quasar | hxxps://gofile[.]io/d/HQdVvH

Analysis

max time kernel
163s
max time network
164s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09/12/2024, 16:58 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/HQdVvH

Score

10^/10

quasar ratt defense_evasion discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

RATT

REATTY-39697.portmap.host:39697

Mutex

c495778e-b39b-4a41-a334-92a92e0045f6

Attributes

encryption_key
DFF3B9FA24D9D7DB4D5E0215CD03FD70D0300D2D
install_name
Skibidi.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
RAT TEST

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x001900000002aaba-67.dat	family_quasar
behavioral1/memory/3364-99-0x0000000000420000-0x0000000000744000-memory.dmp	family_quasar

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
3364	AIMMY AI.exe
3660	Skibidi.exe
2592	AIMMY AI.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\AIMMY AI.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133782371883030964"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 755983.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\AIMMY AI.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\RAT TEST\Skibidi.exe\:SmartScreen:$DATA	AIMMY AI.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
1464	msedge.exe
1464	msedge.exe
3396	msedge.exe
3396	msedge.exe
2364	identity_helper.exe
2364	identity_helper.exe
2888	msedge.exe
2888	msedge.exe
1728	chrome.exe
1728	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3364	AIMMY AI.exe
Token: SeDebugPrivilege	3660	Skibidi.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
3660	Skibidi.exe
1464	msedge.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
3660	Skibidi.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3892	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 3948	1464	msedge.exe	77
PID 1464 wrote to memory of 3948	1464	msedge.exe	77
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4220	1464	msedge.exe	78
PID 1464 wrote to memory of 4720	1464	msedge.exe	79
PID 1464 wrote to memory of 4720	1464	msedge.exe	79
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80
PID 1464 wrote to memory of 2424	1464	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/HQdVvH
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e9be3cb8,0x7ff8e9be3cc8,0x7ff8e9be3cd8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2888
- C:\Users\Admin\Downloads\AIMMY AI.exe
  "C:\Users\Admin\Downloads\AIMMY AI.exe"
  2⤵
  - Executes dropped EXE
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  PID:3364
- - C:\Users\Admin\AppData\Roaming\RAT TEST\Skibidi.exe
    "C:\Users\Admin\AppData\Roaming\RAT TEST\Skibidi.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,2935085231313662311,9106778255825828669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:4548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2376

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:1424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d780cc40,0x7ff8d780cc4c,0x7ff8d780cc58
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2328,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2316 /prefetch:2
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1656,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1976,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4312 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4312,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5212,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4684,i,10355981396791649601,10072052910176262665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:2
  2⤵
  PID:1288

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4716

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff8d780cc40,0x7ff8d780cc4c,0x7ff8d780cc58
  2⤵
  PID:500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1684,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3512,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4556,i,3342105209857181124,14830358037100502574,262144 --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:2948

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4332

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4716

C:\Users\Admin\Downloads\AIMMY AI.exe
"C:\Users\Admin\Downloads\AIMMY AI.exe"
1⤵
- Executes dropped EXE
PID:2592

Network

DNS

gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A

Response

gofile.io

IN A

45.112.123.126
DNS

ocsp.digicert.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
DNS

8.8.8.8.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

store9.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

store9.gofile.io

IN A

Response

store9.gofile.io

IN A

94.139.32.9
DNS

browser.pipe.aria.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

browser.pipe.aria.microsoft.com

IN A

Response

browser.pipe.aria.microsoft.com

IN CNAME

browser.events.data.trafficmanager.net

browser.events.data.trafficmanager.net

IN CNAME

onedscolprdeus08.eastus.cloudapp.azure.com

onedscolprdeus08.eastus.cloudapp.azure.com

IN A

20.42.65.88
DNS

www.bing.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.bing.com

IN A

Response

www.bing.com

IN CNAME

www-www.bing.com.trafficmanager.net

www-www.bing.com.trafficmanager.net

IN CNAME

www.bing.com.edgekey.net

www.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

92.123.128.140

e86303.dscx.akamaiedge.net

IN A

92.123.128.134

e86303.dscx.akamaiedge.net

IN A

92.123.128.136

e86303.dscx.akamaiedge.net

IN A

92.123.128.137

e86303.dscx.akamaiedge.net

IN A

92.123.128.139

e86303.dscx.akamaiedge.net

IN A

92.123.128.138

e86303.dscx.akamaiedge.net

IN A

92.123.128.135

e86303.dscx.akamaiedge.net

IN A

92.123.128.142

e86303.dscx.akamaiedge.net

IN A

92.123.128.141
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

teams-ring.msedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

teams-ring.msedge.net

IN A

Response

teams-ring.msedge.net

IN CNAME

teams-ring.teams-9999.teams-msedge.net

teams-ring.teams-9999.teams-msedge.net

IN CNAME

teams-9999.teams-msedge.net

teams-9999.teams-msedge.net

IN A

52.113.196.254
DNS

33.200.250.142.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

nexusrules.officeapps.live.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.227.14
DNS

