Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    163s
  • max time network
    164s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/12/2024, 16:58 UTC

General

  • Target

    https://gofile.io/d/HQdVvH

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

RATT

C2

REATTY-39697.portmap.host:39697

Mutex

c495778e-b39b-4a41-a334-92a92e0045f6

Attributes
  • encryption_key

    DFF3B9FA24D9D7DB4D5E0215CD03FD70D0300D2D

  • install_name

    Skibidi.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    RAT TEST

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar family
  • Quasar payload 2 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 4 IoCs
  • NTFS ADS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 37 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/HQdVvH
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e9be3cb8,0x7ff8e9be3cc8,0x7ff8e9be3cd8
      2⤵
        PID:3948
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
        2⤵
          PID:4220
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4720
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
          2⤵
            PID:2424
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
            2⤵
              PID:2992
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
              2⤵
                PID:2940
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
                2⤵
                  PID:1500
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3396
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
                  2⤵
                    PID:2064
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                    2⤵
                      PID:4496
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5732 /prefetch:8
                      2⤵
                        PID:1868
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2364
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
                        2⤵
                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                        • NTFS ADS
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2888
                      • C:\Users\Admin\Downloads\AIMMY AI.exe
                        "C:\Users\Admin\Downloads\AIMMY AI.exe"
                        2⤵
                        • Executes dropped EXE
                        • NTFS ADS
                        • Suspicious use of AdjustPrivilegeToken
                        PID:3364
                        • C:\Users\Admin\AppData\Roaming\RAT TEST\Skibidi.exe
                          "C:\Users\Admin\AppData\Roaming\RAT TEST\Skibidi.exe"
                          3⤵
                          • Executes dropped EXE
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          PID:3660
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
                        2⤵
                          PID:2300
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
                          2⤵
                            PID:1452
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                            2⤵
                              PID:696
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
                              2⤵
                                PID:4548
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2208
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2012
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                  1⤵
                                    PID:2376
                                  • C:\Windows\system32\BackgroundTransferHost.exe
                                    "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                    1⤵
                                    • Modifies registry class
                                    PID:1424
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                    1⤵
                                    • Drops file in Windows directory
                                    • Enumerates system info in registry
                                    • Modifies data under HKEY_USERS
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    PID:1728
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d780cc40,0x7ff8d780cc4c,0x7ff8d780cc58
                                      2⤵
                                        PID:3520
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2328,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2316 /prefetch:2
                                        2⤵
                                          PID:3632
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1656,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2364 /prefetch:3
                                          2⤵
                                            PID:3352
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1976,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:8
                                            2⤵
                                              PID:228
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
                                              2⤵
                                                PID:4828
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
                                                2⤵
                                                  PID:2732
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
                                                  2⤵
                                                    PID:984
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4312 /prefetch:8
                                                    2⤵
                                                      PID:2192
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
                                                      2⤵
                                                        PID:3564
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4312,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
                                                        2⤵
                                                          PID:4332
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
                                                          2⤵
                                                            PID:4844
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
                                                            2⤵
                                                              PID:1892
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5212,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
                                                              2⤵
                                                                PID:3076
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4684,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:2
                                                                2⤵
                                                                  PID:1288
                                                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                1⤵
                                                                  PID:4716
                                                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                  1⤵
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:3892
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                  1⤵
                                                                    PID:5000
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                    1⤵
                                                                    • Drops file in Windows directory
                                                                    • Enumerates system info in registry
                                                                    • Modifies data under HKEY_USERS
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    • Suspicious use of SendNotifyMessage
                                                                    PID:1032
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff8d780cc40,0x7ff8d780cc4c,0x7ff8d780cc58
                                                                      2⤵
                                                                        PID:500
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=1912 /prefetch:2
                                                                        2⤵
                                                                          PID:2516
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1684,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2016 /prefetch:3
                                                                          2⤵
                                                                            PID:4552
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2212 /prefetch:8
                                                                            2⤵
                                                                              PID:4216
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=3196 /prefetch:1
                                                                              2⤵
                                                                                PID:3828
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=3244 /prefetch:1
                                                                                2⤵
                                                                                  PID:1604
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3512,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=4444 /prefetch:1
                                                                                  2⤵
                                                                                    PID:2228
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=4788 /prefetch:8
                                                                                    2⤵
                                                                                      PID:2892
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4556,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=5000 /prefetch:8
                                                                                      2⤵
                                                                                        PID:2948
                                                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                      1⤵
                                                                                        PID:4332
                                                                                      • C:\Windows\System32\rundll32.exe
                                                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                        1⤵
                                                                                          PID:4716
                                                                                        • C:\Users\Admin\Downloads\AIMMY AI.exe
                                                                                          "C:\Users\Admin\Downloads\AIMMY AI.exe"
                                                                                          1⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:2592

