf14a2f1.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:22 GMT
content-type: application/javascript
content-length: 501375
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-7a67f"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-11_1a6ebde0f8d3d0ddcd076220831bd3f0d9c6de1f34958f44e999015951538033.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-11_1a6ebde0f8d3d0ddcd076220831bd3f0d9c6de1f34958f44e999015951538033.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:22 GMT
content-type: application/javascript
content-length: 457825
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-6fc61"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/css/mega-3_2515d0b734ab553e6d9cd7f1d79bf61e7737c72b68be0eed3b02d9b642c3e446.css

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/css/mega-3_2515d0b734ab553e6d9cd7f1d79bf61e7737c72b68be0eed3b02d9b642c3e446.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:23 GMT
content-type: text/css
content-length: 730394
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-b251a"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-12_037696fc9e8941f7532c5cad88adcc7fd804c8a7a1cbf9a3d94797ac626d48e1.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-12_037696fc9e8941f7532c5cad88adcc7fd804c8a7a1cbf9a3d94797ac626d48e1.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:23 GMT
content-type: application/javascript
content-length: 509015
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-7c457"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-13_889311c61b90cc168f059e2ff59cc3714f6fee9a7f9a9102393a8410b8233823.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-13_889311c61b90cc168f059e2ff59cc3714f6fee9a7f9a9102393a8410b8233823.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:23 GMT
content-type: application/javascript
content-length: 514268
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-7d8dc"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-14_d7aff862c4a47cf466bcbc26f3522cf12987af1f7d8f0b9a4b13a4ea844ec929.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-14_d7aff862c4a47cf466bcbc26f3522cf12987af1f7d8f0b9a4b13a4ea844ec929.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:23 GMT
content-type: application/javascript
content-length: 487965
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-7721d"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/css/mega-4_073241f3f2a439951e522d5229eac2f7bc01a82d75c2ad8b3c1de45e18e2a2ae.css

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/css/mega-4_073241f3f2a439951e522d5229eac2f7bc01a82d75c2ad8b3c1de45e18e2a2ae.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:23 GMT
content-type: text/css
content-length: 305428
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-4a914"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/images/mega/contact-avatar_18cc8179fdcf896e202df0bee3a8a381667c7ab2e8206b7b157494d10beeae12.svg

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/images/mega/contact-avatar_18cc8179fdcf896e202df0bee3a8a381667c7ab2e8206b7b157494d10beeae12.svg HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:23 GMT
content-type: image/svg+xml
content-length: 3544
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-dd8"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-15_8d2e047646dcc144d1ee5891d87fdbac9744bc940f0cc4e6dbf7ac2060ebfc50.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-15_8d2e047646dcc144d1ee5891d87fdbac9744bc940f0cc4e6dbf7ac2060ebfc50.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:23 GMT
content-type: application/javascript
content-length: 401725
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-6213d"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/mega-16_e87b6936b3e0df4cc2e63d7904e9d9491c5f434ed4ad2ded3479aead0ce667c9.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/mega-16_e87b6936b3e0df4cc2e63d7904e9d9491c5f434ed4ad2ded3479aead0ce667c9.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:23 GMT
content-type: application/javascript
content-length: 463668
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-71334"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/css/mega-7_58c04ac027b15931acfb17be4a134e35c8bdd3b99109e617895713a42f32d84a.css

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/css/mega-7_58c04ac027b15931acfb17be4a134e35c8bdd3b99109e617895713a42f32d84a.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:23 GMT
content-type: text/css
content-length: 41595
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-a27b"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/js/vendor/asmcrypto_9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/js/vendor/asmcrypto_9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:23 GMT
content-type: application/javascript
content-length: 443062
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-6c2b6"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/html/download.html-postbuild_2749a59feff4141009bb961edd622162e7589b7f6c446e9be297528f0cdff89d.html

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/html/download.html-postbuild_2749a59feff4141009bb961edd622162e7589b7f6c446e9be297528f0cdff89d.html HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:23 GMT
content-type: text/html
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: W/"66f49f44-2e88"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-encoding: gzip
GET

https://eu.static.mega.co.nz/4/html/js/download_7066fb3a9439ac4b7ab62485a20eef0196e9d0ec2a4038302f3eeda11453f2c5.js

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/html/js/download_7066fb3a9439ac4b7ab62485a20eef0196e9d0ec2a4038302f3eeda11453f2c5.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:23 GMT
content-type: application/javascript
content-length: 38615
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-96d7"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/fonts/SourceSansPro-Regular.woff2?v=f71f612f60d5bb7e

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/fonts/SourceSansPro-Regular.woff2?v=f71f612f60d5bb7e HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://mega.nz
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:24 GMT
content-type: font/woff2
content-length: 90132
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-16014"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/imagery/sprites-fm-mono.ee0d4eee3ddc0278.woff2?h=2ed308d18

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/imagery/sprites-fm-mono.ee0d4eee3ddc0278.woff2?h=2ed308d18 HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://mega.nz
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:24 GMT
content-type: font/woff2
content-length: 69044
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-10db4"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/fonts/Lato-Regular.woff2?v=6343dd45044b0726

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/fonts/Lato-Regular.woff2?v=6343dd45044b0726 HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://mega.nz
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:24 GMT
content-type: font/woff2
content-length: 182708
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-2c9b4"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/fonts/Lato-Semibold.woff2?v=7194963095272d0e

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/fonts/Lato-Semibold.woff2?v=7194963095272d0e HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://mega.nz
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:24 GMT
content-type: font/woff2
content-length: 184076
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-2cf0c"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
DNS

234.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.179.250.142.in-addr.arpa

IN PTR

Response

234.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f101e100net
DNS

134.169.44.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.169.44.89.in-addr.arpa

IN PTR

Response

134.169.44.89.in-addr.arpa

IN PTR

89-44-169-134ipdcluxcom
DNS

clientservices.googleapis.com

Remote address:

8.8.8.8:53

Request

clientservices.googleapis.com

IN A

Response

clientservices.googleapis.com

IN A

142.250.187.195
DNS

ip-api.com

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
DNS

nexusrules.officeapps.live.com

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.229.19
DNS

22.221.185.147.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.221.185.147.in-addr.arpa

IN PTR

Response
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

2.18.190.77

a767.dspw65.akamai.net

IN A

2.18.190.79
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

2.23.210.83

a767.dspw65.akamai.net

IN A

2.23.210.101
POST

https://g.api.mega.co.nz/cs?id=0&v=2

chrome.exe

Remote address:

66.203.125.13:443

Request

POST /cs?id=0&v=2 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 33
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 164
Content-Length: 164
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=0

chrome.exe

Remote address:

66.203.125.13:443

Request

POST /cs?id=0 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 13
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 87
Content-Length: 87
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=2725033&v=3&lang=en&domain=meganz

chrome.exe

Remote address:

66.203.125.13:443

Request

POST /cs?id=2725033&v=3&lang=en&domain=meganz HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 20
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 4
Content-Length: 4
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=2725034&v=3&lang=en&domain=meganz

chrome.exe

Remote address:

66.203.125.13:443

Request

POST /cs?id=2725034&v=3&lang=en&domain=meganz HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 55
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 5
Content-Length: 5
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=2725035&v=3&lang=en&domain=meganz

chrome.exe

Remote address:

66.203.125.13:443

Request

POST /cs?id=2725035&v=3&lang=en&domain=meganz HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 46
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 382
Content-Length: 382
Connection: keep-alive
GET

https://eu.static.mega.co.nz/4/imagery/sprites-fm-illustration-sprite-wide.e397e234dc118de4.svg

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/imagery/sprites-fm-illustration-sprite-wide.e397e234dc118de4.svg HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:24 GMT
content-type: image/svg+xml
content-length: 68811
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-10ccb"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/imagery/sprites-fm-mime-90-uni.decaf26625f7b9e2.svg

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/imagery/sprites-fm-mime-90-uni.decaf26625f7b9e2.svg HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:24 GMT
content-type: image/svg+xml
content-length: 89334
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-15cf6"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/images/mega/download-dialog.png?v=cf6daa0027e27782

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/images/mega/download-dialog.png?v=cf6daa0027e27782 HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:24 GMT
content-type: image/png
content-length: 70369
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-112e1"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/images/mega/dialog-sprite.png?v=57a6bd1346996955

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/images/mega/dialog-sprite.png?v=57a6bd1346996955 HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:24 GMT
content-type: image/png
content-length: 30699
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-77eb"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/imagery/sprites-fm-uni-uni.292a5f9ee5a59318.svg

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/imagery/sprites-fm-uni-uni.292a5f9ee5a59318.svg HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:24 GMT
content-type: image/svg+xml
content-length: 187329
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-2dbc1"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/images/mobile/button-loader-green.gif?v=b175f7d362d2b4af

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/images/mobile/button-loader-green.gif?v=b175f7d362d2b4af HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mega.nz/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:24 GMT
content-type: image/gif
content-length: 8787
last-modified: Wed, 25 Sep 2024 23:39:49 GMT
etag: "66f49f45-2253"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/images/mega/icons-sprite.png?v=48528e60724d858e

chrome.exe

Remote address:

89.44.169.134:443

Request

GET /4/images/mega/icons-sprite.png?v=48528e60724d858e HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.22.1
date: Sun, 29 Sep 2024 19:44:26 GMT
content-type: image/png
content-length: 118009
last-modified: Wed, 25 Sep 2024 23:39:48 GMT
etag: "66f49f44-1ccf9"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
POST

https://gfs270n080.userstorage.mega.co.nz/dl/ACVg8KF7b5tQcwKugLuD6Z9mhsc1o0HNnOF4jIcVtxA9WS2rQhnGs5-l_D_AIgHRYuN84R728cXBoEENq5PgtFBgukxLSZv8UKReio8VvMLZXKsw1WW-ExmjyXjFbA/0-115476

chrome.exe

Remote address:

89.44.168.221:443

Request

POST /dl/ACVg8KF7b5tQcwKugLuD6Z9mhsc1o0HNnOF4jIcVtxA9WS2rQhnGs5-l_D_AIgHRYuN84R728cXBoEENq5PgtFBgukxLSZv8UKReio8VvMLZXKsw1WW-ExmjyXjFbA/0-115476 HTTP/1.1
Host: gfs270n080.userstorage.mega.co.nz
Connection: keep-alive
Content-Length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 115477
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

http://ip-api.com/line/?fields=hosting

Fixer.exe

Remote address:

208.95.112.1:80

Request

GET /line/?fields=hosting HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 29 Sep 2024 19:45:49 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 5
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44

31.216.145.5:443

https://mega.nz/aesasm.js

tls, http

chrome.exe

7.1kB
92.5kB
56
84

HTTP Request

GET https://mega.nz/file/XcNlTJhQ

HTTP Response

200

HTTP Request

GET https://mega.nz/secureboot.js?r=1727307409

HTTP Response

200

HTTP Request

GET https://mega.nz/loading-sprite_v4.png

HTTP Response

200

HTTP Request

GET https://mega.nz/favicon.ico?v=3

HTTP Response

200

HTTP Request

GET https://mega.nz/sw.js?v=1

HTTP Response

200

HTTP Request

GET https://mega.nz/decrypter.js

HTTP Response

200

HTTP Request

GET https://mega.nz/aesasm.js

HTTP Response

200
31.216.145.5:443

mega.nz

tls

chrome.exe

1.1kB
3.9kB
10
10
31.216.145.5:443

https://mega.nz/manifest.json

tls, http

chrome.exe

2.0kB
4.8kB
17
16

HTTP Request

GET https://mega.nz/manifest.json

HTTP Response

200
89.44.169.134:443

https://eu.static.mega.co.nz/4/fonts/Lato-Semibold.woff2?v=7194963095272d0e

tls, http2

chrome.exe

430.9kB
12.0MB
7301
8681

HTTP Request

GET https://eu.static.mega.co.nz/4/lang/en_cb347e524f13fc736db4abb6ade3ce995fc1eb5197302d681c310dbc5e62e7be.json

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-1_ed4d09c067524631ba4f93c8318fada5e09c4c099d49a88781733821edfe8e48.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-2_d4751f46fd7156b0eed6b9e753db3df136f621e7ab2fd8dceade57242c814d33.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-3_d8014b108685fca3cf5e75c17dbd0aad08b2132b95b391c21aa027fbb1ad9bcf.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-4_6450a54915a1302d551267a155725ccca1f1e5f1072cf3313071cdcc366b5d55.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-5_9a11cc1d4e89a314d3ec0e885056aa572b0d5d5b787d0c8b8e0a9fe1a90cee94.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-6_bd184c4fd9ca1145bcd2e2aa978b37c949c410e3cb05052a4d9dd6bf727b7677.js

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-1_07d7f1cae5f34137fc1b4cca77ca88bebb96f2ee241b4d8de4a1cb1c347628bd.css

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/html/templates_34a32689ba46359ea541ae21bc3a85846cfe6afaba2911338aa04666eba23cc3.json

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-7_ef8755958dc3ed928da3382a69c36cf6ec2bfb1a98f1d9e71165ab81fe735e6a.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-8_396c8c50c49feb2408530d530924d38f324853b7007892d82725ec0496993952.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/css/bottom-pages-animations.css-postbuild_077437ba5398f2997efea39e55f89eadd473667177aba0b14a48c8b57c60af43.css

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-9_04ab5afde4357c1aaa61284f7349461ff843276ab4d9159e2c622758fc783fcb.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-2_6e1f04b4b799ebb30061dacc73808d643a09f162b61a3721ef0e66ebc511ccae.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-10_5e906d738618166f0b8c675399da6209f4aa8e39ffeb5e6028fe632bcf14a2f1.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-11_1a6ebde0f8d3d0ddcd076220831bd3f0d9c6de1f34958f44e999015951538033.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-3_2515d0b734ab553e6d9cd7f1d79bf61e7737c72b68be0eed3b02d9b642c3e446.css

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-12_037696fc9e8941f7532c5cad88adcc7fd804c8a7a1cbf9a3d94797ac626d48e1.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-13_889311c61b90cc168f059e2ff59cc3714f6fee9a7f9a9102393a8410b8233823.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-14_d7aff862c4a47cf466bcbc26f3522cf12987af1f7d8f0b9a4b13a4ea844ec929.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-4_073241f3f2a439951e522d5229eac2f7bc01a82d75c2ad8b3c1de45e18e2a2ae.css

HTTP Request

GET https://eu.static.mega.co.nz/4/images/mega/contact-avatar_18cc8179fdcf896e202df0bee3a8a381667c7ab2e8206b7b157494d10beeae12.svg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-15_8d2e047646dcc144d1ee5891d87fdbac9744bc940f0cc4e6dbf7ac2060ebfc50.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-16_e87b6936b3e0df4cc2e63d7904e9d9491c5f434ed4ad2ded3479aead0ce667c9.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-7_58c04ac027b15931acfb17be4a134e35c8bdd3b99109e617895713a42f32d84a.css

HTTP Request

GET https://eu.static.mega.co.nz/4/js/vendor/asmcrypto_9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/html/download.html-postbuild_2749a59feff4141009bb961edd622162e7589b7f6c446e9be297528f0cdff89d.html

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/html/js/download_7066fb3a9439ac4b7ab62485a20eef0196e9d0ec2a4038302f3eeda11453f2c5.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/fonts/SourceSansPro-Regular.woff2?v=f71f612f60d5bb7e

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/sprites-fm-mono.ee0d4eee3ddc0278.woff2?h=2ed308d18

HTTP Request

GET https://eu.static.mega.co.nz/4/fonts/Lato-Regular.woff2?v=6343dd45044b0726

HTTP Request

GET https://eu.static.mega.co.nz/4/fonts/Lato-Semibold.woff2?v=7194963095272d0e

HTTP Response

200

HTTP Response

200

HTTP Response

200
89.44.169.134:443

eu.static.mega.co.nz

tls

chrome.exe

908 B
5.5kB
8
8
66.203.125.13:443

https://g.api.mega.co.nz/cs?id=0&v=2

tls, http

chrome.exe

2.9kB
7.9kB
20
20

HTTP Request

POST https://g.api.mega.co.nz/cs?id=0&v=2

HTTP Response

200
66.203.125.13:443

https://g.api.mega.co.nz/cs?id=2725035&v=3&lang=en&domain=meganz

tls, http

chrome.exe

5.1kB
8.3kB
25
23

HTTP Request

POST https://g.api.mega.co.nz/cs?id=0

HTTP Response

200

HTTP Request

POST https://g.api.mega.co.nz/cs?id=2725033&v=3&lang=en&domain=meganz

HTTP Response

200

HTTP Request

POST https://g.api.mega.co.nz/cs?id=2725034&v=3&lang=en&domain=meganz

HTTP Response

200

HTTP Request

POST https://g.api.mega.co.nz/cs?id=2725035&v=3&lang=en&domain=meganz

HTTP Response

200
89.44.169.134:443

https://eu.static.mega.co.nz/4/images/mega/icons-sprite.png?v=48528e60724d858e

tls, http2

chrome.exe

11.6kB
600.1kB
217
443

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/sprites-fm-illustration-sprite-wide.e397e234dc118de4.svg

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/sprites-fm-mime-90-uni.decaf26625f7b9e2.svg

HTTP Request

GET https://eu.static.mega.co.nz/4/images/mega/download-dialog.png?v=cf6daa0027e27782

HTTP Request

GET https://eu.static.mega.co.nz/4/images/mega/dialog-sprite.png?v=57a6bd1346996955

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/sprites-fm-uni-uni.292a5f9ee5a59318.svg

HTTP Request

GET https://eu.static.mega.co.nz/4/images/mobile/button-loader-green.gif?v=b175f7d362d2b4af

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/images/mega/icons-sprite.png?v=48528e60724d858e

HTTP Response

200
127.0.0.1:6341

chrome.exe
127.0.0.1:6341

chrome.exe
89.44.168.221:443

https://gfs270n080.userstorage.mega.co.nz/dl/ACVg8KF7b5tQcwKugLuD6Z9mhsc1o0HNnOF4jIcVtxA9WS2rQhnGs5-l_D_AIgHRYuN84R728cXBoEENq5PgtFBgukxLSZv8UKReio8VvMLZXKsw1WW-ExmjyXjFbA/0-115476

tls, http

chrome.exe

4.3kB
125.2kB
59
103

HTTP Request

POST https://gfs270n080.userstorage.mega.co.nz/dl/ACVg8KF7b5tQcwKugLuD6Z9mhsc1o0HNnOF4jIcVtxA9WS2rQhnGs5-l_D_AIgHRYuN84R728cXBoEENq5PgtFBgukxLSZv8UKReio8VvMLZXKsw1WW-ExmjyXjFbA/0-115476

HTTP Response

200
216.58.201.99:443

gstatic.com

tls

Fixer.exe

803 B
5.3kB
8
8
208.95.112.1:80

http://ip-api.com/line/?fields=hosting

http

Fixer.exe

264 B
266 B
4
2

HTTP Request

GET http://ip-api.com/line/?fields=hosting

HTTP Response

200
147.185.221.22:51770

spain-trail.gl.at.ply.gg

Nitro Generator.exe

32.6kB
445.9kB
475
593

8.8.8.8:53

mega.nz

dns

chrome.exe

742 B
1.4kB
11
11

DNS Request

mega.nz

DNS Response

31.216.145.5

31.216.144.5

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.187.234

142.250.200.42

142.250.180.10

142.250.200.10

142.250.187.202

216.58.213.10

142.250.179.234

172.217.16.234

216.58.201.106

142.250.178.10

216.58.204.74

172.217.169.10

216.58.212.234

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

g.api.mega.co.nz

DNS Response

66.203.125.13

66.203.125.12

66.203.125.15

66.203.125.16

66.203.125.14

66.203.125.11

DNS Request

13.125.203.66.in-addr.arpa

DNS Request

221.168.44.89.in-addr.arpa

DNS Request

gstatic.com

DNS Response

216.58.201.99

DNS Request

1.112.95.208.in-addr.arpa

DNS Request

spain-trail.gl.at.ply.gg

DNS Response

147.185.221.22

DNS Request

13.173.189.20.in-addr.arpa

DNS Request

77.190.18.2.in-addr.arpa
8.8.8.8:53

234.179.250.142.in-addr.arpa

dns

564 B
1.2kB
8
8

DNS Request

234.179.250.142.in-addr.arpa

DNS Request

134.169.44.89.in-addr.arpa

DNS Request

clientservices.googleapis.com

DNS Response

142.250.187.195

DNS Request

ip-api.com

DNS Response

208.95.112.1

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.229.19

DNS Request

22.221.185.147.in-addr.arpa

DNS Request

ctldl.windowsupdate.com

DNS Response

2.18.190.77

2.18.190.79

DNS Request

ctldl.windowsupdate.com

DNS Response

2.23.210.83

2.23.210.101
224.0.0.251:5353

chrome.exe

204 B
3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\705e23ec-f323-4115-b496-19a746fbe32e.tmp

Filesize
9KB

MD5
9e6f39b783f3f3ffbed4604fa90e2e8a

SHA1
4fe861f3b8003051bc893b90f3b121d33081edb9

SHA256
823f979af568a70a0a2a9959675c7ed4db356a220218c08798fe175a17c796ae

SHA512
1efe99961a56286fcb27573e7fd35df5cc46f17353436f591e8d043a106162b7ec1ed6e417f55f4b5fa3cee25c2b6630560f34d2deedd0ad1230361cf802448f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bd049793ce766c8fb4f7035733f35930