254.42.107.13.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

254.42.107.13.in-addr.arpa

IN PTR

Response
DNS

14.178.250.142.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

14.178.250.142.in-addr.arpa

IN PTR

Response

14.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f141e100net
GET

https://gofile.io/d/HQdVvH

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /d/HQdVvH HTTP/2.0
host: gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:23 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"1cfa-19389589822"
content-encoding: gzip
GET

https://gofile.io/dist/css/output.css

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /dist/css/output.css HTTP/2.0
host: gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:23 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"1071f-1938958981e"
content-encoding: gzip
GET

https://gofile.io/plugins/fontawesome/css/all.min.css

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /plugins/fontawesome/css/all.min.css HTTP/2.0
host: gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:23 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"17906-19389589822"
content-encoding: gzip
GET

https://gofile.io/dist/js/global.js

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/global.js HTTP/2.0
host: gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:23 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sat, 07 Dec 2024 16:03:37 GMT
etag: W/"55ebf-193a1dcba61"
content-encoding: gzip
GET

https://gofile.io/dist/js/framework.js

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/framework.js HTTP/2.0
host: gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:23 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Dec 2024 03:24:05 GMT
etag: W/"231b-1938fb24543"
content-encoding: gzip
GET

https://gofile.io/dist/js/blockies.min.js

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/blockies.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:23 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"55a-1938958981e"
content-encoding: gzip
GET

https://gofile.io/dist/img/logo-small-70.png

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /dist/img/logo-small-70.png HTTP/2.0
host: gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:24 GMT
content-type: image/png
content-length: 2367
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"93f-1938958981e"
GET

https://gofile.io/plugins/fontawesome/webfonts/fa-solid-900.woff2

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /plugins/fontawesome/webfonts/fa-solid-900.woff2 HTTP/2.0
host: gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://gofile.io
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:24 GMT
content-type: font/woff2
content-length: 157192
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:25 GMT
etag: W/"26608-1938958982a"
GET

https://gofile.io/plugins/fontawesome/webfonts/fa-brands-400.woff2

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /plugins/fontawesome/webfonts/fa-brands-400.woff2 HTTP/2.0
host: gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://gofile.io
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:24 GMT
content-type: font/woff2
content-length: 118072
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"1cd38-19389589822"
GET

https://gofile.io/dist/img/favicon32.png

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /dist/img/favicon32.png HTTP/2.0
host: gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:24 GMT
content-type: image/png
content-length: 903
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"387-1938958981e"
GET

https://gofile.io/contents/filemanager.html

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /contents/filemanager.html HTTP/2.0
host: gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=GacEmgZlzf6WMPuQbFg4txbdeQFpwY8F

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:24 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Dec 2024 02:58:18 GMT
etag: W/"484e-1938f9aaa9f"
content-encoding: gzip
GET

https://s.gofile.io/js/script.js

msedge.exe

Remote address:

51.75.242.210:443

Request

GET /js/script.js HTTP/2.0
host: s.gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
content-type: application/javascript
cross-origin-resource-policy: cross-origin
date: Mon, 09 Dec 2024 16:58:24 GMT
server: Cowboy
x-content-type-options: nosniff
content-length: 1346
POST

https://api.gofile.io/accounts

msedge.exe

Remote address:

45.112.123.126:443

Request

POST /accounts HTTP/2.0
host: api.gofile.io
content-length: 0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:24 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"b2-X7ZDJqgZHPbdUqOfGWhn46RdkRU"
content-encoding: gzip
OPTIONS

https://api.gofile.io/accounts/website

msedge.exe

Remote address:

45.112.123.126:443

Request

OPTIONS /accounts/website HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:24 GMT
content-type: text/html; charset=utf-8
content-length: 8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
GET

https://api.gofile.io/accounts/website

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /accounts/website HTTP/2.0
host: api.gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
sec-ch-ua-mobile: ?0
authorization: Bearer GacEmgZlzf6WMPuQbFg4txbdeQFpwY8F
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:24 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"144-z5mP6yMmJ5QtGMgYqkBOnXiHE28"
content-encoding: gzip
OPTIONS

https://api.gofile.io/contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1

msedge.exe

Remote address:

45.112.123.126:443

Request

OPTIONS /contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1 HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:25 GMT
content-type: text/html; charset=utf-8
content-length: 8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
GET

https://api.gofile.io/contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1 HTTP/2.0
host: api.gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
sec-ch-ua-mobile: ?0
authorization: Bearer GacEmgZlzf6WMPuQbFg4txbdeQFpwY8F
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:25 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"366-nE/jmvXkF7NCndAvI7zzdiuW624"
content-encoding: gzip
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

9.32.139.94.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.32.139.94.in-addr.arpa

IN PTR

Response
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

2.23.210.88

a767.dspw65.akamai.net

IN A

2.23.210.83
DNS

222.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

222.197.79.204.in-addr.arpa

IN PTR

Response
DNS

10.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.178.250.142.in-addr.arpa

IN PTR

Response

10.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f101e100net
DNS

238.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

254.33.253.131.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.33.253.131.in-addr.arpa

IN PTR

Response
DNS

ln-ring.msedge.net

Remote address:

8.8.8.8:53

Request

ln-ring.msedge.net

IN A

Response

ln-ring.msedge.net

IN CNAME

ln-ring.ln-9999.ln-msedge.net

ln-ring.ln-9999.ln-msedge.net

IN CNAME

ln-9999.ln-msedge.net

ln-9999.ln-msedge.net

IN A

150.171.22.254
DNS

83.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.210.23.2.in-addr.arpa

IN PTR

Response

83.210.23.2.in-addr.arpa

IN PTR

a2-23-210-83deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

210.242.75.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.242.75.51.in-addr.arpa

IN PTR

Response

210.242.75.51.in-addr.arpa

IN PTR

mailgofileio
DNS

135.128.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

135.128.123.92.in-addr.arpa

IN PTR

Response

135.128.123.92.in-addr.arpa

IN PTR

a92-123-128-135deploystaticakamaitechnologiescom
DNS

fp.msedge.net

Remote address:

8.8.8.8:53

Request

fp.msedge.net

IN A

Response

fp.msedge.net

IN CNAME

1.perf.msedge.net

1.perf.msedge.net

IN CNAME

a-0019.a-msedge.net

a-0019.a-msedge.net

IN CNAME

a-0019.a.dns.azurefd.net

a-0019.a.dns.azurefd.net

IN CNAME

a-0019.standard.a-msedge.net

a-0019.standard.a-msedge.net

IN A

204.79.197.222
DNS

www.googleapis.com

Remote address:

8.8.8.8:53

Request

www.googleapis.com

IN A

Response

www.googleapis.com

IN A

142.250.178.10

www.googleapis.com

IN A

142.250.187.202

www.googleapis.com

IN A

142.250.179.234

www.googleapis.com

IN A

172.217.16.234

www.googleapis.com

IN A

216.58.201.106

www.googleapis.com

IN A

216.58.213.10

www.googleapis.com

IN A

142.250.187.234

www.googleapis.com

IN A

172.217.169.42

www.googleapis.com

IN A

216.58.204.74

www.googleapis.com

IN A

142.250.200.42

www.googleapis.com

IN A

172.217.169.74

www.googleapis.com

IN A

172.217.169.10

www.googleapis.com

IN A

142.250.180.10

www.googleapis.com

IN A

216.58.212.202

www.googleapis.com

IN A

142.250.200.10
DNS

3.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.178.250.142.in-addr.arpa

IN PTR

Response

3.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f31e100net
DNS

clients2.googleusercontent.com

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN A

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

a-ring-fallback.msedge.net

Remote address:

8.8.8.8:53

Request

a-ring-fallback.msedge.net

IN A

Response

a-ring-fallback.msedge.net

IN CNAME

a-9999.a-dc-msedge.net

a-9999.a-dc-msedge.net

IN A

131.253.33.254
DNS

l-ring.msedge.net

Remote address:

8.8.8.8:53

Request

l-ring.msedge.net

IN A

Response

l-ring.msedge.net

IN CNAME

l-ring.l-9999.l-msedge.net

l-ring.l-9999.l-msedge.net

IN CNAME

l-9999.l-msedge.net

l-9999.l-msedge.net

IN A

13.107.42.254
DNS

254.22.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.22.171.150.in-addr.arpa

IN PTR

Response
POST

https://s.gofile.io/api/event

msedge.exe

Remote address:

51.75.242.210:443

Request

POST /api/event HTTP/2.0
host: s.gofile.io
content-length: 74
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 202

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
content-type: text/plain; charset=utf-8
date: Mon, 09 Dec 2024 16:58:24 GMT
server: Cowboy
x-request-id: GA-QuMjRfcYKzP9Sl78E
content-length: 2
GET

https://store9.gofile.io/download/web/7bd11f4f-63cc-4534-a5dc-51a2fe19d4f9/AIMMY%20AI.exe

msedge.exe

Remote address:

94.139.32.9:443

Request

GET /download/web/7bd11f4f-63cc-4534-a5dc-51a2fe19d4f9/AIMMY%20AI.exe HTTP/2.0
host: store9.gofile.io
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=GacEmgZlzf6WMPuQbFg4txbdeQFpwY8F

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Mon, 09 Dec 2024 16:58:28 GMT
content-type: application/x-ms-dos-executable
content-length: 3266048
accept-ranges: bytes
access-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Encoding, Content-Range
content-disposition: attachment; filename*=UTF-8''AIMMY%20AI.exe
last-modified: Sun, 08 Dec 2024 21:54:04 GMT
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CPKVywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGIHE3LoGIjDvo-oMvB_UpwxCJRkgKrOdLhT30f9bciGnkMbXw4bxbAta4Q-7-0dAYXuq8o43KqsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGIHE3LoGIjDvo-oMvB_UpwxCJRkgKrOdLhT30f9bciGnkMbXw4bxbAta4Q-7-0dAYXuq8o43KqsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
x-client-data: CPKVywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGIHE3LoGIjCutXT8Jo9pblIo78GkmfmfNiHbS4vLV7ldP7wXJ5HUNyl2rfLVeeKUANh5NMjA1pgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGIHE3LoGIjCutXT8Jo9pblIo78GkmfmfNiHbS4vLV7ldP7wXJ5HUNyl2rfLVeeKUANh5NMjA1pgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D63%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D63%2526e%253D1

chrome.exe

Remote address:

142.250.187.238:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D63%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D63%2526e%253D1 HTTP/2.0
host: clients2.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=SeWEcgCM-lwmc15khskuRBStdkeJ_KzXINasBBA5J-TMDwlKqaVeTXvwt5WDdu_C5z3nYg977SFqd_ug5zRkmaLpT4SPVCaR23O5QeFH0FKOKW5mX8SBZc1gMM2fwgaIwrVIv1gpqwJzYPNZZfT7eEvv94yJ95Moea37gVhSWPa_lPXhHi39Xpxy7lifwA_pTDI
GET

https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/2.0
host: clients2.googleusercontent.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