                                                                                        Network

                                                                                        • flag-us
                                                                                          DNS
                                                                                          gofile.io
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          gofile.io
                                                                                          IN A
                                                                                          Response
                                                                                          gofile.io
                                                                                          IN A
                                                                                          45.112.123.126
                                                                                        • flag-us
                                                                                          DNS
                                                                                          ocsp.digicert.com
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          ocsp.digicert.com
                                                                                          IN A
                                                                                          Response
                                                                                          ocsp.digicert.com
                                                                                          IN CNAME
                                                                                          ocsp.edge.digicert.com
                                                                                          ocsp.edge.digicert.com
                                                                                          IN CNAME
                                                                                          fp2e7a.wpc.2be4.phicdn.net
                                                                                          fp2e7a.wpc.2be4.phicdn.net
                                                                                          IN CNAME
                                                                                          fp2e7a.wpc.phicdn.net
                                                                                          fp2e7a.wpc.phicdn.net
                                                                                          IN A
                                                                                          192.229.221.95
                                                                                        • flag-us
                                                                                          DNS
                                                                                          8.8.8.8.in-addr.arpa
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          8.8.8.8.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                          8.8.8.8.in-addr.arpa
                                                                                          IN PTR
                                                                                          dnsgoogle
                                                                                        • flag-us
                                                                                          DNS
                                                                                          store9.gofile.io
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          store9.gofile.io
                                                                                          IN A
                                                                                          Response
                                                                                          store9.gofile.io
                                                                                          IN A
                                                                                          94.139.32.9
                                                                                        • flag-us
                                                                                          DNS
                                                                                          browser.pipe.aria.microsoft.com
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          browser.pipe.aria.microsoft.com
                                                                                          IN A
                                                                                          Response
                                                                                          browser.pipe.aria.microsoft.com
                                                                                          IN CNAME
                                                                                          browser.events.data.trafficmanager.net
                                                                                          browser.events.data.trafficmanager.net
                                                                                          IN CNAME
                                                                                          onedscolprdeus08.eastus.cloudapp.azure.com
                                                                                          onedscolprdeus08.eastus.cloudapp.azure.com
                                                                                          IN A
                                                                                          20.42.65.88
                                                                                        • flag-us
                                                                                          DNS
                                                                                          www.bing.com
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          www.bing.com
                                                                                          IN A
                                                                                          Response
                                                                                          www.bing.com
                                                                                          IN CNAME
                                                                                          www-www.bing.com.trafficmanager.net
                                                                                          www-www.bing.com.trafficmanager.net
                                                                                          IN CNAME
                                                                                          www.bing.com.edgekey.net
                                                                                          www.bing.com.edgekey.net
                                                                                          IN CNAME
                                                                                          e86303.dscx.akamaiedge.net
                                                                                          e86303.dscx.akamaiedge.net
                                                                                          IN A
                                                                                          92.123.128.140
                                                                                          e86303.dscx.akamaiedge.net
                                                                                          IN A
                                                                                          92.123.128.134
                                                                                          e86303.dscx.akamaiedge.net
                                                                                          IN A
                                                                                          92.123.128.136
                                                                                          e86303.dscx.akamaiedge.net
                                                                                          IN A
                                                                                          92.123.128.137
                                                                                          e86303.dscx.akamaiedge.net
                                                                                          IN A
                                                                                          92.123.128.139
                                                                                          e86303.dscx.akamaiedge.net
                                                                                          IN A
                                                                                          92.123.128.138
                                                                                          e86303.dscx.akamaiedge.net
                                                                                          IN A
                                                                                          92.123.128.135
                                                                                          e86303.dscx.akamaiedge.net
                                                                                          IN A
                                                                                          92.123.128.142
                                                                                          e86303.dscx.akamaiedge.net
                                                                                          IN A
                                                                                          92.123.128.141
                                                                                        • flag-us
                                                                                          DNS
                                                                                          www.google.com
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          www.google.com
                                                                                          IN A
                                                                                          Response
                                                                                          www.google.com
                                                                                          IN A
                                                                                          142.250.187.196
                                                                                        • flag-us
                                                                                          DNS
                                                                                          teams-ring.msedge.net
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          teams-ring.msedge.net
                                                                                          IN A
                                                                                          Response
                                                                                          teams-ring.msedge.net
                                                                                          IN CNAME
                                                                                          teams-ring.teams-9999.teams-msedge.net
                                                                                          teams-ring.teams-9999.teams-msedge.net
                                                                                          IN CNAME
                                                                                          teams-9999.teams-msedge.net
                                                                                          teams-9999.teams-msedge.net
                                                                                          IN A
                                                                                          52.113.196.254
                                                                                        • flag-us
                                                                                          DNS
                                                                                          33.200.250.142.in-addr.arpa
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          33.200.250.142.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                          33.200.250.142.in-addr.arpa
                                                                                          IN PTR
                                                                                          lhr48s30-in-f11e100net
                                                                                        • flag-us
                                                                                          DNS
                                                                                          nexusrules.officeapps.live.com
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          nexusrules.officeapps.live.com
                                                                                          IN A
                                                                                          Response
                                                                                          nexusrules.officeapps.live.com
                                                                                          IN CNAME
                                                                                          prod.nexusrules.live.com.akadns.net
                                                                                          prod.nexusrules.live.com.akadns.net
                                                                                          IN A
                                                                                          52.111.227.14
                                                                                        • flag-us
                                                                                          DNS
                                                                                          254.42.107.13.in-addr.arpa
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          254.42.107.13.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                        • flag-us
                                                                                          DNS
                                                                                          14.178.250.142.in-addr.arpa
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          14.178.250.142.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                          14.178.250.142.in-addr.arpa
                                                                                          IN PTR
                                                                                          lhr48s27-in-f141e100net
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://gofile.io/d/HQdVvH
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /d/HQdVvH HTTP/2.0
                                                                                          host: gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          dnt: 1
                                                                                          upgrade-insecure-requests: 1
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                          sec-fetch-site: none
                                                                                          sec-fetch-mode: navigate
                                                                                          sec-fetch-user: ?1
                                                                                          sec-fetch-dest: document
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:23 GMT
                                                                                          content-type: text/html; charset=UTF-8
                                                                                          x-dns-prefetch-control: off
                                                                                          expect-ct: max-age=0
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-download-options: noopen
                                                                                          x-content-type-options: nosniff
                                                                                          origin-agent-cluster: ?1
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          referrer-policy: origin
                                                                                          x-xss-protection: 0
                                                                                          cache-control: public, max-age=0
                                                                                          last-modified: Mon, 02 Dec 2024 21:48:24 GMT
                                                                                          etag: W/"1cfa-19389589822"
                                                                                          content-encoding: gzip
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://gofile.io/dist/css/output.css
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /dist/css/output.css HTTP/2.0
                                                                                          host: gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          accept: text/css,*/*;q=0.1
                                                                                          sec-fetch-site: same-origin
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: style
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:23 GMT
                                                                                          content-type: text/css; charset=UTF-8
                                                                                          x-dns-prefetch-control: off
                                                                                          expect-ct: max-age=0
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-download-options: noopen
                                                                                          x-content-type-options: nosniff
                                                                                          origin-agent-cluster: ?1
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          referrer-policy: origin
                                                                                          x-xss-protection: 0
                                                                                          cache-control: public, max-age=0
                                                                                          last-modified: Mon, 02 Dec 2024 21:48:24 GMT
                                                                                          etag: W/"1071f-1938958981e"
                                                                                          content-encoding: gzip
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://gofile.io/plugins/fontawesome/css/all.min.css
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /plugins/fontawesome/css/all.min.css HTTP/2.0
                                                                                          host: gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          accept: text/css,*/*;q=0.1
                                                                                          sec-fetch-site: same-origin
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: style
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:23 GMT
                                                                                          content-type: text/css; charset=UTF-8
                                                                                          x-dns-prefetch-control: off
                                                                                          expect-ct: max-age=0
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-download-options: noopen
                                                                                          x-content-type-options: nosniff
                                                                                          origin-agent-cluster: ?1
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          referrer-policy: origin
                                                                                          x-xss-protection: 0
                                                                                          cache-control: public, max-age=0
                                                                                          last-modified: Mon, 02 Dec 2024 21:48:24 GMT
                                                                                          etag: W/"17906-19389589822"
                                                                                          content-encoding: gzip
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://gofile.io/dist/js/global.js
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /dist/js/global.js HTTP/2.0
                                                                                          host: gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          accept: */*
                                                                                          sec-fetch-site: same-origin
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: script
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:23 GMT
                                                                                          content-type: application/javascript; charset=UTF-8
                                                                                          x-dns-prefetch-control: off
                                                                                          expect-ct: max-age=0
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-download-options: noopen
                                                                                          x-content-type-options: nosniff
                                                                                          origin-agent-cluster: ?1
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          referrer-policy: origin
                                                                                          x-xss-protection: 0
                                                                                          cache-control: public, max-age=0
                                                                                          last-modified: Sat, 07 Dec 2024 16:03:37 GMT
                                                                                          etag: W/"55ebf-193a1dcba61"
                                                                                          content-encoding: gzip
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://gofile.io/dist/js/framework.js
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /dist/js/framework.js HTTP/2.0
                                                                                          host: gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          accept: */*
                                                                                          sec-fetch-site: same-origin
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: script
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:23 GMT
                                                                                          content-type: application/javascript; charset=UTF-8
                                                                                          x-dns-prefetch-control: off
                                                                                          expect-ct: max-age=0
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-download-options: noopen
                                                                                          x-content-type-options: nosniff
                                                                                          origin-agent-cluster: ?1
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          referrer-policy: origin
                                                                                          x-xss-protection: 0
                                                                                          cache-control: public, max-age=0
                                                                                          last-modified: Wed, 04 Dec 2024 03:24:05 GMT
                                                                                          etag: W/"231b-1938fb24543"
                                                                                          content-encoding: gzip
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://gofile.io/dist/js/blockies.min.js
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /dist/js/blockies.min.js HTTP/2.0
                                                                                          host: gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          accept: */*
                                                                                          sec-fetch-site: same-origin
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: script
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:23 GMT
                                                                                          content-type: application/javascript; charset=UTF-8
                                                                                          x-dns-prefetch-control: off
                                                                                          expect-ct: max-age=0
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-download-options: noopen
                                                                                          x-content-type-options: nosniff
                                                                                          origin-agent-cluster: ?1
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          referrer-policy: origin
                                                                                          x-xss-protection: 0
                                                                                          cache-control: public, max-age=0
                                                                                          last-modified: Mon, 02 Dec 2024 21:48:24 GMT
                                                                                          etag: W/"55a-1938958981e"
                                                                                          content-encoding: gzip
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://gofile.io/dist/img/logo-small-70.png
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /dist/img/logo-small-70.png HTTP/2.0
                                                                                          host: gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                          sec-fetch-site: same-origin
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: image
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:24 GMT
                                                                                          content-type: image/png
                                                                                          content-length: 2367
                                                                                          x-dns-prefetch-control: off
                                                                                          expect-ct: max-age=0
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-download-options: noopen
                                                                                          x-content-type-options: nosniff
                                                                                          origin-agent-cluster: ?1
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          referrer-policy: origin
                                                                                          x-xss-protection: 0
                                                                                          accept-ranges: bytes
                                                                                          cache-control: public, max-age=0
                                                                                          last-modified: Mon, 02 Dec 2024 21:48:24 GMT
                                                                                          etag: W/"93f-1938958981e"
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://gofile.io/plugins/fontawesome/webfonts/fa-solid-900.woff2
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /plugins/fontawesome/webfonts/fa-solid-900.woff2 HTTP/2.0
                                                                                          host: gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          origin: https://gofile.io
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          dnt: 1
                                                                                          accept: */*
                                                                                          sec-fetch-site: same-origin
                                                                                          sec-fetch-mode: cors
                                                                                          sec-fetch-dest: font
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:24 GMT
                                                                                          content-type: font/woff2
                                                                                          content-length: 157192
                                                                                          x-dns-prefetch-control: off
                                                                                          expect-ct: max-age=0
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-download-options: noopen
                                                                                          x-content-type-options: nosniff
                                                                                          origin-agent-cluster: ?1
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          referrer-policy: origin
                                                                                          x-xss-protection: 0
                                                                                          accept-ranges: bytes
                                                                                          cache-control: public, max-age=0
                                                                                          last-modified: Mon, 02 Dec 2024 21:48:25 GMT
                                                                                          etag: W/"26608-1938958982a"
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://gofile.io/plugins/fontawesome/webfonts/fa-brands-400.woff2
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /plugins/fontawesome/webfonts/fa-brands-400.woff2 HTTP/2.0
                                                                                          host: gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          origin: https://gofile.io
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          dnt: 1
                                                                                          accept: */*
                                                                                          sec-fetch-site: same-origin
                                                                                          sec-fetch-mode: cors
                                                                                          sec-fetch-dest: font
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:24 GMT
                                                                                          content-type: font/woff2
                                                                                          content-length: 118072
                                                                                          x-dns-prefetch-control: off
                                                                                          expect-ct: max-age=0
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-download-options: noopen
                                                                                          x-content-type-options: nosniff
                                                                                          origin-agent-cluster: ?1
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          referrer-policy: origin
                                                                                          x-xss-protection: 0
                                                                                          accept-ranges: bytes
                                                                                          cache-control: public, max-age=0
                                                                                          last-modified: Mon, 02 Dec 2024 21:48:24 GMT
                                                                                          etag: W/"1cd38-19389589822"
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://gofile.io/dist/img/favicon32.png
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /dist/img/favicon32.png HTTP/2.0
                                                                                          host: gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                          sec-fetch-site: same-origin
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: image
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:24 GMT
                                                                                          content-type: image/png
                                                                                          content-length: 903
                                                                                          x-dns-prefetch-control: off
                                                                                          expect-ct: max-age=0
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-download-options: noopen
                                                                                          x-content-type-options: nosniff
                                                                                          origin-agent-cluster: ?1
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          referrer-policy: origin
                                                                                          x-xss-protection: 0
                                                                                          accept-ranges: bytes
                                                                                          cache-control: public, max-age=0
                                                                                          last-modified: Mon, 02 Dec 2024 21:48:24 GMT
                                                                                          etag: W/"387-1938958981e"
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://gofile.io/contents/filemanager.html
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /contents/filemanager.html HTTP/2.0
                                                                                          host: gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          accept: */*
                                                                                          sec-fetch-site: same-origin
                                                                                          sec-fetch-mode: cors
                                                                                          sec-fetch-dest: empty
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          cookie: accountToken=GacEmgZlzf6WMPuQbFg4txbdeQFpwY8F
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:24 GMT
                                                                                          content-type: text/html; charset=UTF-8
                                                                                          x-dns-prefetch-control: off
                                                                                          expect-ct: max-age=0
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-download-options: noopen
                                                                                          x-content-type-options: nosniff
                                                                                          origin-agent-cluster: ?1
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          referrer-policy: origin
                                                                                          x-xss-protection: 0
                                                                                          cache-control: public, max-age=0
                                                                                          last-modified: Wed, 04 Dec 2024 02:58:18 GMT
                                                                                          etag: W/"484e-1938f9aaa9f"
                                                                                          content-encoding: gzip
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://s.gofile.io/js/script.js
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          51.75.242.210:443
                                                                                          Request
                                                                                          GET /js/script.js HTTP/2.0
                                                                                          host: s.gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          accept: */*
                                                                                          sec-fetch-site: same-site
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: script
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          access-control-allow-origin: *
                                                                                          cache-control: public, max-age=86400, must-revalidate
                                                                                          content-type: application/javascript
                                                                                          cross-origin-resource-policy: cross-origin
                                                                                          date: Mon, 09 Dec 2024 16:58:24 GMT
                                                                                          server: Cowboy
                                                                                          x-content-type-options: nosniff
                                                                                          content-length: 1346
                                                                                        • flag-fr
                                                                                          POST
                                                                                          https://api.gofile.io/accounts
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          POST /accounts HTTP/2.0
                                                                                          host: api.gofile.io
                                                                                          content-length: 0
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          accept: */*
                                                                                          origin: https://gofile.io
                                                                                          sec-fetch-site: same-site
                                                                                          sec-fetch-mode: cors
                                                                                          sec-fetch-dest: empty
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:24 GMT
                                                                                          content-type: application/json; charset=utf-8
                                                                                          access-control-allow-origin: https://gofile.io
                                                                                          access-control-allow-headers: Content-Type, Authorization
                                                                                          access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                                                                          access-control-allow-credentials: true
                                                                                          content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                          cross-origin-embedder-policy: require-corp
                                                                                          cross-origin-opener-policy: same-origin
                                                                                          cross-origin-resource-policy: cross-origin
                                                                                          origin-agent-cluster: ?1
                                                                                          referrer-policy: no-referrer
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-content-type-options: nosniff
                                                                                          x-dns-prefetch-control: off
                                                                                          x-download-options: noopen
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          x-xss-protection: 0
                                                                                          etag: W/"b2-X7ZDJqgZHPbdUqOfGWhn46RdkRU"
                                                                                          content-encoding: gzip
                                                                                        • flag-fr
                                                                                          OPTIONS
                                                                                          https://api.gofile.io/accounts/website
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          OPTIONS /accounts/website HTTP/2.0
                                                                                          host: api.gofile.io
                                                                                          accept: */*
                                                                                          access-control-request-method: GET
                                                                                          access-control-request-headers: authorization
                                                                                          origin: https://gofile.io
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          sec-fetch-mode: cors
                                                                                          sec-fetch-site: same-site
                                                                                          sec-fetch-dest: empty
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:24 GMT
                                                                                          content-type: text/html; charset=utf-8
                                                                                          content-length: 8
                                                                                          access-control-allow-origin: https://gofile.io
                                                                                          access-control-allow-headers: Content-Type, Authorization
                                                                                          access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                                                                          access-control-allow-credentials: true
                                                                                          content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                          cross-origin-embedder-policy: require-corp
                                                                                          cross-origin-opener-policy: same-origin
                                                                                          cross-origin-resource-policy: cross-origin
                                                                                          origin-agent-cluster: ?1
                                                                                          referrer-policy: no-referrer
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-content-type-options: nosniff
                                                                                          x-dns-prefetch-control: off
                                                                                          x-download-options: noopen
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          x-xss-protection: 0
                                                                                          allow: GET,HEAD
                                                                                          etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://api.gofile.io/accounts/website
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /accounts/website HTTP/2.0
                                                                                          host: api.gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          authorization: Bearer GacEmgZlzf6WMPuQbFg4txbdeQFpwY8F
                                                                                          accept: */*