SHA1
fb91679f473677767d953ced57a877b9e8af1766

SHA256
6ba867e3fd1c277c396b0204f318dda47fbe9246befe8f86416467cdda4ea179

SHA512
e960786489fbc9ba8660b77aab3865b0a3c8ccfe72af2208eaa273907cf2fbfd9640103d4a05ea566222f21460a42804c5cb0a23189ade2ed99fafe0fb75f512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
0fc67cbde9d010bc6a14029f815f1fb3

SHA1
083443877ab6bf25ae6403ecdd73e6ede8ede936

SHA256
41aed42a8fa4ef90aec422316b05c082b75b3a8b674ae07c2176a5bba4d6456c

SHA512
4804e87a4cd04b4b2a776db23025041a260da1dccc55022fdfef702d863d2fbe986256dd7d6c865e7c618c64a34830311e3012b3a8bb4eb3acc2728ed3ed4d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\618b19fb-4349-4df8-b9a6-a5e5fa03c009.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4890942173d3c678669dbc2b14d7ea3a

SHA1
121661102960429d825ef567865ede4c7daae41f

SHA256
1fc3e8249f7bc1ed9548a2be030fc38f6f2060f938943c9a7704911d32c1f46d

SHA512
296080bd91240d36e1103c7939c83e8c6736ae10d8eb73c929bbe3bc216e0a132ab174970a9fa9eb8f71412fe8b8be9489877812aa183caffff56bba353a09ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
f9044abf98da0baf852d04ebc15c15b0

SHA1
b4269464a7ba3f49426b0fab7127e3d0978fdfdc

SHA256
e92ac7ec63e122638218becd00ed807a0b2e07a157be23cbad928cbf5f444ed7

SHA512
47d25a31e0ad799be13ac67109607fd32fdbebe2bb80db872c2289c51e1f3d29bf1a68454e660464eb1ba62d59e85e09e6f43f34a18f49f28041a64a98e71541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70a338353623755a154f3227b52192a6

SHA1
b767bc4efdfa500d3977b88126eeb78922223763

SHA256
a341e72cdd0d2999fec0a56402db6d29ad253cd26faf8a9ec303177d6c7718d0

SHA512
b3c525d9c746b73b7b96dd531821a2959eef87f2fd3f22a521878a67ac7f9b618b1d9356e53d19509e4c71bf537a459066cd2a037149fe0dc3e48c78daeae3a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f16887ccc82f0bdb2fefee9106e2d26

SHA1
448e9dc97c8b6205c4948f8c80a9587215bcb49c

SHA256
361ab80d7abcd010477946a8c1eeb9c6c0406d417fc3b7939b3898f10608f524

SHA512
8380323d0b1e769303ddc36370b19d9cdcaeb3a09c3423b608b9cbbca6b6e929a2d0f30449c4f3d8178565aea09eb933303783b52199453820065bcce232625c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f351e35da34b6eaf037bee5f672f979a

SHA1
dae4ca7a678f69d1efe11fca028ad930b9183179

SHA256
9374124f425674460498ce4ce089d4888ccdc68adfe1e3a0b979dd8a53d68a8d

SHA512
9cfd29e3fe74dd47cfc2929eee1c3115df346ad7c7efbe26227758c46b60a34c581f6bb58180e16cc0fa062e7994d68fa2391c4834945c4ed4016ee75940bc3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a693b95111899a685c0fc7819bd83dbe

SHA1
f8556c5e43cfc84ed0fac9ff6f5972bb235d1632

SHA256
2af6882da78a733d28060b08ed789b3f285b2f3d6c102b710ed6e537617e9731

SHA512
e455a8164a42f37061c0829d23c489b7cfacc6f8072fbb2d9b95c2afacd3c7f5c496831ac68f6f6f3a404c853ae6a85c25551999a372e32417a3fe99588f19f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
efce4b64993b466867d9962f140d7205

SHA1
bc19aae600dae82a43a0c7bff9f1956d762e47d1

SHA256
17e754ccdd00db6cb943fe473f2d408a31007ccc0c73a759f39c55fa4bfef18a

SHA512
04c9c5904b07981b1c72817761d348fe6415a23dc4c649989587009e0f922d92e158d0bd9b13836e0f69232f451e7ec37b63fac7d5332a86ca5c633dca251868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
63ffa467335259149e5fdbbc10bdee0d

SHA1
c3a86ac9937d39c9793245deac52ac3719c05c46

SHA256
ac2fbab295492c65200cdef8c00e96e30cec73e81376c7c6054f2a0fef709e72

SHA512
5c5e2b94deb2a43a9bc64c82df8b299503a0ba64d5956fc41a20dc5edb11edcfea39873647eca93ea3ce324bc820679745272bbe82f10f086e219103bc4558eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b5d93098516f887108cee4d5b586615b

SHA1
a3d4bc821f38bc00021572eb5ea23fdcdf3b82d4

SHA256
d42f71e36c6037ad4442bf8dc2a3df84fe9977ce0bdaf26f1cbf5fdfe0b90899

SHA512
3e14409559d923901c7146b2dca65937d16a58621552458b28339e996d544731194b5fc24e45f7b529e918f689ca8dba02e0c14666fadcfe9c61cd325d61af5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25ac633d2871b54fe5e087d47243fbcd

SHA1
c9ba5eab46c96c415af17dda1432104d9618b649

SHA256
44f9c974f136e47f02d4e555f2ced1166f71b66fcadc49cecc11462c2cd05848

SHA512
ac57a43e5074ff273854e74706c76f5e620fa19f322124cbba4326e0a54ba14549e36ff0223cb0206268e8075e6c55266ad0a86b91254a9bc6c121b874464206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34c1d18077d44a34f06e46b4b6ba5972

SHA1
455c9e8ca03517793484d6055c9ea892dd9a571b

SHA256
676ee58244c5aca5262740ed7228cd0aa32beceb2c7cc2fa00d58a7a6d8d7436

SHA512
f863c33a77f5e427ba17558e9515952f724d5cf6e0ad314e1360d63986c15f709f064a5ebe1bcc85256398a2d1fa3c7851c476da4efc71d56fd69b86500419ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed879dac8ebe40b7a38d955e491a58b3

SHA1
276cc8a78978614e1825d00d670037078f6532b8

SHA256
b4790643dc15c56d0f33e943047e2ca4aee8173ffa7b292ada12c7d22da02f85

SHA512
5891ef25f1dd82fd93314e89d0d2722f82a1614e5008d54fad35ffe11796f108decfc257e100e68f62efe0719fcbf393ed87cff44d3571cf8265bb92d0093760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d404053a73893e8847d56480b599fff7

SHA1
ea33555521d84541fc92bcbf9aef3c9e8fa86b76

SHA256
818181c23943a6f998613ae34756d9a471766f03befa5263c376e63708ff2677

SHA512
24d1d8feb746d75e1e60aea071d0513c9a2cc7ea76ae5d15153be019281cdc5421abc68d867042cccea10af88e1b27b7ad98ecf1057c0b9f01f7ffd811ba0f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
724f10f10ac00bcabe8aa4b659855cfc

SHA1
5b7063266aab51558726c52dc35e96bb87ba3605

SHA256
8dfa130cdc8169c5048b040af27bd871d4f7d2d6b40ff43a30a79602feb44c18

SHA512
763b4959d7b8d9667bf4a0a7ab33651a9f56435e658da2a1ee23c5cda7552d527910f6fe1f3cf42ce4b33a266bb67a21cb2142d430ee5d4fba94352a0dd9f989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bb26adc599a1c9e39b70a5659e40b32

SHA1
88116b9654694d1b98f67aa93634eb6771e0ea3b

SHA256
339abc678ae359fdc5c3f04c409110fab82993648f55c2090b3e1d3e0ba41880

SHA512
58e3770b88f8a04b3e1a7204c4f60b0f2e9cf619f73e8e47b05b7440b3ef60d4eb48906284c00ea4836d6db9239e662bd7c60a6b97d484a825719e6cf1d0af1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0582c824384d8f11ff64d504e652c889

SHA1
6ec849b364e8ac6e583085340b91558969faf992

SHA256
e970b8c3625624c30e953988a1ce6226e41410cb19fced14b1e7642353083462

SHA512
0851714e795973eecb3092e4d92e727d8b042ec704c84254e15a4019832c7bdc1d48abb3441a9b3d0ee0788fbe2273d5fab16d274e4232587cad0e6af6222fc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4c63454ce0f1e02686a3263e734e8a3

SHA1
63a6e7b20e409996972906eb875eccadd682cf97

SHA256
d72c26cb89b5629877d3f960de1720534c49cb34e32bce2b18271d1ae33f719b

SHA512
0953842a471cd0f270099b2568984c6ebbf6421b10fb15ef78746b61588c4d763e01b8d3f782de1c1b11247f37694379a7ff49b750857c71efdc19e6024ea033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dfa1d570ae778713b296811a93619763