45.112.123.126:443

https://gofile.io/contents/filemanager.html

tls, http2

msedge.exe

11.3kB
431.1kB
203
332

HTTP Request

GET https://gofile.io/d/HQdVvH

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/output.css

HTTP Request

GET https://gofile.io/plugins/fontawesome/css/all.min.css

HTTP Request

GET https://gofile.io/dist/js/global.js

HTTP Request

GET https://gofile.io/dist/js/framework.js

HTTP Request

GET https://gofile.io/dist/js/blockies.min.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/logo-small-70.png

HTTP Response

200

HTTP Request

GET https://gofile.io/plugins/fontawesome/webfonts/fa-solid-900.woff2

HTTP Request

GET https://gofile.io/plugins/fontawesome/webfonts/fa-brands-400.woff2

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon32.png

HTTP Response

200

HTTP Request

GET https://gofile.io/contents/filemanager.html

HTTP Response

200
45.112.123.126:443

gofile.io

tls, http2

msedge.exe

989 B
4.6kB
9
9
51.75.242.210:443

https://s.gofile.io/js/script.js

tls, http2

msedge.exe

2.3kB
6.3kB
17
16

HTTP Request

GET https://s.gofile.io/js/script.js

HTTP Response

200
45.112.123.126:443

https://api.gofile.io/contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1

tls, http2

msedge.exe

2.4kB
10.5kB
20
24

HTTP Request

POST https://api.gofile.io/accounts

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/accounts/website

HTTP Response

200

HTTP Request

GET https://api.gofile.io/accounts/website

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1

HTTP Response

200

HTTP Request

GET https://api.gofile.io/contents/HQdVvH?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1

HTTP Response

200
51.75.242.210:443

https://s.gofile.io/api/event

tls, http2

msedge.exe

2.4kB
4.9kB
16
14

HTTP Request

POST https://s.gofile.io/api/event

HTTP Response

202
94.139.32.9:443

https://store9.gofile.io/download/web/7bd11f4f-63cc-4534-a5dc-51a2fe19d4f9/AIMMY%20AI.exe

tls, http2

msedge.exe

113.8kB
3.4MB
2014
2438

HTTP Request

GET https://store9.gofile.io/download/web/7bd11f4f-63cc-4534-a5dc-51a2fe19d4f9/AIMMY%20AI.exe

HTTP Response

200
94.139.32.9:443

store9.gofile.io

tls

msedge.exe

989 B
4.5kB
9
8
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
2.18.66.42:443

www.bing.com

tls

81.3kB
118.2kB
218
173
92.123.128.135:443

r.bing.com

tls

79.1kB
1.9MB
1451
1406
92.123.128.135:443

r.bing.com

tls

2.1kB
1.2kB
16
13
92.123.128.135:443

r.bing.com

tls

1.4kB
1.1kB
14
12
92.123.128.135:443

r.bing.com

tls

1.4kB
1.1kB
14
12
92.123.128.135:443

r.bing.com

tls

1.4kB
1.1kB
14
12
92.123.128.135:443

r.bing.com

tls

1.4kB
1.1kB
14
12
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
160 B
5
4
20.42.65.88:443

browser.pipe.aria.microsoft.com

tls

7.4kB
8.2kB
33
21
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
92.123.128.140:443

www.bing.com

tls

BackgroundTransferHost.exe

21.0kB
593.0kB
437
433
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
142.250.187.196:443

https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGIHE3LoGIjCutXT8Jo9pblIo78GkmfmfNiHbS4vLV7ldP7wXJ5HUNyl2rfLVeeKUANh5NMjA1pgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

tls, http2

chrome.exe

3.3kB
17.2kB
34
38

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGIHE3LoGIjDvo-oMvB_UpwxCJRkgKrOdLhT30f9bciGnkMbXw4bxbAta4Q-7-0dAYXuq8o43KqsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGIHE3LoGIjCutXT8Jo9pblIo78GkmfmfNiHbS4vLV7ldP7wXJ5HUNyl2rfLVeeKUANh5NMjA1pgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.250.187.238:443

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D63%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D63%2526e%253D1

tls, http2

chrome.exe

2.1kB
9.6kB
15
17

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D63%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D63%2526e%253D1
52.113.196.254:443

teams-ring.msedge.net

tls

2.2kB
8.6kB
22
20
142.250.200.33:443

https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx

tls, http2

chrome.exe

4.8kB
156.3kB
77
118

HTTP Request

GET https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
150.171.64.254:443

ev2-ring.msedge.net

tls

2.2kB
8.6kB
22
20
131.253.33.254:443

a-ring-fallback.msedge.net

tls

2.2kB
8.6kB
22
20
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
2.22.249.220:443

ow1.res.office365.com

tls

1.8kB
7.6kB
22
19
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
150.171.22.254:443

ln-ring.msedge.net

tls

2.2kB
8.6kB
22
20
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
142.250.187.196:443