                                                                                          origin: https://gofile.io
                                                                                          sec-fetch-site: same-site
                                                                                          sec-fetch-mode: cors
                                                                                          sec-fetch-dest: empty
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:24 GMT
                                                                                          content-type: application/json; charset=utf-8
                                                                                          access-control-allow-origin: https://gofile.io
                                                                                          access-control-allow-headers: Content-Type, Authorization
                                                                                          access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                                                                          access-control-allow-credentials: true
                                                                                          content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                          cross-origin-embedder-policy: require-corp
                                                                                          cross-origin-opener-policy: same-origin
                                                                                          cross-origin-resource-policy: cross-origin
                                                                                          origin-agent-cluster: ?1
                                                                                          referrer-policy: no-referrer
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-content-type-options: nosniff
                                                                                          x-dns-prefetch-control: off
                                                                                          x-download-options: noopen
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          x-xss-protection: 0
                                                                                          etag: W/"144-z5mP6yMmJ5QtGMgYqkBOnXiHE28"
                                                                                          content-encoding: gzip
                                                                                        • flag-fr
                                                                                          OPTIONS
                                                                                          https://api.gofile.io/contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          OPTIONS /contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1 HTTP/2.0
                                                                                          host: api.gofile.io
                                                                                          accept: */*
                                                                                          access-control-request-method: GET
                                                                                          access-control-request-headers: authorization
                                                                                          origin: https://gofile.io
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          sec-fetch-mode: cors
                                                                                          sec-fetch-site: same-site
                                                                                          sec-fetch-dest: empty
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:25 GMT
                                                                                          content-type: text/html; charset=utf-8
                                                                                          content-length: 8
                                                                                          access-control-allow-origin: https://gofile.io
                                                                                          access-control-allow-headers: Content-Type, Authorization
                                                                                          access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                                                                          access-control-allow-credentials: true
                                                                                          content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                          cross-origin-embedder-policy: require-corp
                                                                                          cross-origin-opener-policy: same-origin
                                                                                          cross-origin-resource-policy: cross-origin
                                                                                          origin-agent-cluster: ?1
                                                                                          referrer-policy: no-referrer
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-content-type-options: nosniff
                                                                                          x-dns-prefetch-control: off
                                                                                          x-download-options: noopen
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          x-xss-protection: 0
                                                                                          allow: GET,HEAD
                                                                                          etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
                                                                                        • flag-fr
                                                                                          GET
                                                                                          https://api.gofile.io/contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          45.112.123.126:443
                                                                                          Request
                                                                                          GET /contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1 HTTP/2.0
                                                                                          host: api.gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          authorization: Bearer GacEmgZlzf6WMPuQbFg4txbdeQFpwY8F
                                                                                          accept: */*
                                                                                          origin: https://gofile.io
                                                                                          sec-fetch-site: same-site
                                                                                          sec-fetch-mode: cors
                                                                                          sec-fetch-dest: empty
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:25 GMT
                                                                                          content-type: application/json; charset=utf-8
                                                                                          access-control-allow-origin: https://gofile.io
                                                                                          access-control-allow-headers: Content-Type, Authorization
                                                                                          access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                                                                          access-control-allow-credentials: true
                                                                                          content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                          cross-origin-embedder-policy: require-corp
                                                                                          cross-origin-opener-policy: same-origin
                                                                                          cross-origin-resource-policy: cross-origin
                                                                                          origin-agent-cluster: ?1
                                                                                          referrer-policy: no-referrer
                                                                                          strict-transport-security: max-age=15552000; includeSubDomains
                                                                                          x-content-type-options: nosniff
                                                                                          x-dns-prefetch-control: off
                                                                                          x-download-options: noopen
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          x-permitted-cross-domain-policies: none
                                                                                          x-xss-protection: 0
                                                                                          etag: W/"366-nE/jmvXkF7NCndAvI7zzdiuW624"
                                                                                          content-encoding: gzip
                                                                                        • flag-us
                                                                                          DNS
                                                                                          172.210.232.199.in-addr.arpa
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          172.210.232.199.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                        • flag-us
                                                                                          DNS
                                                                                          9.32.139.94.in-addr.arpa
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          9.32.139.94.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                        • flag-us
                                                                                          DNS
                                                                                          ctldl.windowsupdate.com
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          ctldl.windowsupdate.com
                                                                                          IN A
                                                                                          Response
                                                                                          ctldl.windowsupdate.com
                                                                                          IN CNAME
                                                                                          ctldl.windowsupdate.com.delivery.microsoft.com
                                                                                          ctldl.windowsupdate.com.delivery.microsoft.com
                                                                                          IN CNAME
                                                                                          wu-b-net.trafficmanager.net
                                                                                          wu-b-net.trafficmanager.net
                                                                                          IN CNAME
                                                                                          download.windowsupdate.com.edgesuite.net
                                                                                          download.windowsupdate.com.edgesuite.net
                                                                                          IN CNAME
                                                                                          a767.dspw65.akamai.net
                                                                                          a767.dspw65.akamai.net
                                                                                          IN A
                                                                                          2.23.210.88
                                                                                          a767.dspw65.akamai.net
                                                                                          IN A
                                                                                          2.23.210.83
                                                                                        • flag-us
                                                                                          DNS
                                                                                          222.197.79.204.in-addr.arpa
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          222.197.79.204.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                        • flag-us
                                                                                          DNS
                                                                                          10.178.250.142.in-addr.arpa
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          10.178.250.142.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                          10.178.250.142.in-addr.arpa
                                                                                          IN PTR
                                                                                          lhr48s27-in-f101e100net
                                                                                        • flag-us
                                                                                          DNS
                                                                                          238.187.250.142.in-addr.arpa
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          238.187.250.142.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                          238.187.250.142.in-addr.arpa
                                                                                          IN PTR
                                                                                          lhr25s34-in-f141e100net
                                                                                        • flag-us
                                                                                          DNS
                                                                                          254.33.253.131.in-addr.arpa
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          254.33.253.131.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                        • flag-us
                                                                                          DNS
                                                                                          ln-ring.msedge.net
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          ln-ring.msedge.net
                                                                                          IN A
                                                                                          Response
                                                                                          ln-ring.msedge.net
                                                                                          IN CNAME
                                                                                          ln-ring.ln-9999.ln-msedge.net
                                                                                          ln-ring.ln-9999.ln-msedge.net
                                                                                          IN CNAME
                                                                                          ln-9999.ln-msedge.net
                                                                                          ln-9999.ln-msedge.net
                                                                                          IN A
                                                                                          150.171.22.254
                                                                                        • flag-us
                                                                                          DNS
                                                                                          83.210.23.2.in-addr.arpa
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          83.210.23.2.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                          83.210.23.2.in-addr.arpa
                                                                                          IN PTR
                                                                                          a2-23-210-83deploystaticakamaitechnologiescom
                                                                                        • flag-us
                                                                                          DNS
                                                                                          95.221.229.192.in-addr.arpa
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          95.221.229.192.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                        • flag-us
                                                                                          DNS
                                                                                          210.242.75.51.in-addr.arpa
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          210.242.75.51.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                          210.242.75.51.in-addr.arpa
                                                                                          IN PTR
                                                                                          mailgofileio
                                                                                        • flag-us
                                                                                          DNS
                                                                                          135.128.123.92.in-addr.arpa
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          135.128.123.92.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                          135.128.123.92.in-addr.arpa
                                                                                          IN PTR
                                                                                          a92-123-128-135deploystaticakamaitechnologiescom
                                                                                        • flag-us
                                                                                          DNS
                                                                                          fp.msedge.net
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          fp.msedge.net
                                                                                          IN A
                                                                                          Response
                                                                                          fp.msedge.net
                                                                                          IN CNAME
                                                                                          1.perf.msedge.net
                                                                                          1.perf.msedge.net
                                                                                          IN CNAME
                                                                                          a-0019.a-msedge.net
                                                                                          a-0019.a-msedge.net
                                                                                          IN CNAME
                                                                                          a-0019.a.dns.azurefd.net
                                                                                          a-0019.a.dns.azurefd.net
                                                                                          IN CNAME
                                                                                          a-0019.standard.a-msedge.net
                                                                                          a-0019.standard.a-msedge.net
                                                                                          IN A
                                                                                          204.79.197.222
                                                                                        • flag-us
                                                                                          DNS
                                                                                          www.googleapis.com
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          Response
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          142.250.178.10
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          142.250.187.202
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          142.250.179.234
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          172.217.16.234
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          216.58.201.106
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          216.58.213.10
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          142.250.187.234
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          172.217.169.42
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          216.58.204.74
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          142.250.200.42
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          172.217.169.74
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          172.217.169.10
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          142.250.180.10
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          216.58.212.202
                                                                                          www.googleapis.com
                                                                                          IN A
                                                                                          142.250.200.10
                                                                                        • flag-us
                                                                                          DNS
                                                                                          3.178.250.142.in-addr.arpa
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          3.178.250.142.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                          3.178.250.142.in-addr.arpa
                                                                                          IN PTR
                                                                                          lhr48s27-in-f31e100net
                                                                                        • flag-us
                                                                                          DNS
                                                                                          clients2.googleusercontent.com
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          clients2.googleusercontent.com
                                                                                          IN A
                                                                                          Response
                                                                                          clients2.googleusercontent.com
                                                                                          IN CNAME
                                                                                          googlehosted.l.googleusercontent.com
                                                                                          googlehosted.l.googleusercontent.com
                                                                                          IN A
                                                                                          142.250.200.33
                                                                                        • flag-us
                                                                                          DNS
                                                                                          a-ring-fallback.msedge.net
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          a-ring-fallback.msedge.net
                                                                                          IN A
                                                                                          Response
                                                                                          a-ring-fallback.msedge.net
                                                                                          IN CNAME
                                                                                          a-9999.a-dc-msedge.net
                                                                                          a-9999.a-dc-msedge.net
                                                                                          IN A
                                                                                          131.253.33.254
                                                                                        • flag-us
                                                                                          DNS
                                                                                          l-ring.msedge.net
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          l-ring.msedge.net
                                                                                          IN A
                                                                                          Response
                                                                                          l-ring.msedge.net
                                                                                          IN CNAME
                                                                                          l-ring.l-9999.l-msedge.net
                                                                                          l-ring.l-9999.l-msedge.net
                                                                                          IN CNAME
                                                                                          l-9999.l-msedge.net
                                                                                          l-9999.l-msedge.net
                                                                                          IN A
                                                                                          13.107.42.254
                                                                                        • flag-us
                                                                                          DNS
                                                                                          254.22.171.150.in-addr.arpa
                                                                                          Remote address:
                                                                                          8.8.8.8:53
                                                                                          Request
                                                                                          254.22.171.150.in-addr.arpa
                                                                                          IN PTR
                                                                                          Response
                                                                                        • flag-fr
                                                                                          POST
                                                                                          https://s.gofile.io/api/event
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          51.75.242.210:443
                                                                                          Request
                                                                                          POST /api/event HTTP/2.0
                                                                                          host: s.gofile.io
                                                                                          content-length: 74
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          dnt: 1
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          content-type: text/plain
                                                                                          accept: */*
                                                                                          origin: https://gofile.io
                                                                                          sec-fetch-site: same-site
                                                                                          sec-fetch-mode: cors
                                                                                          sec-fetch-dest: empty
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          Response
                                                                                          HTTP/2.0 202
                                                                                          access-control-allow-credentials: true
                                                                                          access-control-allow-origin: *
                                                                                          access-control-expose-headers:
                                                                                          cache-control: max-age=0, private, must-revalidate
                                                                                          content-type: text/plain; charset=utf-8
                                                                                          date: Mon, 09 Dec 2024 16:58:24 GMT
                                                                                          server: Cowboy
                                                                                          x-request-id: GA-QuMjRfcYKzP9Sl78E
                                                                                          content-length: 2
                                                                                        • flag-be
                                                                                          GET
                                                                                          https://store9.gofile.io/download/web/7bd11f4f-63cc-4534-a5dc-51a2fe19d4f9/AIMMY%20AI.exe
                                                                                          msedge.exe
                                                                                          Remote address:
                                                                                          94.139.32.9:443
                                                                                          Request
                                                                                          GET /download/web/7bd11f4f-63cc-4534-a5dc-51a2fe19d4f9/AIMMY%20AI.exe HTTP/2.0
                                                                                          host: store9.gofile.io
                                                                                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                                          sec-ch-ua-mobile: ?0
                                                                                          upgrade-insecure-requests: 1
                                                                                          dnt: 1
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                          sec-fetch-site: same-site
                                                                                          sec-fetch-mode: navigate
                                                                                          sec-fetch-user: ?1
                                                                                          sec-fetch-dest: document
                                                                                          referer: https://gofile.io/
                                                                                          accept-encoding: gzip, deflate, br
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          cookie: accountToken=GacEmgZlzf6WMPuQbFg4txbdeQFpwY8F
                                                                                          Response
                                                                                          HTTP/2.0 200
                                                                                          server: nginx/1.27.1
                                                                                          date: Mon, 09 Dec 2024 16:58:28 GMT
                                                                                          content-type: application/x-ms-dos-executable
                                                                                          content-length: 3266048
                                                                                          accept-ranges: bytes
                                                                                          access-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization
                                                                                          access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
                                                                                          access-control-allow-origin: *
                                                                                          access-control-expose-headers: Cache-Control, Content-Encoding, Content-Range
                                                                                          content-disposition: attachment; filename*=UTF-8''AIMMY%20AI.exe
                                                                                          last-modified: Sun, 08 Dec 2024 21:54:04 GMT
                                                                                        • flag-gb
                                                                                          GET
                                                                                          https://www.google.com/async/ddljson?async=ntp:2
                                                                                          chrome.exe
                                                                                          Remote address:
                                                                                          142.250.187.196:443
                                                                                          Request
                                                                                          GET /async/ddljson?async=ntp:2 HTTP/2.0
                                                                                          host: www.google.com
                                                                                          sec-fetch-site: none
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: empty
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                          accept-encoding: gzip, deflate, br, zstd
                                                                                          accept-language: en-US,en;q=0.9
                                                                                        • flag-gb
                                                                                          GET
                                                                                          https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                          chrome.exe
                                                                                          Remote address:
                                                                                          142.250.187.196:443
                                                                                          Request
                                                                                          GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
                                                                                          host: www.google.com
                                                                                          x-client-data: CPKVywE=
                                                                                          sec-fetch-site: cross-site
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: empty
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                          accept-encoding: gzip, deflate, br, zstd
                                                                                          accept-language: en-US,en;q=0.9
                                                                                        • flag-gb
                                                                                          GET
                                                                                          https://www.google.com/async/newtab_promos
                                                                                          chrome.exe
                                                                                          Remote address:
                                                                                          142.250.187.196:443
                                                                                          Request
                                                                                          GET /async/newtab_promos HTTP/2.0
                                                                                          host: www.google.com
                                                                                          sec-fetch-site: cross-site
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: empty
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                          accept-encoding: gzip, deflate, br, zstd
                                                                                          accept-language: en-US,en;q=0.9
                                                                                        • flag-gb
                                                                                          GET
                                                                                          https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGIHE3LoGIjDvo-oMvB_UpwxCJRkgKrOdLhT30f9bciGnkMbXw4bxbAta4Q-7-0dAYXuq8o43KqsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                          chrome.exe
                                                                                          Remote address:
                                                                                          142.250.187.196:443
                                                                                          Request
                                                                                          GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGIHE3LoGIjDvo-oMvB_UpwxCJRkgKrOdLhT30f9bciGnkMbXw4bxbAta4Q-7-0dAYXuq8o43KqsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
                                                                                          host: www.google.com
                                                                                          x-client-data: CPKVywE=
                                                                                          sec-fetch-site: cross-site
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: empty
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                          accept-encoding: gzip, deflate, br, zstd
                                                                                          accept-language: en-US,en;q=0.9
                                                                                        • flag-gb
                                                                                          GET
                                                                                          https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGIHE3LoGIjCutXT8Jo9pblIo78GkmfmfNiHbS4vLV7ldP7wXJ5HUNyl2rfLVeeKUANh5NMjA1pgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                          chrome.exe
                                                                                          Remote address:
                                                                                          142.250.187.196:443
                                                                                          Request
                                                                                          GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGIHE3LoGIjCutXT8Jo9pblIo78GkmfmfNiHbS4vLV7ldP7wXJ5HUNyl2rfLVeeKUANh5NMjA1pgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
                                                                                          host: www.google.com
                                                                                          sec-fetch-site: none
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: empty
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                          accept-encoding: gzip, deflate, br, zstd
                                                                                          accept-language: en-US,en;q=0.9
                                                                                        • flag-gb
                                                                                          GET
                                                                                          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D63%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D63%2526e%253D1
                                                                                          chrome.exe
                                                                                          Remote address:
                                                                                          142.250.187.238:443
                                                                                          Request
                                                                                          GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D63%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D63%2526e%253D1 HTTP/2.0
                                                                                          host: clients2.google.com
                                                                                          sec-fetch-site: none
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: empty
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                          accept-encoding: gzip, deflate, br, zstd
                                                                                          accept-language: en-US,en;q=0.9
                                                                                          cookie: __Secure-ENID=22.SE=SeWEcgCM-lwmc15khskuRBStdkeJ_KzXINasBBA5J-TMDwlKqaVeTXvwt5WDdu_C5z3nYg977SFqd_ug5zRkmaLpT4SPVCaR23O5QeFH0FKOKW5mX8SBZc1gMM2fwgaIwrVIv1gpqwJzYPNZZfT7eEvv94yJ95Moea37gVhSWPa_lPXhHi39Xpxy7lifwA_pTDI
                                                                                        • flag-gb
                                                                                          GET
                                                                                          https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
                                                                                          chrome.exe
                                                                                          Remote address:
                                                                                          142.250.200.33:443
                                                                                          Request
                                                                                          GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/2.0
                                                                                          host: clients2.googleusercontent.com
                                                                                          sec-fetch-site: none
                                                                                          sec-fetch-mode: no-cors
                                                                                          sec-fetch-dest: empty
                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                          accept-encoding: gzip, deflate, br, zstd
                                                                                          accept-language: en-US,en;q=0.9
                                                                                        • 45.112.123.126:443
                                                                                          https://gofile.io/contents/filemanager.html
                                                                                          tls, http2
                                                                                          msedge.exe
                                                                                          11.3kB
                                                                                          431.1kB
                                                                                          203
                                                                                          332