SHA1
d9d436150f66c532861b6b351222c29eff927da6

SHA256
15e7ef9689d13796dc941756b3693745e5defa87949d689323aef4d980b9ebf6

SHA512
1b618966a2ad134e279839c7e459d67aa8b4c84f5a42c26db219605f709345d6b45e2267f3743b05c1c45688ec992992eb7bf46855e8cee7510c18a92f514bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
40529633cd3203e54e741aa3117c93b2

SHA1
a3ae6f689ab0ed56f7da5b01098f34d783418abf

SHA256
24511232456516c3960a64353ac5e3eb58519645d0ee814bca193192e79a9787

SHA512
93129ff347699293fc701d1809de842baf7f3d8ca87c9f8f9d70846f0a770b31b5f1bc57502c301b386269d4eab14e803019f4911ec8b9d99c9548bf363e914d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c6d255be07661d4e2293cfa389711f6

SHA1
852e274781d0d0965c3bb4e435969cf0747fab5a

SHA256
5f51bbb352593e060ac45a0246a6320ba61b83b6982c64d64fc0aeb36a86fca2

SHA512
1a514cc34cb1cad5618422401df64491990e31e905e45dcf62093bbc2ff3007ba429f72f3ff4853a3c2cb4c42674ee7b154128a48345ff676d9c26d897bc1249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bcf0a916d67952c0694b5870b0f36961

SHA1
f8cba55fd6464e61fa10a0a33beb4e6c45268ac5

SHA256
edb392629af0e19fcf1cd13ba776ad5fc7c2684156a9858bb9a92f81f7c8e345

SHA512
e011933946900acb54d6d1faa03fdb8a9b9ecde20601749188a41d5d427824fbb50a4fcca31cf95b71579584256b255b6f974191f03cf7d3bc2a423d5d816d12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e3a7092504e4a7df231ace1b46a4109

SHA1
5b50c9f681134ff528bfa693bc098299f9e495c2

SHA256
52d4fe0f6129f19ee510f25fad3026704703b45c57c6ffb9eb72c44e6eae8e72

SHA512
c58376dca59df51c52af37a144fbaa5f5c7f448595c4351530fb77c1894da46c4810c35e8968b02b3f7d9158f16794ed147a6c54cfab88919ae24b3f5ee217a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c4769857d3c5c52578ba73d01c5b0a66

SHA1
ed8950419dbb2ff1b0d25ba9f94433ab33fc70c4

SHA256
56be18e4e4fd66ba4065a665327b191f48063b1de285da845f98e2a551fe1c38

SHA512
338819288feb1135c36c9dd067cb2fb0ba93e01dc816f6b9076d6aabcc81a429e519ffc4c1cf812e8ceed411c3667ca3c21b199cecf0f73fd320d47c9c5c9c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a89e9aa73cde51a969f4ef3c7f568c5

SHA1
66dc8e457ebbe5c8034044f387501d6ac276dca4

SHA256
c0eff746c7987f33222105405504f35e898f39ce8faed5f44ebe25e36f40e9d2

SHA512
f100b4801905a1c4fbe6418f2913a9bb3568ba01133899f78ff618ca49d3db9540c840aed39af3fed986c2b7d3337b08677bb47cb15058459ab3d5a75786cceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a00a58006738f14d78e4771e2c531d4

SHA1
4884fd62df78140b34aaad9e72e2013405413b83

SHA256
03fa7d9e33e3ff74d6b57ce09969b601677721f1d64c813cc44b714ecf04a7be

SHA512
7b892a45852448a5b87651ce64ca2ced18f812d40ad24c9179fc29e98c877de3ef9f0298edf33a28a728aaf4e70644452b73f020e3f4d621344b0b06e07af5f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c484f2155000d1d4ef4b4cef7367174

SHA1
9ed543d62d5412a6deeb5d29dca442a1eace4b71

SHA256
f5253567d9bd67203a10a44ad0c1464a76e91c0055496fb643dc94cdde1c74df

SHA512
8dd4804a72382d7d9d67ba2471d2bf7cd7ece3697b2e2f27ecc1bba36d545357c91cb49537ffb9f591e7f9eb8bc564d4aa16a3b5e72eeb7401d4bcaf76b487c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c1c305e54b7078faf97d918d2d9b5df6

SHA1
ee488020c4e36a2cede0dd32b8455dda0394887c

SHA256
45a613fcf6e238f690bd6573af6ac65b49f12a7597364f56ff2931ff4ca7b4a9

SHA512
267258a7e78180f23d86553bf4531f73820a8d42c3e2db8d58c4fa9af4e16a7b4dd4c308bf71f587968aa419713ccbab8807b081b98e25931eb528224842216e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f3a80f7ef8d8d002a8aca1d52f76eee

SHA1
2ffddb1973ba4945ceba5771cac20cb98959e365

SHA256
ca8a1be2479e9e9d59a7c9e6e68aee31873ce7da986f378f29d1a87807adddde

SHA512
9520acedf31e80a599cf869127b8f8f8a60cf5dfd672ba4bbf800c628ee96740c688928a9e6093c55caf36abdf7386760c70bfdea21e616d9378e641e12c8211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f6344cb8b7139fb5333231a837ee30c

SHA1
527f4a313d87b39ff3618c07a1ef174f552c8ece

SHA256
d766e7aa38f414e2c2d3a80517f766930646b0eae7667cd987e2cb34ab7ecc3c

SHA512
65b8889954cce122ba1142d152890a6cd1e6a086c9691ef544eb5a2940ac32fcbc6673277acfed348de69b4ed5b5c840979aa7d4bd4e25da645bf1a984b5e0cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
596a08bab8807d9e26a9feeb9c06db9a

SHA1
9860725dd6ea50c1e6d371e0ac77356c1803f51d

SHA256
b0d7d6a7287f2f1adc0b1e5cd2f946f8f48f125dd8f7dd6cf2f13c6fa439c6aa

SHA512
69a7d1eb560cdd19eb3c9aabaacfe0abf8914b18bc000dcc7f3c50e4662ab58f7cf3d8fe713f848d99ce13bd304b972e5db7c2e563f3adc9b49f6599a4a54187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6c18387fb9bc7cfebfc9fae5de845b6

SHA1
754eab5207ed553624902b94391462b259eced15

SHA256
44adbb49a8196e4da12f257c4131771648c9b00e4a27ec9ee4ab20cb7369b5e3

SHA512
33e3997cf4b8fc3a888b1ae01daea524282fd4a1ea21111645ce73f1a36906b2906d2b2be7fb12c4125754e5d0905199894b06d58da0bde87ff71808272cc36b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a66dc994aeb4538503e912f8d2effe9

SHA1
c4c26191c7e394911987a0c72229a6b2f865f5e9

SHA256
99c1eeab2438cb645dff98c5b194967058d011bad323fa1d9a3919253ef54a5d

SHA512
f2e1a10feda372a3df35664eb0bb7aced6dbb46ca5c49628c1f0177e14e7fd85e92a409bf86da52850d70ca4013ff37bdbb439c35e484cae3171e7546d8691ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cde951efd3f0fe50967de2182bef11ac

SHA1
32e1d5fb2ede492a313757aaf16a8e63279742db

SHA256
709faff497998a9998aeac957417ebf39c79bac966825e3908a3f94b8672b670

SHA512
0798eb9fadb97f5d6275b5d584d8e5fdfb0c9b330f8e3357b13a2f16ec92fd29fc06baf170064a98beffc6922fe81574f48b6c1603fb041b208721970b8b621b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3cef7679c9b6a72b7d08a4f39d691b90

SHA1
a04c02005596a68f23f6d2716c885d9df9c29259

SHA256
2949ea984bc8ef54c361e697d4410f576b70462df47546d63637a35361ec37d6

SHA512
d28ef12d8c575189524378266383a7fd584bc3a7c4b33c55b9fdeb28f462cb348588c7be69be51c787ed91cae61d68770e2df737b669e1c88ad8f5fbd118bdfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59379ce30c7c754fa780a1ab45889f22

SHA1
28e228e2f41bdd41d232617d2b80e5b3c843093c

SHA256
ae1244d61f96ca56782e52d6ec8344deef02fe039c31aa3e8fe7941103cf227d

SHA512
413c28387ce93c98ef967b02dc0a4ab25430ecf396855660b04e332005d5a6713e5f45a1fb2c66455abacaa564f01a8a9b3313b56e7f0510c06c55a6c74e77f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04dbb4510c6b967c64cebdba4ce9faac

SHA1
22ea080c68c1ce8b7a2b061263fd0b49f9164034

SHA256
2e35ac90561a5f26c4dc8e915f7b5913404081fc05c118378fe9dd5496f9df93

SHA512
7786e8b73a76300702e4852cdee0af9825e6190c91d1b6a99b75b264dcca944ffaa93188be8e6cac40dcce9175bd02845e5367f1bd9fcb64dd136af539d134ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71fe472bb118919da77a3d156229723f

SHA1
ca6b75d5597fb12cc26dfe1f19f8f4f1b9dd4081

SHA256
875093c22a515dd9fe493bfab6783c4ff0e921116061c19dbe6c7f449d707670

SHA512
9e0fef736b62b56a1ade9270055792a8da229098c63fe71c390c847291ef6f4e0630be5440e2f91cf338d7d4d7367c7227026bda5740b8d47baa807b0c296882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
42e9aa7c6621b21b2d55b102829f2da0

SHA1
32f3940296c3e2dcc5332341da41daefc824446c

SHA256
eca95e9be2a47b6eef9c11a3e02a479fbba52661cfe4851225353bcfc193fda1

SHA512
aa6a5265e05067a508653b1ef0082d5383da4b62719f54962314bcb9f10745bd817b73b6a4e6005e9259c34a1ea2d614feb5a1dc7cd6c3e0e107fd58a5ad211e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b68ec6c8db4e17129d7691820b3659c

SHA1
a2578c68a3f48bcefa695b923b1774631eabea8b

SHA256
2ff74f947e68511437225841b015b729b0748ba6cc0c285c0cc64efe1242a83f

SHA512
f595f1f6986f846177c5587749f8f372ca66d1f14fce17f39442c07b67dd34a1c1774026b6bb94c5b7139f376044c6ab36e43bc42256c0edffbf25ae6cb805fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67b522c67fb00db364412c3e96f18507