www.google.com

tls

chrome.exe

970 B
4.6kB
8
9
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
142.250.178.14:443

chrome.google.com

tls, http2

chrome.exe

907 B
8.0kB
7
8
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

260 B
200 B
5
5
193.161.193.99:39697

REATTY-39697.portmap.host

Skibidi.exe

52 B
1

8.8.8.8:53

gofile.io

dns

msedge.exe

802 B
1.7kB
12
12

DNS Request

gofile.io

DNS Response

45.112.123.126

DNS Request

ocsp.digicert.com

DNS Response

192.229.221.95

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

store9.gofile.io

DNS Response

94.139.32.9

DNS Request

browser.pipe.aria.microsoft.com

DNS Response

20.42.65.88

DNS Request

www.bing.com

DNS Response

92.123.128.140

92.123.128.134

92.123.128.136

92.123.128.137

92.123.128.139

92.123.128.138

92.123.128.135

92.123.128.142

92.123.128.141

DNS Request

www.google.com

DNS Response

142.250.187.196

DNS Request

teams-ring.msedge.net

DNS Response

52.113.196.254

DNS Request

33.200.250.142.in-addr.arpa

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.227.14

DNS Request

254.42.107.13.in-addr.arpa

DNS Request

14.178.250.142.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

640 B
1.3kB
9
9

DNS Request

172.210.232.199.in-addr.arpa

DNS Request

9.32.139.94.in-addr.arpa

DNS Request

ctldl.windowsupdate.com

DNS Response

2.23.210.88

2.23.210.83

DNS Request

222.197.79.204.in-addr.arpa

DNS Request

10.178.250.142.in-addr.arpa

DNS Request

238.187.250.142.in-addr.arpa

DNS Request

254.33.253.131.in-addr.arpa

DNS Request

ln-ring.msedge.net

DNS Response

150.171.22.254

DNS Request

83.210.23.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

697 B
1.5kB
10
10

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

210.242.75.51.in-addr.arpa

DNS Request

135.128.123.92.in-addr.arpa

DNS Request

fp.msedge.net

DNS Response

204.79.197.222

DNS Request

www.googleapis.com

DNS Response

142.250.178.10

142.250.187.202

142.250.179.234

172.217.16.234

216.58.201.106

216.58.213.10

142.250.187.234

172.217.169.42

216.58.204.74

142.250.200.42

172.217.169.74

172.217.169.10

142.250.180.10

216.58.212.202

142.250.200.10

DNS Request

3.178.250.142.in-addr.arpa

DNS Request

clients2.googleusercontent.com

DNS Response

142.250.200.33

DNS Request

a-ring-fallback.msedge.net

DNS Response

131.253.33.254

DNS Request

l-ring.msedge.net

DNS Response

13.107.42.254

DNS Request

254.22.171.150.in-addr.arpa
224.0.0.251:5353

chrome.exe

920 B
14
142.250.187.196:443

www.google.com

https

chrome.exe

2.4kB
10.7kB
11
13
142.250.187.196:443

www.google.com

https

chrome.exe

5.6kB
21.4kB
33
36
142.250.187.238:443

clients2.google.com

https

chrome.exe

3.8kB
8.1kB
10
11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
46b257e2db3a3cab4fe4e8b36a53c612

SHA1
2327a773bca75530bc9bd7c74ef0ec3acbf99adf

SHA256
e7c310337da9c0b11f73414f116c230092a508f82fe7a57d2fb80a16d1d0973f

SHA512
6c9cdbac647aa323073edce54767cff14c7d54ae4b41034980833ccf8567d05985fb9a148772241f9a070622951af71e0cd943dddc1bbf445dc1c217393855e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
887573e2876533d4df57ab38d38edf7d

SHA1
384cd029e2e7cba8394c5af35e3338622d20d9e2

SHA256
44a6e546f23580b363362960026a6e9f06d061bc2e06bb253b886a801d933ad5

SHA512
dc8034e57d76e0e05b03e8e1820ca4886decccbde38ae1ded4e25b0f4811d8137e16be024408390073eb0d39788ae4b58298324879232b73345234c3189e4f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
e6247479f4efdcf53d97aa7ecd2f7e4e

SHA1
31395ed18c041ff72b668328e6c871807dc8384b

SHA256
c52e2ae41f4c5b8a899e2760004aa892db8ce87eff2db3239c0bc434b42b9600

SHA512
c6155b16d091011f220a924f975c74a6a899c57bd5b3ba931e32552e2ddd9832ddd7f5f3865ca38dd7ba3351dc9a7b26875c6b85ba4232ab6b2c050e4f8fc544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
7089f18ef2c7e39fa47f692927e6efca

SHA1
8dc8cdc1707bdd541c33bac0daeea212bbe95413

SHA256
b6cf9b825f5fa84f8907ed45201b79232b0acac8b7657ec7b80569ce2f19825d

SHA512
4a44bdba21c0d9e03f77556cae5d6adcf5461c6b7e1c4ef95078a8c4924ff16c552953c085c94e73b0c1b624f2dc1e495b09c9c91df63d470cb65d46fe120678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
2748b5b856bb1b1da2e2e49597137613

SHA1
1405d2462e2d169f5f3b2722bad4c308cd18a154

SHA256
35b67178f01850c26929c7e12347888cc439a92730e41014894f61ff8ac06c5a

SHA512
318758954371218a8d09d4a2554d5b2689d6db0f974f949e435aacbe5bb67a23df4bc9259c138df840fd76a0787cfd8ac762a65c72758590f84330c13c019b37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_metadata\computed_hashes.json

Filesize
4KB

MD5
ae2cab9df62079b9361bfaecb5bf2e4b

SHA1
c4c78439440f0692651762bbeb8f65219baf3dae

SHA256
40cb66fcbedebbcdfc22295dd71048c30e839510d2718ae4e651761c78647c01

SHA512
fc18e4d986504de1f13606402fba65de0cbcc156b159aec4d6bea1c61387a77b5d94937ddcdd0328ead03040446f474fc47bd0ea38e7ecb889d196c668e34403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_metadata\verified_contents.json