                                                                                          HTTP Request

                                                                                          GET https://gofile.io/d/HQdVvH

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Request

                                                                                          GET https://gofile.io/dist/css/output.css

                                                                                          HTTP Request

                                                                                          GET https://gofile.io/plugins/fontawesome/css/all.min.css

                                                                                          HTTP Request

                                                                                          GET https://gofile.io/dist/js/global.js

                                                                                          HTTP Request

                                                                                          GET https://gofile.io/dist/js/framework.js

                                                                                          HTTP Request

                                                                                          GET https://gofile.io/dist/js/blockies.min.js

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Request

                                                                                          GET https://gofile.io/dist/img/logo-small-70.png

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Request

                                                                                          GET https://gofile.io/plugins/fontawesome/webfonts/fa-solid-900.woff2

                                                                                          HTTP Request

                                                                                          GET https://gofile.io/plugins/fontawesome/webfonts/fa-brands-400.woff2

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Request

                                                                                          GET https://gofile.io/dist/img/favicon32.png

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Request

                                                                                          GET https://gofile.io/contents/filemanager.html

                                                                                          HTTP Response

                                                                                          200
                                                                                        • 45.112.123.126:443
                                                                                          gofile.io
                                                                                          tls, http2
                                                                                          msedge.exe
                                                                                          989 B
                                                                                          4.6kB
                                                                                          9
                                                                                          9
                                                                                        • 51.75.242.210:443
                                                                                          https://s.gofile.io/js/script.js
                                                                                          tls, http2
                                                                                          msedge.exe
                                                                                          2.3kB
                                                                                          6.3kB
                                                                                          17
                                                                                          16