SHA1
c302bfd01184a8cdb8006097e9729731d15a4ce5

SHA256
19c353dbfa29468555235c0791940ff107e902adb3307179ffb33b605cdd8b36

SHA512
8badc1668e95a8c59262ac2989a18c6623a1f4daac911385a3babdb89548722f5f66b3eb02380f0ae116bceceb310e14be5815865308362fe67b52c96a0f96fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2dcc4d3af5bbbee81681ec04fe05e28d

SHA1
10679e8ead9504bc04b279e956ff65a59dc2cd31

SHA256
bd9ec000a6de666d238c4628e79ae06e37d09bf721bbbbd52d084e776819b395

SHA512
1b47c64ff7feafea47615b8ba5b29a82528871ddcfdb1605c2e89c59038ae25e2796c6c803018014c52984da759d56bbefaf921272faaa55106f0de259b47017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
008cac101998d217469a7eab7546654a

SHA1
d0fc339db62544802f767d5041a05359ea69c05b

SHA256
6c6b6300d1ed72494eec4f1b1520ad00edd866a6e6c1ca0b532ef525ed35c902

SHA512
28d43e6d07378a12c5a592c7db0f3d6c82571d76b7feeb3775f1c13bb6d154dc59af05e1de991114d9982345c3e5d1bcf6243d5c29a1a38890811c0b4679a50f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d976b64a5c896bdc2c05ab88ab662833

SHA1
2bffb3ea6e637fb282e2bde4164c45675ac0bbce

SHA256
2e8719b01a4ddd279d5f73fd27a60cc74ae58ed74ee772b727c6111a36f7ebc0

SHA512
4cb92387bf1ddf0c4f98e2580c4fc57be56a0b8f72e7c2577afab0286d8d13d6463d9af449c59137493f2b8cfa7c4fe9a8ba667b9e4ba550ad1c034f9aa389c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7edeb4c770806d24c13712f9d352a39e

SHA1
fba6635fa95888c830696372f1776842709d6f3a

SHA256
90446a8f2227024008551f7787d0d2feb74faf0f857227f8f69b0d2dfc40a7fe

SHA512
b7ef5bf8842f7f070bdffebb9875b1e3023550fed0f1dbcbfdc1aad46be0325203b7f5df43f0a7edc46983129dd7bee4b1917054f097ba5c83a2215150074d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
da6f12d5cd520ee6e3374d1a816113ec

SHA1
fef9fb0fcb060f9e58848d2afa6097cb916e0613

SHA256
15b63523e7f95f520d516280857be11c473edac976da4a5cdb4411c96a52d7a6

SHA512
bd31e62741a1ff89c07553d973f81e25ed17cd1c617077a218d4741617a693e8f99e76ba30c5dcedb16048a4e996b4dbed699a251171d08b0975803c9cbe241e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
90016d6bdd055741ef42d44750603faf

SHA1
f6d6959cbbcbda1864a417571f124067a8541fef

SHA256
6236b980b06b0801a279ff1a2f6ce7e0d9f39b4da2c8985d4153bfebb8aa93be

SHA512
72d80053f69bacf07596d11646b6a3d2201b990d013953d6211ffee84968db7b886dd630638fde7774048c1aeddcaa1f22277fdd40b35a75d31d0562396c8ff5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fdc30d3174f0b359ab4a3370472750ac

SHA1
7d9eca82cac2f2d94e6dca4162fe0ad7b73425a4

SHA256
065b05da16a37f0606851e244dc9b7ddedeb4a0ec76315e626234416af6d8f70

SHA512
29074d2c61a936cff75e0a9e922310cd5104e72b589439f932fd9b5dd808741652e7fe83c1448c727624163a36ce4d7bc2781ae6e1f5ab899528f9bcd17e692a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2661a73593475b7dbd0ed155ce784142

SHA1
e3ac081802870831b10c069eda7d00af4822b058

SHA256
15c761e5688dff2c4f142552c47b47bee37ed2b572601783b6e5b83650756498

SHA512
751f0ffaadb2f8e0288374225fdc7b9c7887606db7efb7d6f8b7736d08a15cbf7a5c4d22881c6285ef2f7d22152c20ab4665e9b6a8945dd6b4d74d80f890110f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
894027517bd0c5bf1dac358160c6e370

SHA1
ffdfc8fe59b9688dfdbc14e6b10e7cff9ae9de17

SHA256
37b701d72c2d79d2b6383473cf0a6ccb0dd0991c68663d80bd3c63d5dbdbfc1d

SHA512
73d4b0457c821908911737941b5cb7cdd738a8bd8655533ca4819376aeddcc09769a002eac5a7c1cacc92e64becafc6f2485c5b523fde57637e17ee681deb3a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3167ed163c01ae6c2a14a46250fd420

SHA1
26985a5165d0d2869c77b2203ced0df206eac4f2

SHA256
31dbcd48a18c130aa1997f3b878a6af07962b76e70a11d5d40257f79f81d5837

SHA512
f85956663860081b1fc9fd11775ff607e134887917adaff26e41e09d206ac1aa82295dcbd6327d1180d4b1f6bf180c90da4b338b2cea1310d950874bbf161052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
410216877a15b1ee5e2d832e8e872d05

SHA1
f87500b43fae5b3f57ba9a164121731d0fb008af

SHA256
fbe93e04928544d278908b7e484a12f49e349f12c4ca622444818e6c71b37ed9

SHA512
95d0410d96d56422774fd36cdd3c774e56ca305604d306673d27147f7af239ad4f377eda1bb3627aa175eadd35794e08ef5682fca4651937bf781180bcba56f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c741867dba0bc3e68d6195269e647a4d

SHA1
625fe90c6e61d30601489e83ac8ed890cfd89bfd

SHA256
506d4cfb183d38df2cafaf402b93320e6edfe512c371dcf96da8d5c588aa9dea

SHA512
d8eb50885f8590d49fac8c939ad034134e7e5ed2df806c4359b7dac63c30551731ccbab772a4d0c5214fc0d05f5a84962e32b15e56af5e3b46264e7f44f1470e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17a1d8b24ad6743758d5a4efa9c04cce

SHA1
f684cb50259045bcb1492ec77852699fb78bb910

SHA256
397f486940e9ef4e5e2426e8823cec03dc47cbd1416c121a826c82d134e479c6

SHA512
19dcc7dd61ef1fef2aec87ad8555397841edff84b409a55decee22ad0b2fcec5e8921bbbe38611ffdc2195a5907b1377064c0127417222172d721cec3af09859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb9ddf093a83a771eba365170c9cdc07

SHA1
0f93bcaaa2a9ebb04d9464aeb6a521ddbd2192aa

SHA256
bdb6c2bc088ef655d1171986f5eca071a7f02d9941e69b5822210784460955b1

SHA512
924467b7b9a4fd784a3efad50773b8a627ce250db5af477cb29552710ab28b071a1368be619beb561fcc9f2a552b0afa34c4a48992424978dd98f1958821a860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc1aa06291c017a828e182e6dff256c8

SHA1
c4f5ad136c0f9f2e8a35a16b3e4bc6a5d3f86e56

SHA256
f058bafe71231002ee31c8bf22e5279360fdcdc679b7df54080fa8f2fe1f2896

SHA512
8c87f4d2d69c20b69ce6be8bd3d70cb6bb78e44582b1ef898ca930ea52475b62f7d2452f08c4bfe8821b0a54cdb40121ea8506c8ef1bb2a168551a3d86dba559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
071ac360fe46453951c8fe626f8907d8

SHA1
d5fa4045cdd063dafc71fba39ca67e7e6018d54d

SHA256
f6690fdba42fdf3e3bb7c834aec8ea25268ee81bb6d1e097c1408feca126a026

SHA512
e00ac38ed1f8336d63699a8db212b0400a18961766d7dc557e347a0d1205bec543cff69f8c7d2fcfa8ffdf3709e8f955451a7c7173308df4aa43529e8ead10dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
64733eb7980a53dcda0b96a7cb96d197

SHA1
dcae7c7e1d78704c1b68e32545278f312773b975

SHA256
ae8ab6178e28fbbceded2b0aa2ec7455f79a4c27c507907f9912f86fdd7dbb91

SHA512
345db45a2402f9aae6261f08017fec7cc86da0c1bf8216dca29fe673565b055c12e380bb8f95bc62ce223604e08d1fc9480182cce2fccfcb4217910db9d92503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a5961bdec159ad61b361f56ff970445

SHA1
29566625c3c4b4e0f9ec14e0a342e837242196dc

SHA256
5dad39cede07b942ef65101363592b937053cd295fb6543b2acf94170c14e1a3

SHA512
e292e4321861659d973660f2501cb9878d9e8b5fc7c0b921ee25e82eb8866241406a69acb49ef963bed7e535053520d14da056bf95224d6f8f73b6fd8c1f1b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a6f038d441f85b1a33f5d76d6143f94

SHA1
24db4c00f418c10ba237b852322d75c1605fe04f

SHA256
01d41d77b7ee9a65e97a19c3aea82bb2fa1dbc4c9ea34408e699e7f28d3248e9

SHA512
a5bb8351431d98fbd532b053d8729fbb6e274ed3345f5804270164d6bf318ea1402472647e53ddc4c446ea61ff53f78b0c35abbfc55ab6a9bf5e9c7ed41ef2c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab03aa7432fcd1eeb31096e011b43bc9

SHA1
37ad14a353bc19c30e1b5ac54bac0934a2d09db7

SHA256
9a0fc8c5e9db5484e16a24e696e08993d0352ba8a98303fa2d44ee25cb7cbbe6

SHA512
13dd1c8bf95d077bb5046d0eee033c787b6c8447128bf3f323e18a37815c800fe36aa0af1f9d8eac517a0836d15cce4cfd72c3f31887a95deabb7bef223d0682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2881b5fea1d3f7293f5246ef641011c

SHA1
6368747d93432880dca529d940f835b91aa64777

SHA256
c943ed9d1f8cb44076922869acd5e6ded50a318e542acb222ec0e5069ca7a767

SHA512
156fd48537427dd1574d92434907bddfc82829733652909ab9ffa5e0cffce1c9fae2a9b4c23f38d69835bbc55c73232f376dbbf47d3a20f55b96ea8d5af7b84c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7cf02d5075abad69aa408d0968f32da