Filesize
11KB

MD5
250c48f4915dd4c0dfa7e7e021a4f066

SHA1
092a98bf40d8c18280393bf3811a7dfa9a9fd326

SHA256
26d9b129339e2e2eb8e0223e16db3cf0ea220ac0799480d462c236e6a425665e

SHA512
8b18e232992e55e8da97ac46d7aaca061508341d1eadceff1e9d0677734dfa8b892ab44754a3aa100585f5b2f2562bc4f2d7103065050ffcd00f91d5915ce5e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
909e42f13842c8072b30efd043f656aa

SHA1
6d4fade5c2940494c7573a255b42e0bd1c8b3aab

SHA256
ccd6eac0fd5a742a74159ef089c508901edb56fe785a5c558b0e9d3a9904b83f

SHA512
63aed0c81acaf121dabdba2ee3068cbb01f0859b221cd146b52d93ecb75bc8ccfe75bf49a9045f891db8112333071670fa46e7231d327e572a881c4bf031e8ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
725f7e7c8c1ae018f081ff221408c559

SHA1
1d68735cb9b90a26758ed12008a9f1724534564a

SHA256
865ada3b061777c79314d1addea3377e66946d96b1da9ea9601c26593d4c5689

SHA512
407c45addf353136a2b34a848eb8b257ac3b79f736dbd8e773d1ebe55e481dac8a4a926be554c82ff146b3983ae9e675542b6c550b80169fdf81e65a1369c17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
e65c292e287b46e0bcd227ab655d50ef

SHA1
29458a8b0ef0a0c6f24f61935a3b9c92acda38d5

SHA256
03228b074199c09ea1bf974a2031fa6d49535da4cf860851bcc1c8436cf5db49

SHA512
1ec9d2e5dc995a945cee0ab534563236818e8ad7bbf5ccebfe3279523a1959ed9c29ed498cfb7625f8c9efa7b260af54a694c156f66fde82029321a5972ce952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1db03eb5cee640a93744925c3b04ba7b

SHA1
754de22fc23ad2d7a2389ef76eee1dbbc4fa3dc5

SHA256
99fc53fc239a74dde7e1bba07255abf880ddeeb788a23c97835dcc79021cc16c

SHA512
c83179229ff8635da91ae79766100f33a819faf39035d735530939d5a04ebd5cd525233c2eb08595fc323cc82ff963d8f97d3aa8c96c6a920451606e5c825935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
8ab9c618ef93181d65b3ddfb369194a8

SHA1
2162eb49a0b86538156afb599762e4dd13160294

SHA256
7f238daa76ab47844a53e8af718622b786f172fb7f5954888daa47b8c6423faf

SHA512
bdb39eb23a2818a93eb71723604c7efc0cbc9bd90e6c0c11d3fdc1973b967d99b41f36edc642effea03ecd221c1237ae0b2cf7d8102145d28d831017ca09e32e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e85e9478b8f68ee6ba5a68a759f60670

SHA1
d06f2cd649dd80fb7d56c39725d072fd7ae81d6f

SHA256
9cd75a2db86c9788714b14da06910f455f0c4a6df4d118fbb9e25bbc1011feec

SHA512
6005ba7e043106bba2b3f8ec5b0d5591ac53a516894b626236df95df8779a85ea485ea93bc608ed0b77365c70d19cbc173f707c007f7169db835513964caff1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bc71c61300ed54acdf1d596e181a55fd

SHA1
66a2e42e45d72033e528656e62aad8ba97bf807e

SHA256
f457ad8b010dcc7eba5b4dc3764d0344ad46f8a81c9e5bfec55b4c26c3cea4fd

SHA512
bea360c4a64404db70e423618817801294c4bec410cab78c8bd688b2ab97ecdd8c6e76f3b0b3be085204b64d21df4eee383fbf727eae73f5207ac3db23a15825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03b80f2c153a877c3e7b998c6feb85b9

SHA1
4d7362a99a4757ddcbbe37d3494010afa718c3e9

SHA256
f4e828c6c5d2e96bf0b99ba8e2053d201f51270e8b8890ebf267be2265645ea8

SHA512
5b3c9ce491122c1e43233127c5f6d5bf07033fd0cda449dd31438aeb7f1759b43b9c926644878faa7e98550add0136dabfea63b6265432269e85155cecdc865e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6243eec0567272e7491cefc13aafbbff

SHA1
dccab37b216c635bd1b3b7caaffc282c07ba3236

SHA256
cd463df75c5bf7b578c35a0bc294b7960a6bca4b8614d082f2e0966ea6b66a42

SHA512
4680e4098190afb3760940fb00764d3dda36e66fea6dd564b4f232f344bc65a1da478bd33a9efeb3f762c9169dbf88f3034e731da79f20bd1e4f3b37f0ccdeaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89788417afdc4545eed2550bc0fd9417

SHA1
8b849259bd9173b7180976931d4d2e64d6623d63

SHA256
0a87972e46fb757bdd7df113e8d5c58a2010c9ba52abb76b27fb05db37eb1d8c

SHA512
0a738fc61549033f012c6bb51202ae4d3a87758c5499103ac767bb719e2b0b5d57e4e1e24cd1361b1baa99eed3e26f08d094c6844adaaa21d178b6d3594b58a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7184c6ad20718a78d2060161aaf93f45

SHA1
1243fbf55e5f6ab34c38400b9e022210f2a08af7

SHA256
9bb5975406e1012fd83019f01bf8e58dae973971a53aa61f7b10fc0f47012e58

SHA512
6833a6342f8ca71ae69dda922d5c06a02ef055cb54a418214c6e34b6e7ccbee6058c23c748e86b7a9066e5c8f831feed4a4101bd2040fbc2746f2d360bb4a557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04da0adf5d8878c96022af478218f416