                                                                                          HTTP Request

                                                                                          GET https://s.gofile.io/js/script.js

                                                                                          HTTP Response

                                                                                          200
                                                                                        • 45.112.123.126:443
                                                                                          https://api.gofile.io/contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1
                                                                                          tls, http2
                                                                                          msedge.exe
                                                                                          2.4kB
                                                                                          10.5kB
                                                                                          20
                                                                                          24

                                                                                          HTTP Request

                                                                                          POST https://api.gofile.io/accounts

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Request

                                                                                          OPTIONS https://api.gofile.io/accounts/website

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Request

                                                                                          GET https://api.gofile.io/accounts/website

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Request

                                                                                          OPTIONS https://api.gofile.io/contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1

                                                                                          HTTP Response

                                                                                          200

                                                                                          HTTP Request

                                                                                          GET https://api.gofile.io/contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1

                                                                                          HTTP Response

                                                                                          200
                                                                                        • 51.75.242.210:443
                                                                                          https://s.gofile.io/api/event
                                                                                          tls, http2
                                                                                          msedge.exe
                                                                                          2.4kB
                                                                                          4.9kB
                                                                                          16
                                                                                          14

                                                                                          HTTP Request

                                                                                          POST https://s.gofile.io/api/event

                                                                                          HTTP Response

                                                                                          202
                                                                                        • 94.139.32.9:443
                                                                                          https://store9.gofile.io/download/web/7bd11f4f-63cc-4534-a5dc-51a2fe19d4f9/AIMMY%20AI.exe
                                                                                          tls, http2
                                                                                          msedge.exe
                                                                                          113.8kB
                                                                                          3.4MB
                                                                                          2014
                                                                                          2438

                                                                                          HTTP Request

                                                                                          GET https://store9.gofile.io/download/web/7bd11f4f-63cc-4534-a5dc-51a2fe19d4f9/AIMMY%20AI.exe

                                                                                          HTTP Response

                                                                                          200
                                                                                        • 94.139.32.9:443
                                                                                          store9.gofile.io
                                                                                          tls
                                                                                          msedge.exe
                                                                                          989 B
                                                                                          4.5kB
                                                                                          9
                                                                                          8
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 2.18.66.42:443
                                                                                          www.bing.com
                                                                                          tls
                                                                                          81.3kB
                                                                                          118.2kB
                                                                                          218
                                                                                          173
                                                                                        • 92.123.128.135:443
                                                                                          r.bing.com
                                                                                          tls
                                                                                          79.1kB
                                                                                          1.9MB
                                                                                          1451
                                                                                          1406
                                                                                        • 92.123.128.135:443
                                                                                          r.bing.com
                                                                                          tls
                                                                                          2.1kB
                                                                                          1.2kB
                                                                                          16
                                                                                          13
                                                                                        • 92.123.128.135:443
                                                                                          r.bing.com
                                                                                          tls
                                                                                          1.4kB
                                                                                          1.1kB
                                                                                          14
                                                                                          12
                                                                                        • 92.123.128.135:443
                                                                                          r.bing.com
                                                                                          tls
                                                                                          1.4kB
                                                                                          1.1kB
                                                                                          14
                                                                                          12
                                                                                        • 92.123.128.135:443
                                                                                          r.bing.com
                                                                                          tls
                                                                                          1.4kB
                                                                                          1.1kB
                                                                                          14
                                                                                          12
                                                                                        • 92.123.128.135:443
                                                                                          r.bing.com
                                                                                          tls
                                                                                          1.4kB
                                                                                          1.1kB
                                                                                          14
                                                                                          12
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          160 B
                                                                                          5
                                                                                          4
                                                                                        • 20.42.65.88:443
                                                                                          browser.pipe.aria.microsoft.com
                                                                                          tls
                                                                                          7.4kB
                                                                                          8.2kB
                                                                                          33
                                                                                          21
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 92.123.128.140:443
                                                                                          www.bing.com
                                                                                          tls
                                                                                          BackgroundTransferHost.exe
                                                                                          21.0kB
                                                                                          593.0kB
                                                                                          437
                                                                                          433
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 142.250.187.196:443
                                                                                          https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGIHE3LoGIjCutXT8Jo9pblIo78GkmfmfNiHbS4vLV7ldP7wXJ5HUNyl2rfLVeeKUANh5NMjA1pgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                          tls, http2
                                                                                          chrome.exe
                                                                                          3.3kB
                                                                                          17.2kB
                                                                                          34
                                                                                          38

                                                                                          HTTP Request

                                                                                          GET https://www.google.com/async/ddljson?async=ntp:2

                                                                                          HTTP Request

                                                                                          GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

                                                                                          HTTP Request

                                                                                          GET https://www.google.com/async/newtab_promos

                                                                                          HTTP Request

                                                                                          GET https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGIHE3LoGIjDvo-oMvB_UpwxCJRkgKrOdLhT30f9bciGnkMbXw4bxbAta4Q-7-0dAYXuq8o43KqsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

                                                                                          HTTP Request

                                                                                          GET https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGIHE3LoGIjCutXT8Jo9pblIo78GkmfmfNiHbS4vLV7ldP7wXJ5HUNyl2rfLVeeKUANh5NMjA1pgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                        • 142.250.187.238:443
                                                                                          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D63%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D63%2526e%253D1
                                                                                          tls, http2
                                                                                          chrome.exe
                                                                                          2.1kB
                                                                                          9.6kB
                                                                                          15
                                                                                          17

                                                                                          HTTP Request

                                                                                          GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D63%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D63%2526e%253D1
                                                                                        • 52.113.196.254:443
                                                                                          teams-ring.msedge.net
                                                                                          tls
                                                                                          2.2kB
                                                                                          8.6kB
                                                                                          22
                                                                                          20
                                                                                        • 142.250.200.33:443
                                                                                          https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
                                                                                          tls, http2
                                                                                          chrome.exe
                                                                                          4.8kB
                                                                                          156.3kB
                                                                                          77
                                                                                          118

                                                                                          HTTP Request

                                                                                          GET https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
                                                                                        • 150.171.64.254:443
                                                                                          ev2-ring.msedge.net
                                                                                          tls
                                                                                          2.2kB
                                                                                          8.6kB
                                                                                          22
                                                                                          20
                                                                                        • 131.253.33.254:443
                                                                                          a-ring-fallback.msedge.net
                                                                                          tls
                                                                                          2.2kB
                                                                                          8.6kB
                                                                                          22
                                                                                          20
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 2.22.249.220:443
                                                                                          ow1.res.office365.com
                                                                                          tls
                                                                                          1.8kB
                                                                                          7.6kB
                                                                                          22
                                                                                          19
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 150.171.22.254:443
                                                                                          ln-ring.msedge.net
                                                                                          tls
                                                                                          2.2kB
                                                                                          8.6kB
                                                                                          22
                                                                                          20
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 142.250.187.196:443
                                                                                          www.google.com
                                                                                          tls
                                                                                          chrome.exe
                                                                                          970 B
                                                                                          4.6kB
                                                                                          8
                                                                                          9
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 142.250.178.14:443
                                                                                          chrome.google.com
                                                                                          tls, http2
                                                                                          chrome.exe
                                                                                          907 B
                                                                                          8.0kB
                                                                                          7
                                                                                          8
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          260 B
                                                                                          200 B
                                                                                          5
                                                                                          5
                                                                                        • 193.161.193.99:39697
                                                                                          REATTY-39697.portmap.host
                                                                                          Skibidi.exe
                                                                                          52 B
                                                                                          1
                                                                                        • 8.8.8.8:53
                                                                                          gofile.io
                                                                                          dns
                                                                                          msedge.exe
                                                                                          802 B
                                                                                          1.7kB
                                                                                          12
                                                                                          12

                                                                                          DNS Request

                                                                                          gofile.io

                                                                                          DNS Response

                                                                                          45.112.123.126

                                                                                          DNS Request

                                                                                          ocsp.digicert.com

                                                                                          DNS Response

                                                                                          192.229.221.95

                                                                                          DNS Request

                                                                                          8.8.8.8.in-addr.arpa

                                                                                          DNS Request

                                                                                          store9.gofile.io

                                                                                          DNS Response

                                                                                          94.139.32.9

                                                                                          DNS Request

                                                                                          browser.pipe.aria.microsoft.com

                                                                                          DNS Response

                                                                                          20.42.65.88

                                                                                          DNS Request

                                                                                          www.bing.com

                                                                                          DNS Response

                                                                                          92.123.128.140
                                                                                          92.123.128.134
                                                                                          92.123.128.136
                                                                                          92.123.128.137
                                                                                          92.123.128.139
                                                                                          92.123.128.138
                                                                                          92.123.128.135
                                                                                          92.123.128.142
                                                                                          92.123.128.141

                                                                                          DNS Request

                                                                                          www.google.com

                                                                                          DNS Response

                                                                                          142.250.187.196

                                                                                          DNS Request

                                                                                          teams-ring.msedge.net

                                                                                          DNS Response

                                                                                          52.113.196.254

                                                                                          DNS Request

                                                                                          33.200.250.142.in-addr.arpa

                                                                                          DNS Request

                                                                                          nexusrules.officeapps.live.com

                                                                                          DNS Response

                                                                                          52.111.227.14

                                                                                          DNS Request

                                                                                          254.42.107.13.in-addr.arpa

                                                                                          DNS Request

                                                                                          14.178.250.142.in-addr.arpa

                                                                                        • 8.8.8.8:53
                                                                                          172.210.232.199.in-addr.arpa
                                                                                          dns
                                                                                          640 B
                                                                                          1.3kB
                                                                                          9
                                                                                          9

                                                                                          DNS Request

                                                                                          172.210.232.199.in-addr.arpa

                                                                                          DNS Request

                                                                                          9.32.139.94.in-addr.arpa

                                                                                          DNS Request

                                                                                          ctldl.windowsupdate.com

                                                                                          DNS Response

                                                                                          2.23.210.88
                                                                                          2.23.210.83