SHA1
471cb57beafd9e5cfa726c84d84668c374217680

SHA256
a03d14c466a5df4464becab4c36c43a6c92a4e12c9837df49387ffec45e99f4f

SHA512
e3a7d8dce2b286470f24f996fd8b6bee46749bf1e21a7c7938600f89dd5c6dc6470b947fb905abf521a8fe47f7a4d5f17c6948fe19164c3861a0472c5888e46b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9aa1fb2f48be63f9b3baf46a1168d315

SHA1
87e82a82224b7cb3ce38449c550054657684f1d0

SHA256
e98cc08d0dee8170e90d26a41553742ec3a6b64127c97eab0300130d74cb8d26

SHA512
be8c05a17e85a859a87e26c0c3e7ae80e2c91959e28b7f2c18c26439947ecc81568126295c82aaba40ffbfa788d7d601309f74dd2b46f16b4b17953bec84adf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
324930f18b3cc9ea0bce6cd11a5ddfaf

SHA1
3bd525fb52ec183e7e2d10037e16c248df2f3c78

SHA256
321f8f9e0d01241d0e345088e13e565014f9a6514d9dc7daf379a1a0a0405835

SHA512
1858bfec7af6b9bd5e8adce2e75e630730ccbc72f169b42bf4d319aa5d4019ad92fa50db6681a6d652f764fa8d1fb2babc5a6142577bf2771b8e334ed1bea66c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
688ee2f5cf5824c49bfa96adc1685691

SHA1
7381b921683afca2b814d3f75b3e283bf608b5c6

SHA256
aa95b7a34d3b26cd7d1ed2bc57291da121cdcf0fa3d5905c157e016bb6803264

SHA512
54b6c75ddae38a4c81406cfff4e33f32794c53d804deee2007638e181e6f9ac410ded86f4c10707ddbad228f380a4ce51917aceba9f377400459d1977cabf94c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b31bae87a56dd5cc8fda6c6363197870

SHA1
ca90e4e51def78a35b5d7bcfc5ffcc8d1b4c341e

SHA256
3180ad507bafca84deb0b9382c19be8aacd82b30600cc954e9312b189bd409a8

SHA512
30991717b2484e28c3efbcd9f45c955f480402c85ab8b2ee62d14f5d027c9f631f27b7c39c20e86d8c5af2997dab005895b2f96cdf28e2e06ed5175c7049f157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a473f2f2e8ea47b24469e9e6b67ecdfd

SHA1
ae68eaea40bcd2420c01dabc841e4c7f9fcfba26

SHA256
3a5274914c5a2431ee8b424dfdcb80ddb3d5c44c123d1990b453e1f800d33a48

SHA512
5fd5d14dc9e16412dd83371881d7e03368a0479cc1c5f88d8c8e8eda46816fc519489fc550487f06f5b7319dbd4bcf8b63bd8a74390811197dbf9584263af80e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba97a4579fb97b5c9de8ed4cdd3150da

SHA1
2cfc8dad0073f56d4227595423535d75adcebfc0

SHA256
6725c958e479af22f4a9ed847464ed132c8c362005d3194705a459f208216819

SHA512
23bd16de46a2f727dbcb2382d00b6b8f6b927d7dc95086c4d872817ba857442c1eee9c10b78cc6c2617f18a8c74d9e1015f2b3094bb9b89500cf5a6e4196a373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
102dd261529450ad6b82962119610255

SHA1
9b5d2ec7971a8bc5243468f5f802bcf7e05ddd83

SHA256
d83e0282f988ed34ddf85d2aecf63ff002c356d0f292a528f7dfb2916b63a1b6

SHA512
e91ab8e60640d449a46f4d5bdadde6031af2e70751d7702bb782b159ffa8182d65227a80bc18cce962b63e44f3446fa753cdd08a20e569202628e2520d08e624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f2a066a96393c9fe9bdb9924321c81d

SHA1
c773d83aa28bb79d3749b11b5b21b50ceb31fcda

SHA256
0940843a87d69bcad534b0dfa2b33da5f81cd1bf38e058c318fa732464fc4ff9

SHA512
65f1a8533e24f3dfbecfc886248594a0490a36a04e5ab7b9433637eec468e1c0e56c6a4ed7a93a13c37a82f2579f1db7ff4e194245f9b90a57d956e1cd25ac3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29ebff0ced4e95c7e2482ec1f4672d6b

SHA1
0876ebd3c0ef8af7da796438645f5bcffb983bdd

SHA256
395f9ac4d74d27a9227e2cc55b2462a8caab1666d10dc54ea955ca41a7db4101

SHA512
6446ae643631c5bf09e6665d8eb0c4f6ae269b6d24ad1861682e51972407e523dcb3f00648849c2f8dca937a77560e64f0d7010397297730cc80390bc87e6feb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df7c88d6d7def475e4ea8bb4a6674aa6

SHA1
55d725763749b31c4dcb79d845cccf974eca98d0

SHA256
fd3880f531600cfdbfc54f2b8bda72f0beeed7b4cb1142b6e8088fc2401ec6d1

SHA512
a9937e1138b71389cd9baf1e501d37180ad4f531f54fee02116b9822c4c5ab36ec908abd75aaab7ecdb96fd0eebdd5da06a588ff0306e22f8e26dafdd4f92650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e1e7f6c785b6698cecffb61d34e0897

SHA1
781f4fa2744168a46e9d232b81a45f807e49ea98

SHA256
af3c24192c0ff1a1454db7ba1b418e5094bf4a059616fd7eca8905b5d4814a58

SHA512
dd1f29b0b9c27a9288346fb060971b55d04c34be5aaafa5cef541f03797c1014585c6a6f4aada31b7f2fdab445f0caaf6eecab69629c17d8326999b74b447797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
869006f964a6c1266509feb764f5318c

SHA1
9e627bde2d00af24a87017a7610d1686123a8c84

SHA256
686f93c1f67928164a1e5dabbd0931253891ec0dd4bb4d3c8dfa2ce3724e1592

SHA512
d3e7a709f26d5a83fc4185bdfef38ae32bd7a6b9e924fe3e87ca45c20b8b69ec0b438a1d975c590e68bd879acbc02acb94865e5d6a7c250b310d349faa740ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d1bd96ad006f3795d0eceae9668a181

SHA1
8dd34239f4e71ff7ada820624189d902d77159ed

SHA256
7918bf4f1f054572336167488bbe7133ccc7b59305f7b1d0411791b879f9c1c3

SHA512
3d6a97f5ab2f8f419edc141a7d1753484fac08d7db42369a3590ad8136813759dc4abe0b32afc36e6a6184d87d88c1902dc54ab852976f8fbcd088732ab059e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c235ae0acdf36ae6405256b57772c0bc

SHA1
283f3b77e9545bdc14172b1749f6c7f41801022f

SHA256
9944dfe79f35b83b51cab7acb9c8cbbc305c912407805325859c69452450a625

SHA512
89c4e9eabdca2bd4daba4518ded10586b687474f220e7c5fd66692e534caae5f7382ae5e607bd4503f3b6c598503122e5c047cd92115ed7577f3a59b5e52c04b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88d7f336aca1845e9d482f8ff500805b

SHA1
cb3cd55d4b63162803a0540212756b7a7fd52b7c

SHA256
429a4da0da3c57184d223803c90049e94c5f0ad907be52a2b943367ded7239d0

SHA512
c1bcca642d162e82d4b505d938df561c83155a6cea1c0585887a2e7b516596a2da4e70a3b06c6128d2d0ae333f46f2579bed4dbb23e7480326bfa172f1f4a283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1cf2daa187f4662420a16561f88a6ab5

SHA1
6fd9af4b2491736a1f5bfcdd0800966f90ba1e93

SHA256
665093e8187369cdca57fe197b1b2986fa957b6816d7e22d9b8effbdb5a6ba28

SHA512
0191ba9e1bae47c43297fb82e8c6f67764de17a994a1147424ce8bd22b4eba04fbfcdeb66293ac2461c924413162a4a1668dbf6a77b52a85a33e848d66c2e864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
495c0599f7412caf4c172a8475eb7161

SHA1
5163092c1d292d37b674c6076dc98cf15024981e

SHA256
0fe87e4e36a122cd323e1426a06b1c24e104c7ba77eb6aebe103d49501e974e7

SHA512
cb581df964bbbe4469a5ac4eb498dc58102521b22061b6bb6549e61118a97984fda3ffcb5c96d71923f4dffa0622232a08bdf46fffe59132c8b269c71e7aedd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fcaa614e9dfe2939fe4e1222b090841

SHA1
05a87f47f480cbd25202696726390c8e14fae0f4

SHA256
e13fb12c5645fde5a5b7b735de936334cc659835fe9097b4006adffa092433c3

SHA512
bd6368d381eac65d21def4e055c300d44bdf665ac2f37f15a9baf98710e62f15e90dd21e6b6b6282b3c5e1480bb48c0bc4d7ffee9c52b7fd08a95c6933eb7e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e800829a0444bafaa6185afef70d111

SHA1
e46535b65844174decccca39e28ddcbb34553d7e

SHA256
f364e45ef19b6c7e9d92b6e56905adda85968b1f092ca03d2ed62053a790dfa2

SHA512
e004894e41489c663c730079ba89940c3aa4452aa0196f0ea1a7e99f2191a93cade07215daf00484305a1c0bdb1829368edb051fb250dcdfd25200321af92c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
08e50719ec245c052fbb395bb3057aae

SHA1
6053be269f2fd3df15f836914d3c1f87e3eecfbb

SHA256
8e41a3305bec0983065678166d135b0344420d371e21772c6469c170115eeaec

SHA512
79982f6b99aa3be6434f1fbfb3bef4c3d1556798348553f7a0d5789ae9e019fba2182a4b026cee7ff722f43d4e986182a4a97f386c49a985b31b45d1ceb886ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6baea5d176d033dbfd2e8e9bc8625b77

SHA1
a47913401747fb601524666093463667af5e7081

SHA256
5e48d7360e1917f94a6d2c724e66258e3f0b7cb6b5daa15d797b7d38d53a9e74

SHA512
9e2173f01a89996b1243fac17f6f4f96fa1175d82e64e8358df486ef863dbe9819faaea963abf9fda843ceb988c0243201ae1d869f3aa61dc680abd4fc7fb36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68f40c7e750b08c00e9a501afa46edee