SHA1
f40cb2251bcff9e4d6e43627edf815c476e25e44

SHA256
f42989a830d02bd65f6dc15a565a05eaf6e3e95d992f6dcd35298bae4cb1e3e9

SHA512
95905a6df18c4785f88a22f93cb18ca30fe4666f576926df32075fd98423ef186b163a3965e28b3c4d290c3951076c3365868b03e1e7447abce141c1da425566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a2622c9a5e07456870f3a5ebd7c1cb9

SHA1
b94ab21f2b22f2ca56e318379b599473a641cb13

SHA256
345f3b35eda1550f2e888eaa417ce463bb9572f86ce23488f043a962d40d5646

SHA512
5b38d7f8e73f2b363b5042081467c33c7eded3189860f38051be926afd9bd6e47c5d880de9fa5351c1425c1be2d9e3f5bb2390f801548a48b09f783e82ff9826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
93b826ea54a15c80d9fe43e63dd6c8f3

SHA1
643ff2921f51172b27597fda644d408f509105ff

SHA256
50504b08fa2786bce83f422294051313e970434b2eae9906972debdce7f442af

SHA512
8204dd95011b5e610fd9479aa62e60c6383d57ff87af50b7b8e7aa6d63f21b9382282d22c33b0ef670a4ea372af8a4afae5162eef47f741ce74cf623158a5dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
3KB

MD5
e10ac7b2751bbefadc7b65395f5c6d71

SHA1
c30ea795ba320990718792ac82b6bc2a15f9e43b

SHA256
7e803bf80ce5ff1ae4addaab32ef5514524e5c67c884403e13805bda750054c1

SHA512
c2f55d4aba2675faf358822d22d549b5d32063cbb109a8ff3f4dbba0b16e5edcc18cd7a08aa22cc8501c0985a79d2cae4ae3942c479848c114d64d54e2c84fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
df2abad01aa58416080bc69fdac8ae19

SHA1
6f4f98ef8b22a514aa402a4e47af7510ac9284de

SHA256
f70967ccf3a3ee5b124e1e177e8701d8493b9f8d793a80158ca56b5e2c2e61df

SHA512
77367dadda2f573b692254337eadaebe7543842a8c8ea73d5872aedf0799b3b763e6c2342841c65adb2bc1ff048f7b486c05886c3542c8f381f37452f9a035ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6131088211bd80ce2bac88164544f18a

SHA1
40bc6acef66387fff2975bfb7ec98d2621dd2916

SHA256
528ebcd88599f2eb16ac108368ba47553e0e618abc00bd58d1d7d58002b5d579

SHA512
3de83bdd6047d22d442ce8d2a8714bc8ed900a48aec0afd1847fce2060936d01010486017cebe4741cf7f9a02073be0dfbb07d137a55d96be518a117af98dc2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
a282168e676c06eeae6abdc9b8947b59

SHA1
6403266cc387b8614474754d2dc0aed0b0f9ed6c

SHA256
42ab19aeb2ec8a72bede4543f6a4b7e68c3ef37861c645602f0c99c86097be71

SHA512
00894b5534775fe238ff7acf0595b8784f83d4c2962b8f7b7f458ce128b7043211dd8bcb23245f051aaf23cb93d7580e485552a9befbdc88a84ecc6c9bac0ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
454fe36b3e7ce6d0a21b9785b6548bd1

SHA1
04d08d37c0649712a79092acc57090dd7b1f7884

SHA256
d77f0258f4c066a1fc92cca563042e1571d383bc40d104bcffb78b225e05b3d7

SHA512
2844b29b27bd28f42c5783d6461d9a90e2533e570e6386eaa3b016916c8fb41e69768f4c02f18158d8fb17fa48f6bf4f573b541d8f358e26adf464e05b8f1868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
14f1f872def709887bb463efa2094ab4

SHA1
1a96d8031e293b21bec91ca699865c89d5e0bb4d

SHA256
3db8332e747ebb5d90e8984d870e92fdca6aa6d3d0313a658de905bf71e92c37

SHA512
1cb14e9d921d6470d620d74c9bbf93ceb0fce7ec6707f0ed3fb65b64e6dfe89df0bddef52fff07f381e810d0df5a8ae11505c3798cc93c569cb5893887c45224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
01baa52511f16f77e14137d1bff43910

SHA1
1588844b3942c29167712044562ef76ca0abbe7d

SHA256
2c1fcf319d3b51faac3aa3d2a7d51c5ccd57188d0c2d0c211de1fd96c1d109d4

SHA512
585afd95b693a737e6abaa87bff251b15a9067c9d653d616e8099b4059925a5fe3db4153dd2346ca86b290a5ea34a9e39f3a60c1fb37959c7c95a40eea1f4bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
2684db1a63b78ccc53dabdd43cd0934b

SHA1
550da7fe01f6fcd5ada3e411570586fc4a58d156

SHA256
34a31c4f984e530a51367ceddc411a4d27a7eb2f4fbb4eccaa0ff787f025e884

SHA512
a0b0bd5ce909bbc4ca67ce1edddf50238aa9ce8cf006cf9079331e67f3f049f40f098be0f3f48b923a24ebf00c427dad0ea7d9e2e18d5c7ca6c39a7c2fd118a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
d7a2d76e6190a2d255d9f68f54498c3f