                                                                                          DNS Request

                                                                                          222.197.79.204.in-addr.arpa

                                                                                          DNS Request

                                                                                          10.178.250.142.in-addr.arpa

                                                                                          DNS Request

                                                                                          238.187.250.142.in-addr.arpa

                                                                                          DNS Request

                                                                                          254.33.253.131.in-addr.arpa

                                                                                          DNS Request

                                                                                          ln-ring.msedge.net

                                                                                          DNS Response

                                                                                          150.171.22.254

                                                                                          DNS Request

                                                                                          83.210.23.2.in-addr.arpa

                                                                                        • 8.8.8.8:53
                                                                                          95.221.229.192.in-addr.arpa
                                                                                          dns
                                                                                          697 B
                                                                                          1.5kB
                                                                                          10
                                                                                          10

                                                                                          DNS Request

                                                                                          95.221.229.192.in-addr.arpa

                                                                                          DNS Request

                                                                                          210.242.75.51.in-addr.arpa

                                                                                          DNS Request

                                                                                          135.128.123.92.in-addr.arpa

                                                                                          DNS Request

                                                                                          fp.msedge.net

                                                                                          DNS Response

                                                                                          204.79.197.222

                                                                                          DNS Request

                                                                                          www.googleapis.com

                                                                                          DNS Response

                                                                                          142.250.178.10
                                                                                          142.250.187.202
                                                                                          142.250.179.234
                                                                                          172.217.16.234
                                                                                          216.58.201.106
                                                                                          216.58.213.10
                                                                                          142.250.187.234
                                                                                          172.217.169.42
                                                                                          216.58.204.74
                                                                                          142.250.200.42
                                                                                          172.217.169.74
                                                                                          172.217.169.10
                                                                                          142.250.180.10
                                                                                          216.58.212.202
                                                                                          142.250.200.10

                                                                                          DNS Request

                                                                                          3.178.250.142.in-addr.arpa

                                                                                          DNS Request

                                                                                          clients2.googleusercontent.com

                                                                                          DNS Response

                                                                                          142.250.200.33

                                                                                          DNS Request

                                                                                          a-ring-fallback.msedge.net

                                                                                          DNS Response

                                                                                          131.253.33.254

                                                                                          DNS Request

                                                                                          l-ring.msedge.net

                                                                                          DNS Response

                                                                                          13.107.42.254

                                                                                          DNS Request

                                                                                          254.22.171.150.in-addr.arpa

                                                                                        • 224.0.0.251:5353
                                                                                          chrome.exe
                                                                                          920 B
                                                                                          14
                                                                                        • 142.250.187.196:443
                                                                                          www.google.com
                                                                                          https
                                                                                          chrome.exe
                                                                                          2.4kB
                                                                                          10.7kB
                                                                                          11
                                                                                          13
                                                                                        • 142.250.187.196:443
                                                                                          www.google.com
                                                                                          https
                                                                                          chrome.exe
                                                                                          5.6kB
                                                                                          21.4kB
                                                                                          33
                                                                                          36
                                                                                        • 142.250.187.238:443
                                                                                          clients2.google.com
                                                                                          https
                                                                                          chrome.exe
                                                                                          3.8kB
                                                                                          8.1kB
                                                                                          10
                                                                                          11

                                                                                        MITRE ATT&CK Enterprise v15

                                                                                        Replay Monitor

                                                                                        Loading Replay Monitor...

                                                                                        Downloads

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                          Filesize

                                                                                          40B

                                                                                          MD5

                                                                                          46b257e2db3a3cab4fe4e8b36a53c612

                                                                                          SHA1

                                                                                          2327a773bca75530bc9bd7c74ef0ec3acbf99adf

                                                                                          SHA256

                                                                                          e7c310337da9c0b11f73414f116c230092a508f82fe7a57d2fb80a16d1d0973f

                                                                                          SHA512

                                                                                          6c9cdbac647aa323073edce54767cff14c7d54ae4b41034980833ccf8567d05985fb9a148772241f9a070622951af71e0cd943dddc1bbf445dc1c217393855e2

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                          Filesize

                                                                                          649B

                                                                                          MD5

                                                                                          887573e2876533d4df57ab38d38edf7d

                                                                                          SHA1

                                                                                          384cd029e2e7cba8394c5af35e3338622d20d9e2

                                                                                          SHA256

                                                                                          44a6e546f23580b363362960026a6e9f06d061bc2e06bb253b886a801d933ad5

                                                                                          SHA512

                                                                                          dc8034e57d76e0e05b03e8e1820ca4886decccbde38ae1ded4e25b0f4811d8137e16be024408390073eb0d39788ae4b58298324879232b73345234c3189e4f27

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

                                                                                          Filesize

                                                                                          44KB

                                                                                          MD5

                                                                                          e6247479f4efdcf53d97aa7ecd2f7e4e

                                                                                          SHA1

                                                                                          31395ed18c041ff72b668328e6c871807dc8384b

                                                                                          SHA256

                                                                                          c52e2ae41f4c5b8a899e2760004aa892db8ce87eff2db3239c0bc434b42b9600

                                                                                          SHA512

                                                                                          c6155b16d091011f220a924f975c74a6a899c57bd5b3ba931e32552e2ddd9832ddd7f5f3865ca38dd7ba3351dc9a7b26875c6b85ba4232ab6b2c050e4f8fc544

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

                                                                                          Filesize

                                                                                          264KB

                                                                                          MD5

                                                                                          7089f18ef2c7e39fa47f692927e6efca

                                                                                          SHA1

                                                                                          8dc8cdc1707bdd541c33bac0daeea212bbe95413

                                                                                          SHA256

                                                                                          b6cf9b825f5fa84f8907ed45201b79232b0acac8b7657ec7b80569ce2f19825d

                                                                                          SHA512

                                                                                          4a44bdba21c0d9e03f77556cae5d6adcf5461c6b7e1c4ef95078a8c4924ff16c552953c085c94e73b0c1b624f2dc1e495b09c9c91df63d470cb65d46fe120678

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

                                                                                          Filesize

                                                                                          4.0MB

                                                                                          MD5

                                                                                          2748b5b856bb1b1da2e2e49597137613

                                                                                          SHA1

                                                                                          1405d2462e2d169f5f3b2722bad4c308cd18a154

                                                                                          SHA256

                                                                                          35b67178f01850c26929c7e12347888cc439a92730e41014894f61ff8ac06c5a

                                                                                          SHA512

                                                                                          318758954371218a8d09d4a2554d5b2689d6db0f974f949e435aacbe5bb67a23df4bc9259c138df840fd76a0787cfd8ac762a65c72758590f84330c13c019b37

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

                                                                                          Filesize

                                                                                          851B

                                                                                          MD5

                                                                                          07ffbe5f24ca348723ff8c6c488abfb8

                                                                                          SHA1

                                                                                          6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                          SHA256

                                                                                          6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                          SHA512

                                                                                          7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_metadata\computed_hashes.json

                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          ae2cab9df62079b9361bfaecb5bf2e4b

                                                                                          SHA1

                                                                                          c4c78439440f0692651762bbeb8f65219baf3dae

                                                                                          SHA256

                                                                                          40cb66fcbedebbcdfc22295dd71048c30e839510d2718ae4e651761c78647c01

                                                                                          SHA512

                                                                                          fc18e4d986504de1f13606402fba65de0cbcc156b159aec4d6bea1c61387a77b5d94937ddcdd0328ead03040446f474fc47bd0ea38e7ecb889d196c668e34403

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_metadata\verified_contents.json

                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          250c48f4915dd4c0dfa7e7e021a4f066

                                                                                          SHA1

                                                                                          092a98bf40d8c18280393bf3811a7dfa9a9fd326

                                                                                          SHA256

                                                                                          26d9b129339e2e2eb8e0223e16db3cf0ea220ac0799480d462c236e6a425665e

                                                                                          SHA512

                                                                                          8b18e232992e55e8da97ac46d7aaca061508341d1eadceff1e9d0677734dfa8b892ab44754a3aa100585f5b2f2562bc4f2d7103065050ffcd00f91d5915ce5e6

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

                                                                                          Filesize

                                                                                          854B

                                                                                          MD5

                                                                                          4ec1df2da46182103d2ffc3b92d20ca5

                                                                                          SHA1

                                                                                          fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                          SHA256

                                                                                          6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                          SHA512

                                                                                          939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

                                                                                          Filesize

                                                                                          44KB

                                                                                          MD5

                                                                                          909e42f13842c8072b30efd043f656aa

                                                                                          SHA1

                                                                                          6d4fade5c2940494c7573a255b42e0bd1c8b3aab

                                                                                          SHA256

                                                                                          ccd6eac0fd5a742a74159ef089c508901edb56fe785a5c558b0e9d3a9904b83f

                                                                                          SHA512

                                                                                          63aed0c81acaf121dabdba2ee3068cbb01f0859b221cd146b52d93ecb75bc8ccfe75bf49a9045f891db8112333071670fa46e7231d327e572a881c4bf031e8ab

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

                                                                                          Filesize

                                                                                          329B

                                                                                          MD5

                                                                                          725f7e7c8c1ae018f081ff221408c559

                                                                                          SHA1

                                                                                          1d68735cb9b90a26758ed12008a9f1724534564a

                                                                                          SHA256

                                                                                          865ada3b061777c79314d1addea3377e66946d96b1da9ea9601c26593d4c5689

                                                                                          SHA512

                                                                                          407c45addf353136a2b34a848eb8b257ac3b79f736dbd8e773d1ebe55e481dac8a4a926be554c82ff146b3983ae9e675542b6c550b80169fdf81e65a1369c17e

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                                                                          Filesize

                                                                                          20KB

                                                                                          MD5

                                                                                          e65c292e287b46e0bcd227ab655d50ef

                                                                                          SHA1

                                                                                          29458a8b0ef0a0c6f24f61935a3b9c92acda38d5

                                                                                          SHA256

                                                                                          03228b074199c09ea1bf974a2031fa6d49535da4cf860851bcc1c8436cf5db49

                                                                                          SHA512

                                                                                          1ec9d2e5dc995a945cee0ab534563236818e8ad7bbf5ccebfe3279523a1959ed9c29ed498cfb7625f8c9efa7b260af54a694c156f66fde82029321a5972ce952

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          1db03eb5cee640a93744925c3b04ba7b

                                                                                          SHA1

                                                                                          754de22fc23ad2d7a2389ef76eee1dbbc4fa3dc5

                                                                                          SHA256

                                                                                          99fc53fc239a74dde7e1bba07255abf880ddeeb788a23c97835dcc79021cc16c

                                                                                          SHA512

                                                                                          c83179229ff8635da91ae79766100f33a819faf39035d735530939d5a04ebd5cd525233c2eb08595fc323cc82ff963d8f97d3aa8c96c6a920451606e5c825935

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

                                                                                          Filesize

                                                                                          36KB

                                                                                          MD5

                                                                                          8ab9c618ef93181d65b3ddfb369194a8

                                                                                          SHA1

                                                                                          2162eb49a0b86538156afb599762e4dd13160294

                                                                                          SHA256

                                                                                          7f238daa76ab47844a53e8af718622b786f172fb7f5954888daa47b8c6423faf

                                                                                          SHA512

                                                                                          bdb39eb23a2818a93eb71723604c7efc0cbc9bd90e6c0c11d3fdc1973b967d99b41f36edc642effea03ecd221c1237ae0b2cf7d8102145d28d831017ca09e32e