SHA1
c8bd50a6f571b4f3048c63e1ae26081457b9a3f1

SHA256
8f6b54b9674d1880d03e6e106a5ea03eaabc6f871e2cb11dfbd9906c77f9e4fe

SHA512
adc8fa285bc7c55dee485e077ee893efa44a879fd8660b444b0ea6f272abccaf549d118ef8871c849cdfbb24c15f2bd7ea42ad10e55262140194f11035df9a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67defe3013f0a50724562e2b4cb704d3

SHA1
e9a89c7be258e995c7cec5ae78b3a3c860e1cc4c

SHA256
bb257acddad322a4d59aa0c2ba695b4486e36aa2ff673056bd2b78bf76e33e54

SHA512
e238f68a04f5fbc597dab9f346bdad730c76fdb48195512dad2a4b3760157e736f706e15d488eb441c1da47813dd8d97d4ba99effdb37eca136809427bd2d5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b461e993f4930ca1dbccb5d0218314c0

SHA1
d0b422614d590fabbe188772a4d89d992e6ec72a

SHA256
e6c698395b35c62c17da180132732c4e29f6fa9174d221d55d76d35a919d580c

SHA512
e0b0c7abace8920289dfa88d7b8f39a1b35131beb57d84f449ff851ea2238053b131f23ab98a5cea39f5b3db703589e2fa6125ca39a44e13db9c3df9f1ae0f36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a269d99e577c26faccbb9b534ad88a01

SHA1
5509f02433dcca41d6c543dfd245a7edb1670f11

SHA256
2f290ed448317807ac171de2f46a52f8b1c9c38d9d97bf7b1902ed52168c3049

SHA512
cb6ccc04fa0b22baa256fe25a3b139493c47ec73154c304c06911307d01cc733f5fe2b7f0cf1a7a70cb8f4d150f1459e5f262e63fc895971d9577e84983404c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7dd6504097ce5984a4a9b06d456f7186

SHA1
62389487b2ea432ad7fe8c867adeb8ee0d6c70b5

SHA256
c907871e41b968cd8c12d6af7e86418452e907678786de067004b50c9b5813eb

SHA512
c888049226d2956b1791f36a8127c6b7b77d2872033bb605f1a9a0174522da5d695068a1cbfdce26dfa5b160567953c9d896beff045b408133713b8c8c048a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
737dd000af159a76e5c406979fb0c93b

SHA1
0130d1374725a3bdc89a405bba4948496dd04a8d

SHA256
f9a10ee3d4182365b6e0b7d01b263997416a4a577e11c2b0b80afd7392d9ffbe

SHA512
6b28004961b17cb6fd75ca2660cf7f29afd69657be7c4a65b1b50b49aef9824193164d9ebd28b44768ac0f2f5531a9814bed57f7ab651f8b54010bc1a4a0f1d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ad6950fdc596a33ab28f578d98d51e8

SHA1
098824cd43c093cc71a0a7ce1739dbc64c4e45eb

SHA256
2afe13bdb95216db6deb7678fc0f396c743942189a09c91c28446572e031a618

SHA512
7810ed6c82b6fb9bff817e8bf9b3bf98e5677d8a1b3975e6dbd8acb6d441881775cce2d5a62d151002b741961f32f5d8458776d9cdcc780b430230cdd636653b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18aebe136ded98b441d8a0d9e6b844ef

SHA1
801d7397f29a3a43d6dcbdc00b62bea02aff3604

SHA256
5fdb134b3d82283f8007401e8792320011099bb8f6f4ef43b5069e30f9e7550d

SHA512
7b003cbb912b06df0f9edded88f1163b22e29ce1825603298b8dbb00ad8b2fd8e5af11be4061766ac16748da7534b65acafa4d61734fdb5f52a33c8665a3c4ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8216e886a3a9b2474e2527694c70b7a3

SHA1
31b433d560bb9f132a2278f36e07ea9af25aea15

SHA256
36e722a6ceaaaa35d39b819f56c59b92a0d50d227053132aa1e49e52468822be

SHA512
a0266aa29a5b93ea641a048b208481feab590aea638e2a5001edf90f833ef793f1986ca07dd1e85f33b3cac8c92f0212d724dd94f6dc5d84d3b0e497a0e324be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4cdaea83016d99ba71f1daee9b9ac710

SHA1
dfd5225c3efbd1d58c0acc185eec9e96a2268534

SHA256
14627fecd9ddf1dcdfd8791d82d697a6ed12ee220adb0d513cdafba1122317c5

SHA512
d4b92d211a9acd6c2bdbe695c83f3e8d6424b464005cf4e0ac2762af1902591633e315b7edb1418a8a7a5c4bf0eeb51b1ba9e9ede5b9fa143523e0b8428293e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d8e537fb2fe79417b09d7d48937b574

SHA1
df366494d395ae3ca5f739abc6c18c1a338be233

SHA256
96664f34cedccfab41dabbc9ea273e37f7fa655f52cb325896502ae3fbddad24

SHA512
66cf393ee423c6526ba4ae9f77a51558afe8b2d5f4bd9bbb2e71c9af0f03333581aa7023ed569dc4ae2a88e3b6fdd5a38448c91e9d5354890dfc56a2f44e4ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b532ce315679c8deea47e8fb1d04ed6

SHA1
214dbd0d3c5fe0ec51597828730199e473e4958a

SHA256
46677472d49c25b40c594208359a958cab96f0f6c1aa60bc6c02891758f70b47

SHA512
3c455f9b14725a8532050a25beb1df97a7267a2d016fb20cd0381f5189810c9272adce22a6ada19aef5d4016353e0f3c018e1d0f8ad9c4d2483638a8ae4380f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb37505e996553665fd7ca0746ba8475

SHA1
f0aedcb020d611be4c24b62417d715845143cc4f

SHA256
4590db36871b0e7a3ed616d4d753813004bb61cb5d9925979af6fc245e81aee8

SHA512
376ba9575fe0c795ef6c83597d8c46f530dd15f665c390d1c68140ff411344c0cf3131783076912568d101a52b36bde42f607773a332ab7f81680544b709dd06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
521c95495797e1bdc6f96969ca627f30

SHA1
6197b271fee3edabde5aef7bd85e670a0226b771

SHA256
dbf3cac4317dc4badf1a3ec952ff107baf438c3b096edc2e49798ab97aef4ae8

SHA512
2990f73544b9c7db38b4f6ee4425be511e11ae3f5e10c93c66b1284a3a24d4f0e38c2e9385d3557226406426fcde96bac08cae9a1236ae08d4a6b322637ed189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93cb94929e223d4d317394c61e2027c0

SHA1
38f681beb078c56ce9c18074ee6331f1cb7ec3e2

SHA256
1885d1cf7dd0f2d8194ddda1ae4c7c1fa40576b8b233bce694c86b3eeedfbda4

SHA512
daf86a049a75160cbabbaeb4c6dad150ab7beef6e4afce2f277637967af1d0226011d8dcac988e415b92b3e7ee8981a3c9686f2a77ca24ecd9ec2a764b1cefd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b42862b7b2f8a87ad0fa5de9bdb60b7a

SHA1
9d53788ba6b2b47b9f60d20b1b51760c7c97e27e

SHA256
a748b239cc11f144b468142ae2ec90c6d0a99cbf8c8666a5c38fa2a2aacfe84f

SHA512
bb4c122f49c6d3ee75f4eeb588ad1b2d2cadc8fcccebcdc9c31b4af8856ee0640a31b18e2aca23bb0693e12e45ef60f495508b6ea015ac7a5fde2e5203bc5359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27830023befc38df4bf919afe823a316

SHA1
b1c85755422e022228eb5d5474612f519c485bdd

SHA256
a712448768a7a89524b16493c4d1717ea684644ad04cf72598cad3332a2ca588

SHA512
b7f231a0e378698426923027a69bd9e83bf40253569ea02707bf8548916e2be45b9059661741ed1ed959b797fea440c2f341d80b43bb736caef8ae097ead37c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73d921578342de5d529e69321f71cb69

SHA1
39fb968022ef08ab1903fa3e644973405f14af4f

SHA256
07f84d69b764136a9c4ea9d8165ee9f201738625d139d9a8eb05b34f9f54e81a

SHA512
35fd1255f31928cbf72d759c9c5383a393895d204c65523518a54c1c0bd6db745c90d69912b656507737cbec90ce93b9b165acf198dbcb34cd87601167824f9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b10b063ff98590802be02fd5b57861a

SHA1
b76bbd0b44238a90baacc53cb9698485071cfab4

SHA256
f17adc157ff0fd4c5dda0a3d2378ea7b2e9ffe1d48c08d32b4cab32beda39985

SHA512
5b8285d41e881193bd22a1e64dfe24d233b248c849cafd5b4d00b6322f10d9b4e3ec78e73eee8f3a5cd7d699dfb8b3fbace782909940296714380c6aef3b98a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c9825eb7dfb8a3e0f2e382df46923e6

SHA1
5e5f716e4c6c1e9952c189038969967b9fb13800

SHA256
b9385db362be4ca63550a94e6a86f739bed24705dd92f138c8cd8f998e03f4ba

SHA512
69c26aa1b98c2a17755d41dc23a0a160a9f254dd69c0abe0fc3f06cf22eb067721466ca8d648ce5be5a42dba1a278cf1bb0e8b734820d571194628b79b082b5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ef745505fb99adb1f808f4f294da1a3

SHA1
fb46dbaeca9b63b9079f20ef50f56890c52ae533

SHA256
b2c69f925be6bcf6e78ae363f5f93e01f0cb81bd0e19b9f20580ae88297545e6

SHA512
0c71a8336d634cad42cf8ab4ba8beff81721c72a3a81122777e8349feae8ae5e5e5154cc2f564a277951e56fe6b506335cba8a318ef5a1cf5be0e96bdc0f3680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
da56346d3885c4c351fb5aa2744eddbb

SHA1
a2f5512774d3e7a0adf35fdc5a5e0dd5d634555b

SHA256
e59601b94d6f9305f345c99e80e69811caf7d904adb353f26e838800b452f96d

SHA512
449fbe1e8f9a665a393657ba3e479806b48e2b9b8fe3844fae3168dfa49ae93bf596c378816c0fc37d172839ee56358cc7f535dd011efa6653ed7fc268f198ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
675a381ffe4accdb67bba9880f6b77cd