SHA1
946d101cdd99617b867ad700563727be990af3ac

SHA256
78ed5d4e1913f4b0273debf087fb46f9c63165e17658ba37ce9461a7db2358b1

SHA512
c4645fbb9153ec899d205e296c279b92b98b5c82460b55f981ec60a3cf46a3d822e853c7075e37b16c6a2e7bcd28162e0bfc240e8f8c2a8a41f18cbe54738d15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f61b578cc3c1c834362c4494359be3dd

SHA1
a6a7dd9aa20a08dadf0c970766074319d92f7044

SHA256
c2ad1e31c07da3682206b76897b810036533ab3f1c64f379a0294da1ef9349df

SHA512
8f0c8aa06e71223824b31d76cd19a2f8dc9ca55fe1dd36deaf5ccc5c66ae6136b44b6a935f8f879c9d4a40fe716a305ab20064a740c11cd9e062b09e3e672a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
391B

MD5
b15ca352a2f208a7f0fcce0996404cb7

SHA1
c4bbe66ab7d727e190e511b276b25a52d7d41df5

SHA256
21f7392ea9180d4bfaa71f853089c07c2d2023604274f4ad8790ec7308343959

SHA512
d00a1135f39eb765f53c55ec2e99683863c610404617e6c0fd41a1f4f7fffacb22ce22cc887ca4a70989491a643d764c2306c8a77302f5f98402278e3e466f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7897b3ac59e78ab195dd94d4de6dda52

SHA1
62b65aa2fbe4b0d1a64c4290a3729e59e6f16916

SHA256
65140d95b4c95b39046025f34da2d7371673664b875482a7ceeee8241f26ad8a

SHA512
a37e226cd66fcccadce36fb2a0086f3efbe63e57639fdc5c4b285f59d7699a4a226c862e5988c0cffd8f9c9c3877a5237e9fdf3c0995a5f7b7f9ceb6e0ff53c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f979df340adb66532bdf6c5e8bef4cb9

SHA1
d018548240c9eac4202ed3b5736bad87c3d9dbc7

SHA256
4171d4839aa3402b3e862cc185aa96f07fe73cd0c874437a0c0b3fca2ff97f84

SHA512
bb1bc21edff6469845f3dafd86366acf89d923a8435f0b16756f822ff7bb4530ef10c80ec860d0657f722a6a2178ca7dec4e84bfc5751a2cfcbf9a6c731e8841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91bcb098fbf9fec6f59a3bf7ac31b2d4

SHA1
ac010e9a4ba52ba62fc916ed1aeecc794dd8faf1

SHA256
7a4ecd51c26660bb99e4a1439b55af387b804800a1dfd6e5a00053e5be336558

SHA512
76b239b1173b1d6f53b54792d0b63b0c2819d47d9fd2baf3e06c9136aec79ef9ea0718b17292480338756145d45042dfd0aec325e8c26018d49ca1867da659f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5be5227d27d6ca79e0def93e6a766d00

SHA1
64eb4166cbfb263a480904b59eec6fa214ffdd72

SHA256
e9583e39276df9331ab31ca71264a6f41f72fed6821fd538e3878c7a5e41ff23

SHA512
c565c196525ae9da84183b29583ea36ae55918b9b7a40f19382337a51abcd9c19231f97ef3749395a49977f3848f991d4e47c932f0152e471b09e0fb3b945f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
95fcdc32a0af48c85f06b95b37abaa33

SHA1
2a22402777f9c749b30e353cb69530cf51dbe531

SHA256
02bd62fa465e5f08bc181135d602a871ef848d8817f04150dadf8ad79dc32bb7

SHA512
fca72d2d9ad2b587e3974a3ce793d865ca77a8ed36f45192b808c48a47467484410574aed6a656a0369bfa35e2920359667b3a46540a5ee5e72d10a86c9b1808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
c0c74d6545ed5f3dec5796bccdad72d9

SHA1
818d449866f4a7fa9c2e52c27f531e4a77ce51e6

SHA256
8331e5b3aca998fa2198fc155a2a0e8c06d493d8b2cd208cc2018baf56f82728

SHA512
3a4aee12ef75edefbf7b3098da73c2b4f024ef64d5975f2d6c40e8207c2716920294f1731413adf397b731240cd3e7c15d0a95965c0825cda29b2244ffc7dba5

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c67859aa-1cc9-4032-b30e-489830f0fbea.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\6ad8e32a-5a63-4d0a-b9ca-bbeb3d9c0a64.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1728_641763512\02395a46-ae1d-4f68-a7a4-eb5e70b5e423.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1728_641763512\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\AIMMY AI.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 755983.crdownload

Filesize
3.1MB

MD5
07feba62b19fa1437ff17074de523fb1

SHA1
73941a08b1832e4d4daccb62c3e688984695a858

SHA256
0cfae6c2532a5cfcf687af7bb26ced24ab932c327e87e3ad778799d3d2b82a68

SHA512
ea1c4ecf31e1a18dfca93c6ea0fa3465436c9ee0e295307d56b8566849fc9d6ff83e2768dd9cf90cf85b91292adc9d29f2c4a399f0140e9f9fad70d68f68e304

Download Submit
memory/3364-99-0x0000000000420000-0x0000000000744000-memory.dmp

Filesize
3.1MB

Download
memory/3660-109-0x000000001C910000-0x000000001C960000-memory.dmp

Filesize
320KB

Download
memory/3660-110-0x000000001CA20000-0x000000001CAD2000-memory.dmp

Filesize
712KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request