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                          Filesize

                                                                                          2B

                                                                                          MD5

                                                                                          d751713988987e9331980363e24189ce

                                                                                          SHA1

                                                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                                                          SHA256

                                                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                          SHA512

                                                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                          Filesize

                                                                                          356B

                                                                                          MD5

                                                                                          e85e9478b8f68ee6ba5a68a759f60670

                                                                                          SHA1

                                                                                          d06f2cd649dd80fb7d56c39725d072fd7ae81d6f

                                                                                          SHA256

                                                                                          9cd75a2db86c9788714b14da06910f455f0c4a6df4d118fbb9e25bbc1011feec

                                                                                          SHA512

                                                                                          6005ba7e043106bba2b3f8ec5b0d5591ac53a516894b626236df95df8779a85ea485ea93bc608ed0b77365c70d19cbc173f707c007f7169db835513964caff1e

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                          Filesize

                                                                                          356B

                                                                                          MD5

                                                                                          bc71c61300ed54acdf1d596e181a55fd

                                                                                          SHA1

                                                                                          66a2e42e45d72033e528656e62aad8ba97bf807e

                                                                                          SHA256

                                                                                          f457ad8b010dcc7eba5b4dc3764d0344ad46f8a81c9e5bfec55b4c26c3cea4fd

                                                                                          SHA512

                                                                                          bea360c4a64404db70e423618817801294c4bec410cab78c8bd688b2ab97ecdd8c6e76f3b0b3be085204b64d21df4eee383fbf727eae73f5207ac3db23a15825

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

                                                                                          Filesize

                                                                                          41B

                                                                                          MD5

                                                                                          5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                          SHA1

                                                                                          d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                          SHA256

                                                                                          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                          SHA512

                                                                                          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          9KB

                                                                                          MD5

                                                                                          03b80f2c153a877c3e7b998c6feb85b9

                                                                                          SHA1

                                                                                          4d7362a99a4757ddcbbe37d3494010afa718c3e9

                                                                                          SHA256

                                                                                          f4e828c6c5d2e96bf0b99ba8e2053d201f51270e8b8890ebf267be2265645ea8

                                                                                          SHA512

                                                                                          5b3c9ce491122c1e43233127c5f6d5bf07033fd0cda449dd31438aeb7f1759b43b9c926644878faa7e98550add0136dabfea63b6265432269e85155cecdc865e

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          9KB

                                                                                          MD5

                                                                                          6243eec0567272e7491cefc13aafbbff

                                                                                          SHA1

                                                                                          dccab37b216c635bd1b3b7caaffc282c07ba3236

                                                                                          SHA256

                                                                                          cd463df75c5bf7b578c35a0bc294b7960a6bca4b8614d082f2e0966ea6b66a42

                                                                                          SHA512

                                                                                          4680e4098190afb3760940fb00764d3dda36e66fea6dd564b4f232f344bc65a1da478bd33a9efeb3f762c9169dbf88f3034e731da79f20bd1e4f3b37f0ccdeaf

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          9KB

                                                                                          MD5

                                                                                          89788417afdc4545eed2550bc0fd9417

                                                                                          SHA1

                                                                                          8b849259bd9173b7180976931d4d2e64d6623d63

                                                                                          SHA256

                                                                                          0a87972e46fb757bdd7df113e8d5c58a2010c9ba52abb76b27fb05db37eb1d8c

                                                                                          SHA512

                                                                                          0a738fc61549033f012c6bb51202ae4d3a87758c5499103ac767bb719e2b0b5d57e4e1e24cd1361b1baa99eed3e26f08d094c6844adaaa21d178b6d3594b58a7

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          9KB

                                                                                          MD5

                                                                                          7184c6ad20718a78d2060161aaf93f45

                                                                                          SHA1

                                                                                          1243fbf55e5f6ab34c38400b9e022210f2a08af7

                                                                                          SHA256

                                                                                          9bb5975406e1012fd83019f01bf8e58dae973971a53aa61f7b10fc0f47012e58

                                                                                          SHA512

                                                                                          6833a6342f8ca71ae69dda922d5c06a02ef055cb54a418214c6e34b6e7ccbee6058c23c748e86b7a9066e5c8f831feed4a4101bd2040fbc2746f2d360bb4a557

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          9KB

                                                                                          MD5

                                                                                          04da0adf5d8878c96022af478218f416

                                                                                          SHA1

                                                                                          f40cb2251bcff9e4d6e43627edf815c476e25e44

                                                                                          SHA256

                                                                                          f42989a830d02bd65f6dc15a565a05eaf6e3e95d992f6dcd35298bae4cb1e3e9

                                                                                          SHA512

                                                                                          95905a6df18c4785f88a22f93cb18ca30fe4666f576926df32075fd98423ef186b163a3965e28b3c4d290c3951076c3365868b03e1e7447abce141c1da425566

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          9KB

                                                                                          MD5

                                                                                          0a2622c9a5e07456870f3a5ebd7c1cb9

                                                                                          SHA1

                                                                                          b94ab21f2b22f2ca56e318379b599473a641cb13

                                                                                          SHA256

                                                                                          345f3b35eda1550f2e888eaa417ce463bb9572f86ce23488f043a962d40d5646

                                                                                          SHA512

                                                                                          5b38d7f8e73f2b363b5042081467c33c7eded3189860f38051be926afd9bd6e47c5d880de9fa5351c1425c1be2d9e3f5bb2390f801548a48b09f783e82ff9826

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                          Filesize

                                                                                          15KB

                                                                                          MD5

                                                                                          93b826ea54a15c80d9fe43e63dd6c8f3

                                                                                          SHA1

                                                                                          643ff2921f51172b27597fda644d408f509105ff

                                                                                          SHA256

                                                                                          50504b08fa2786bce83f422294051313e970434b2eae9906972debdce7f442af

                                                                                          SHA512

                                                                                          8204dd95011b5e610fd9479aa62e60c6383d57ff87af50b7b8e7aa6d63f21b9382282d22c33b0ef670a4ea372af8a4afae5162eef47f741ce74cf623158a5dfc

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          e10ac7b2751bbefadc7b65395f5c6d71

                                                                                          SHA1

                                                                                          c30ea795ba320990718792ac82b6bc2a15f9e43b

                                                                                          SHA256

                                                                                          7e803bf80ce5ff1ae4addaab32ef5514524e5c67c884403e13805bda750054c1

                                                                                          SHA512

                                                                                          c2f55d4aba2675faf358822d22d549b5d32063cbb109a8ff3f4dbba0b16e5edcc18cd7a08aa22cc8501c0985a79d2cae4ae3942c479848c114d64d54e2c84fcc

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

                                                                                          Filesize

                                                                                          333B

                                                                                          MD5

                                                                                          df2abad01aa58416080bc69fdac8ae19

                                                                                          SHA1

                                                                                          6f4f98ef8b22a514aa402a4e47af7510ac9284de

                                                                                          SHA256

                                                                                          f70967ccf3a3ee5b124e1e177e8701d8493b9f8d793a80158ca56b5e2c2e61df

                                                                                          SHA512

                                                                                          77367dadda2f573b692254337eadaebe7543842a8c8ea73d5872aedf0799b3b763e6c2342841c65adb2bc1ff048f7b486c05886c3542c8f381f37452f9a035ac

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                          Filesize

                                                                                          72B

                                                                                          MD5

                                                                                          6131088211bd80ce2bac88164544f18a

                                                                                          SHA1

                                                                                          40bc6acef66387fff2975bfb7ec98d2621dd2916

                                                                                          SHA256

                                                                                          528ebcd88599f2eb16ac108368ba47553e0e618abc00bd58d1d7d58002b5d579

                                                                                          SHA512

                                                                                          3de83bdd6047d22d442ce8d2a8714bc8ed900a48aec0afd1847fce2060936d01010486017cebe4741cf7f9a02073be0dfbb07d137a55d96be518a117af98dc2c

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

                                                                                          Filesize

                                                                                          348B

                                                                                          MD5

                                                                                          a282168e676c06eeae6abdc9b8947b59

                                                                                          SHA1

                                                                                          6403266cc387b8614474754d2dc0aed0b0f9ed6c

                                                                                          SHA256

                                                                                          42ab19aeb2ec8a72bede4543f6a4b7e68c3ef37861c645602f0c99c86097be71

                                                                                          SHA512

                                                                                          00894b5534775fe238ff7acf0595b8784f83d4c2962b8f7b7f458ce128b7043211dd8bcb23245f051aaf23cb93d7580e485552a9befbdc88a84ecc6c9bac0ab5

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

                                                                                          Filesize

                                                                                          324B

                                                                                          MD5

                                                                                          454fe36b3e7ce6d0a21b9785b6548bd1

                                                                                          SHA1

                                                                                          04d08d37c0649712a79092acc57090dd7b1f7884

                                                                                          SHA256

                                                                                          d77f0258f4c066a1fc92cca563042e1571d383bc40d104bcffb78b225e05b3d7

                                                                                          SHA512

                                                                                          2844b29b27bd28f42c5783d6461d9a90e2533e570e6386eaa3b016916c8fb41e69768f4c02f18158d8fb17fa48f6bf4f573b541d8f358e26adf464e05b8f1868

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

                                                                                          Filesize

                                                                                          264KB

                                                                                          MD5

                                                                                          f50f89a0a91564d0b8a211f8921aa7de

                                                                                          SHA1

                                                                                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                          SHA256

                                                                                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                          SHA512

                                                                                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

                                                                                          Filesize

                                                                                          14B

                                                                                          MD5

                                                                                          ef48733031b712ca7027624fff3ab208

                                                                                          SHA1

                                                                                          da4f3812e6afc4b90d2185f4709dfbb6b47714fa

                                                                                          SHA256

                                                                                          c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

                                                                                          SHA512

                                                                                          ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                          Filesize

                                                                                          231KB

                                                                                          MD5

                                                                                          14f1f872def709887bb463efa2094ab4

                                                                                          SHA1

                                                                                          1a96d8031e293b21bec91ca699865c89d5e0bb4d

                                                                                          SHA256

                                                                                          3db8332e747ebb5d90e8984d870e92fdca6aa6d3d0313a658de905bf71e92c37

                                                                                          SHA512

                                                                                          1cb14e9d921d6470d620d74c9bbf93ceb0fce7ec6707f0ed3fb65b64e6dfe89df0bddef52fff07f381e810d0df5a8ae11505c3798cc93c569cb5893887c45224

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                          Filesize