SHA1
e57c8f57f6a31d1f124742b41837df70cbebc411

SHA256
afde33f1c8f8b83510302a4da20a866d150dc72e362c1fcfacb20a36bc3fa981

SHA512
023d309d57f6268b4b8ca0e1fce8ff7fec75b1a8673755c7216967daa83193e8006e27584f84851822df882d56539daa7c1117a0eaa4604a759af06bd7b95965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c83662b97ec2e803e012ffde1238cfb

SHA1
2330593a9f5778adc20ce3a6908ca5a77ec8c7ab

SHA256
7cbaea6a6fb1ba19d0e6c3105a3e1561b8efabaef00d25586feffb40f6f61bd3

SHA512
a6b40b19cc11e06d230e76fea46f397d8464160654200b57975ba51e05985b0f35388e0a5c6cd09be4c8368539a63f49a0b8ab4d8d0445b5a6097a63a8143a8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce2fbb4a4742a861cec49c61f1dfc152

SHA1
3b6491ef90a0769a7338fb6a0aedf61bfc447d8c

SHA256
093dc90e8efda0ff3b260efcb54a90baae6a2ae20e99fa6ada863d0058dea44e

SHA512
c046eaff464455a5d79ef1d8f26d7018dcb9630197ffe4d93990c8fe90ff34b8147d4b28423653d8cadfdcd75a1959e6753eec160b3eb0c490b50b7ca92dcc62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
920d386042976a55dde9dc8ca70b409d

SHA1
957b59b8d4fda58c7428027e68436aec11460d54

SHA256
4520db53b157fa88bffa9ec5efcb395ec7f665d2c42fc39631e3dbaffe3f660c

SHA512
c66ec8d08336ffa56364fb323456800a100fc9863ae10439bc534bcbb08fab11eff35f7c06a3df43f9beebc447dbb51e6c8e35541fae88d42ccc88f9d98159aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5fce34c5536ba229d77b9cef5485d36

SHA1
a63301591f33dcaad059c881fb2bc9af2cc81df1

SHA256
d3f8382fa285a2b0f270e05a797ab476ed187018cdcf4d1bbe929524f2d77cbd

SHA512
35cec8e03186d5b9345e9a0f6394c4d1f12bec4a344c3f803f92d2533f5b7435459b6aaa2fc8b2c80aced86f1270d0f50f9d7a5f949ddd693435e9d27f867ec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a5a16be6511c10b4580c07a9bd33567

SHA1
8857882acd50e99ac3b6f9641a9823250b4f1957

SHA256
d268bedd36c6581c9e354d943c2f1083355456a557473c42a16ad82256bba136

SHA512
1876ed33d551f0bb47576fbca63c499192370ff9534c3aef50d8183dc09f670315c193e24968e25bdcace0069dabe2f35de39541835828ddc28705d6946567c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
16a6d0e8d405d459306f5afd69efe932

SHA1
d8e1a0100d4dc534dcfa6c8d00a3ce95f3807b7d

SHA256
9455a84bd41965906282a9e758d0f5eabe4d2676d99566926a1cd8d11ca7c894

SHA512
1fa9e176874067c672642e7c37f1f7d138b927a1663faa8e1aa1de7a43667cc12f1faa9b2e34014845b1e310bdd2765c969ce8f3b578b4c63e9a301f64f715eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\dacc93b3-cac6-42d5-8d20-784c81e639c0.tmp

Filesize
9KB

MD5
2fe98e887b68cfea7649da7c9b2f2d5e

SHA1
7abbf6503b501da74c73996dca3a5eca62a5594b

SHA256
73dcd2e30cb366ece195acfdb1c7bd4f4f45b6e421be9c3f75f357974e1285f2

SHA512
ff6c457a350362cc312dce85e26cea93bc23e85dc542bfbf61e280fe55c40d353b199d5f3aa1ba948ae44c2aa183cb7f66b3cb1fc5fbc96d91601115cfef4801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
0a8ea86a70031cf3508cb857d210fde9

SHA1
d4e55f1ed8d59d848cfd74450e29df628ab6b4d8

SHA256
0c97bd3651ec963d90c916092e8c321b86184e0e83bd23f007091540a447c549

SHA512
51920846dcd6e38be352f7794c60da9e1a00df8a9211be64e14c03accba8d11f25cb37447eebd46709440523940d67a996b3ede4c412e77adf15fc4783554f41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
c57bc9e2334c3dc8a6277b9658905f80

SHA1
0917ead49e425aaab014c58e9e40dddef251d3c4

SHA256
4999f5b3684df9e19aa6fa95f6752d339212c13c73e3b963bc19a66231d3e05c

SHA512
89a6df3c161d1a716297e3888a68de2b5b8e30b9d2fbaab275a14d13e1fa355c2a12d20223ca4ea01321947de041ecd3674524975a065e14fc9ffe68cfa02469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
621bea048b7716cb303233895c537e93

SHA1
61ca61732396f529ed7b6acbfa18adda55ab180d

SHA256
3474f68abcf5a88c8800010cdba0f56200a9f48072c52662cf4bcc8980bac402

SHA512
b5d0923511969a4169969b205c66b111c55d5013dd31c4b33d525c2b3f68986383e14d702ddef7405e97e86afc6aec107fec0653467f4c3284c3d9a9f9d42427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
52938fb8e05d8219fe8eeb1e4f926f34

SHA1
f9bfb77a3b9becdfa8b54429f5fcfd60f8f73175

SHA256
0bd666c535648fd5d3f72178b71a769a7e39e44013bd0dddeace14e5ac5f97d8

SHA512
1f89522de591d20c0f2d12bacbc2c009a8d9bb95069740da5a3fe19be95aeaca6b6989655afd1ca77622e78b3866715ad3fe9c69f19bb05f2a56be7e49a686c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
4c86034dd12622bb4b4f403d4949da04

SHA1
99d1aa0fe896b408803259f8aaa88fdbc95bb857

SHA256
0575650c51ae6fae1964e1e4bc4d1b1ee0c52c945720fef5b054390c4303e5c7

SHA512
b940faf5d7da7b6f16d2aa40619eb6711c76d467d89193e0028e329066778110b94fcbc4e9717cf6d3c1b440322fdbaed7e1241ae7f37577aaab9866aeb7f922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Nitro Generator.exe.log

Filesize
654B

MD5
2cbbb74b7da1f720b48ed31085cbd5b8

SHA1
79caa9a3ea8abe1b9c4326c3633da64a5f724964

SHA256
e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3

SHA512
ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
627073ee3ca9676911bee35548eff2b8

SHA1
4c4b68c65e2cab9864b51167d710aa29ebdcff2e

SHA256
85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

SHA512
3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
1a9fa92a4f2e2ec9e244d43a6a4f8fb9

SHA1
9910190edfaccece1dfcc1d92e357772f5dae8f7

SHA256
0ee052d5333fd5fd86bc84856fec98e045f077a7ac8051651bf7c521b9706888

SHA512
5d2361476fa22200e6f83883efe7dcb8c3fe7dae8d56e04e28a36e9ae1270c327b6aa161d92b239593da7661289d002c574446ecfd6bd19928209aae25e3ef64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
cef328ddb1ee8916e7a658919323edd8

SHA1
a676234d426917535e174f85eabe4ef8b88256a5

SHA256
a1b5b7ada8ebc910f20f91ada3991d3321104e9da598c958b1edac9f9aca0e90

SHA512
747400c20ca5b5fd1b54bc24e75e6a78f15af61df263be932d2ee7b2f34731c2de8ce03b2706954fb098c1ac36f0b761cf37e418738fa91f2a8ea78572f545cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lxqm0ksi.few.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Nitro Generator.rar

Filesize
112KB

MD5
70f94486cf1743a47dd6c6859a98ebb2

SHA1
e0d28940b5d8576ad31ac9d783b1892f6490dfc3

SHA256
52ed20789b1b8544d4a80aff58688e47ba6d17ac8153c71f73119e64d6584e70

SHA512
f9c6f4545e8017684053e20a2e5f2fbe2c3d68aa8d8c9a174732d706fff702da2132ada36c7d7be606141aa9db4c02543f19451d36e0b646fb6ef7b7a97c46d2

Download Submit
C:\Users\Admin\Downloads\Nitro Generator.rar:Zone.Identifier

Filesize
52B

MD5
dfcb8dc1e74a5f6f8845bcdf1e3dee6c

SHA1
ba515dc430c8634db4900a72e99d76135145d154

SHA256
161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67

SHA512
c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

Download Submit
C:\Users\Admin\Downloads\Nitro Generator\Fixer.exe

Filesize
227KB

MD5
e0b330308d97d9a6208d028f9269307d

SHA1
ce061486c0042df848ef84be7ba4383397aaadf5

SHA256
93201911a0d40cbf2f2e922d04a69ee5d0c78137f3a24c0bdcfbf39c281a7202

SHA512
e91c36768b4a82c6506dc8dae2e88bd37c026c1c86f5b24dd49504f6e9fcf43f4d35cf478a3a7248115ab428dbc54cb1ce75854950743a65a81ab76fdd28bf3b

Download Submit
C:\Users\Admin\Downloads\Nitro Generator\Nitro Generator.exe

Filesize
37KB

MD5
09f7d3b62619c9ed6958d869a8b06717

SHA1
efb96e8ad437cfa3dd78cc44e6da9f413bf43c95

SHA256
7d60c95debd49a4976f6719440eebc9333628187fc474904515731cfd87a459b

SHA512
54016dafb32a01aa705af94129ed9aff36f241e548494416fb66940151a01858da554c9553f251ac2ea502234b431a1dd503c72ddea762ab8ad00931f78c0c66

Download Submit
memory/2948-601-0x0000000001510000-0x0000000001592000-memory.dmp

Filesize
520KB

Download
memory/2948-298-0x0000000000DA0000-0x0000000000DB0000-memory.dmp

Filesize
64KB

Download
memory/3100-294-0x000001A624570000-0x000001A6245B0000-memory.dmp

Filesize
256KB

Download
memory/4168-304-0x0000022C36E30000-0x0000022C36E52000-memory.dmp

Filesize
136KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request