                                                                                          119KB

                                                                                          MD5

                                                                                          01baa52511f16f77e14137d1bff43910

                                                                                          SHA1

                                                                                          1588844b3942c29167712044562ef76ca0abbe7d

                                                                                          SHA256

                                                                                          2c1fcf319d3b51faac3aa3d2a7d51c5ccd57188d0c2d0c211de1fd96c1d109d4

                                                                                          SHA512

                                                                                          585afd95b693a737e6abaa87bff251b15a9067c9d653d616e8099b4059925a5fe3db4153dd2346ca86b290a5ea34a9e39f3a60c1fb37959c7c95a40eea1f4bb3

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                          Filesize

                                                                                          230KB

                                                                                          MD5

                                                                                          2684db1a63b78ccc53dabdd43cd0934b

                                                                                          SHA1

                                                                                          550da7fe01f6fcd5ada3e411570586fc4a58d156

                                                                                          SHA256

                                                                                          34a31c4f984e530a51367ceddc411a4d27a7eb2f4fbb4eccaa0ff787f025e884

                                                                                          SHA512

                                                                                          a0b0bd5ce909bbc4ca67ce1edddf50238aa9ce8cf006cf9079331e67f3f049f40f098be0f3f48b923a24ebf00c427dad0ea7d9e2e18d5c7ca6c39a7c2fd118a4

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                          Filesize

                                                                                          119KB

                                                                                          MD5

                                                                                          d7a2d76e6190a2d255d9f68f54498c3f

                                                                                          SHA1

                                                                                          946d101cdd99617b867ad700563727be990af3ac

                                                                                          SHA256

                                                                                          78ed5d4e1913f4b0273debf087fb46f9c63165e17658ba37ce9461a7db2358b1

                                                                                          SHA512

                                                                                          c4645fbb9153ec899d205e296c279b92b98b5c82460b55f981ec60a3cf46a3d822e853c7075e37b16c6a2e7bcd28162e0bfc240e8f8c2a8a41f18cbe54738d15

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                                                                          Filesize

                                                                                          86B

                                                                                          MD5

                                                                                          961e3604f228b0d10541ebf921500c86

                                                                                          SHA1

                                                                                          6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                                          SHA256

                                                                                          f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                                          SHA512

                                                                                          535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          3d68c7edc2a288ee58e6629398bb9f7c

                                                                                          SHA1

                                                                                          6c1909dea9321c55cae38b8f16bd9d67822e2e51

                                                                                          SHA256

                                                                                          dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

                                                                                          SHA512

                                                                                          0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          c03d23a8155753f5a936bd7195e475bc

                                                                                          SHA1

                                                                                          cdf47f410a3ec000e84be83a3216b54331679d63

                                                                                          SHA256

                                                                                          6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

                                                                                          SHA512

                                                                                          6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                          Filesize

                                                                                          144B

                                                                                          MD5

                                                                                          f61b578cc3c1c834362c4494359be3dd

                                                                                          SHA1

                                                                                          a6a7dd9aa20a08dadf0c970766074319d92f7044

                                                                                          SHA256

                                                                                          c2ad1e31c07da3682206b76897b810036533ab3f1c64f379a0294da1ef9349df

                                                                                          SHA512

                                                                                          8f0c8aa06e71223824b31d76cd19a2f8dc9ca55fe1dd36deaf5ccc5c66ae6136b44b6a935f8f879c9d4a40fe716a305ab20064a740c11cd9e062b09e3e672a51

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                          Filesize

                                                                                          391B

                                                                                          MD5

                                                                                          b15ca352a2f208a7f0fcce0996404cb7

                                                                                          SHA1

                                                                                          c4bbe66ab7d727e190e511b276b25a52d7d41df5

                                                                                          SHA256

                                                                                          21f7392ea9180d4bfaa71f853089c07c2d2023604274f4ad8790ec7308343959

                                                                                          SHA512

                                                                                          d00a1135f39eb765f53c55ec2e99683863c610404617e6c0fd41a1f4f7fffacb22ce22cc887ca4a70989491a643d764c2306c8a77302f5f98402278e3e466f85

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          5KB

                                                                                          MD5

                                                                                          7897b3ac59e78ab195dd94d4de6dda52

                                                                                          SHA1

                                                                                          62b65aa2fbe4b0d1a64c4290a3729e59e6f16916

                                                                                          SHA256

                                                                                          65140d95b4c95b39046025f34da2d7371673664b875482a7ceeee8241f26ad8a

                                                                                          SHA512

                                                                                          a37e226cd66fcccadce36fb2a0086f3efbe63e57639fdc5c4b285f59d7699a4a226c862e5988c0cffd8f9c9c3877a5237e9fdf3c0995a5f7b7f9ceb6e0ff53c8

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          f979df340adb66532bdf6c5e8bef4cb9

                                                                                          SHA1

                                                                                          d018548240c9eac4202ed3b5736bad87c3d9dbc7

                                                                                          SHA256

                                                                                          4171d4839aa3402b3e862cc185aa96f07fe73cd0c874437a0c0b3fca2ff97f84

                                                                                          SHA512

                                                                                          bb1bc21edff6469845f3dafd86366acf89d923a8435f0b16756f822ff7bb4530ef10c80ec860d0657f722a6a2178ca7dec4e84bfc5751a2cfcbf9a6c731e8841

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          91bcb098fbf9fec6f59a3bf7ac31b2d4

                                                                                          SHA1

                                                                                          ac010e9a4ba52ba62fc916ed1aeecc794dd8faf1

                                                                                          SHA256

                                                                                          7a4ecd51c26660bb99e4a1439b55af387b804800a1dfd6e5a00053e5be336558

                                                                                          SHA512

                                                                                          76b239b1173b1d6f53b54792d0b63b0c2819d47d9fd2baf3e06c9136aec79ef9ea0718b17292480338756145d45042dfd0aec325e8c26018d49ca1867da659f6

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                          Filesize

                                                                                          16B

                                                                                          MD5

                                                                                          46295cac801e5d4857d09837238a6394

                                                                                          SHA1

                                                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                          SHA256

                                                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                          SHA512

                                                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                          Filesize

                                                                                          16B

                                                                                          MD5

                                                                                          206702161f94c5cd39fadd03f4014d98

                                                                                          SHA1

                                                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                          SHA256

                                                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                          SHA512

                                                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          5be5227d27d6ca79e0def93e6a766d00

                                                                                          SHA1

                                                                                          64eb4166cbfb263a480904b59eec6fa214ffdd72

                                                                                          SHA256

                                                                                          e9583e39276df9331ab31ca71264a6f41f72fed6821fd538e3878c7a5e41ff23

                                                                                          SHA512

                                                                                          c565c196525ae9da84183b29583ea36ae55918b9b7a40f19382337a51abcd9c19231f97ef3749395a49977f3848f991d4e47c932f0152e471b09e0fb3b945f84

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          95fcdc32a0af48c85f06b95b37abaa33

                                                                                          SHA1

                                                                                          2a22402777f9c749b30e353cb69530cf51dbe531

                                                                                          SHA256

                                                                                          02bd62fa465e5f08bc181135d602a871ef848d8817f04150dadf8ad79dc32bb7

                                                                                          SHA512

                                                                                          fca72d2d9ad2b587e3974a3ce793d865ca77a8ed36f45192b808c48a47467484410574aed6a656a0369bfa35e2920359667b3a46540a5ee5e72d10a86c9b1808

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

                                                                                          Filesize

                                                                                          14KB

                                                                                          MD5

                                                                                          c0c74d6545ed5f3dec5796bccdad72d9

                                                                                          SHA1

                                                                                          818d449866f4a7fa9c2e52c27f531e4a77ce51e6

                                                                                          SHA256

                                                                                          8331e5b3aca998fa2198fc155a2a0e8c06d493d8b2cd208cc2018baf56f82728

                                                                                          SHA512

                                                                                          3a4aee12ef75edefbf7b3098da73c2b4f024ef64d5975f2d6c40e8207c2716920294f1731413adf397b731240cd3e7c15d0a95965c0825cda29b2244ffc7dba5

                                                                                        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c67859aa-1cc9-4032-b30e-489830f0fbea.down_data

                                                                                          Filesize

                                                                                          555KB

                                                                                          MD5

                                                                                          5683c0028832cae4ef93ca39c8ac5029

                                                                                          SHA1

                                                                                          248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                                                                          SHA256

                                                                                          855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                                                                          SHA512

                                                                                          aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                                                                        • C:\Users\Admin\AppData\Local\Temp\6ad8e32a-5a63-4d0a-b9ca-bbeb3d9c0a64.tmp

                                                                                          Filesize

                                                                                          1B

                                                                                          MD5

                                                                                          5058f1af8388633f609cadb75a75dc9d

                                                                                          SHA1

                                                                                          3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                          SHA256

                                                                                          cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                          SHA512

                                                                                          0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir1728_641763512\02395a46-ae1d-4f68-a7a4-eb5e70b5e423.tmp

                                                                                          Filesize

                                                                                          135KB

                                                                                          MD5

                                                                                          3f6f93c3dccd4a91c4eb25c7f6feb1c1

                                                                                          SHA1

                                                                                          9b73f46adfa1f4464929b408407e73d4535c6827

                                                                                          SHA256

                                                                                          19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

                                                                                          SHA512

                                                                                          d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir1728_641763512\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                          Filesize

                                                                                          711B

                                                                                          MD5

                                                                                          558659936250e03cc14b60ebf648aa09

                                                                                          SHA1

                                                                                          32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                          SHA256

                                                                                          2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                          SHA512

                                                                                          1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                        • C:\Users\Admin\Downloads\AIMMY AI.exe:Zone.Identifier

                                                                                          Filesize

                                                                                          26B

                                                                                          MD5

                                                                                          fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                          SHA1

                                                                                          d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                          SHA256

                                                                                          eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                          SHA512

                                                                                          aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 755983.crdownload

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          MD5

                                                                                          07feba62b19fa1437ff17074de523fb1

                                                                                          SHA1

                                                                                          73941a08b1832e4d4daccb62c3e688984695a858

                                                                                          SHA256

                                                                                          0cfae6c2532a5cfcf687af7bb26ced24ab932c327e87e3ad778799d3d2b82a68

                                                                                          SHA512

                                                                                          ea1c4ecf31e1a18dfca93c6ea0fa3465436c9ee0e295307d56b8566849fc9d6ff83e2768dd9cf90cf85b91292adc9d29f2c4a399f0140e9f9fad70d68f68e304

                                                                                        • memory/3364-99-0x0000000000420000-0x0000000000744000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                        • memory/3660-109-0x000000001C910000-0x000000001C960000-memory.dmp

                                                                                          Filesize

                                                                                          320KB

                                                                                        • memory/3660-110-0x000000001CA20000-0x000000001CAD2000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                        We care about your privacy.

                                                                                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.