hxxps://gofile[.]io/d/OgdM4f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
31/01/2025, 03:06 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/OgdM4f

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
1352	msedge.exe
1352	msedge.exe
2560	identity_helper.exe
2560	identity_helper.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 2956	1352	msedge.exe	79
PID 1352 wrote to memory of 2956	1352	msedge.exe	79
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 3144	1352	msedge.exe	80
PID 1352 wrote to memory of 4220	1352	msedge.exe	81
PID 1352 wrote to memory of 4220	1352	msedge.exe	81
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82
PID 1352 wrote to memory of 5092	1352	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/OgdM4f
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffe212c46f8,0x7ffe212c4708,0x7ffe212c4718
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17938749958302130105,11238180918794644758,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1532

Network

DNS

gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A
DNS

gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A
DNS

gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A
DNS

gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A
DNS

gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A
DNS

nav.smartscreen.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nav.smartscreen.microsoft.com

IN A

Response

nav.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-nav.trafficmanager.net

prod-atm-wds-nav.trafficmanager.net

IN CNAME

prod-agic-uw-3.ukwest.cloudapp.azure.com

prod-agic-uw-3.ukwest.cloudapp.azure.com

IN A

51.11.108.188
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

msedge.exe

Remote address:

51.11.108.188:443

Request

POST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoidHM5d0pSY29jaWc9Iiwia2V5IjoiL2ZrRHlRbEZ2YmpHTG1MMlBUMHFMQT09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 1375
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Date: Fri, 31 Jan 2025 03:07:23 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 953
Connection: keep-alive
Server: Kestrel
Cache-Control: max-age=0, private
Request-Context: appId=cid-v1:365e21c6-df19-4b1c-a612-b572489ace31
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR
DNS

google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A
DNS

google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

216.58.201.110
DNS

google.com

msedge.exe

Remote address:

8.8.4.4:53

Request

google.com

IN A

Response

google.com

IN A

216.58.201.110
DNS

gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A

Response

gofile.io

IN A

45.112.123.126
DNS

nav.smartscreen.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nav.smartscreen.microsoft.com

IN A

Response

nav.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-nav.trafficmanager.net

prod-atm-wds-nav.trafficmanager.net

IN CNAME

prod-agic-us-1.uksouth.cloudapp.azure.com

prod-agic-us-1.uksouth.cloudapp.azure.com

IN A

13.87.96.169
DNS

nav.smartscreen.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nav.smartscreen.microsoft.com

IN A
DNS

nav.smartscreen.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nav.smartscreen.microsoft.com

IN A
DNS

nav.smartscreen.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nav.smartscreen.microsoft.com

IN A
GET

https://gofile.io/d/OgdM4f

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /d/OgdM4f HTTP/2.0
host: gofile.io
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:23 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"1cfa-19389589822"
x-robots-tag: all
content-encoding: gzip
GET

https://gofile.io/dist/css/output.css

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /dist/css/output.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:25 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Mon, 27 Jan 2025 00:42:52 GMT
etag: W/"106b8-194a5361328"
x-robots-tag: all
content-encoding: gzip
GET

https://gofile.io/plugins/fontawesome/css/all.min.css

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /plugins/fontawesome/css/all.min.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:25 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"17906-19389589822"
x-robots-tag: all
content-encoding: gzip
GET

https://gofile.io/dist/js/global.js

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/global.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:25 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Mon, 27 Jan 2025 00:42:52 GMT
etag: W/"56e56-194a5361328"
x-robots-tag: all
content-encoding: gzip
GET

https://gofile.io/dist/js/framework.js

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/framework.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:25 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Thu, 09 Jan 2025 18:54:31 GMT
etag: W/"21b1-1944c6b0b38"
x-robots-tag: all
content-encoding: gzip
GET

https://gofile.io/dist/js/blockies.min.js

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /dist/js/blockies.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:25 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"55a-1938958981e"
x-robots-tag: all
content-encoding: gzip
GET

https://gofile.io/dist/img/logo-small-70.png

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /dist/img/logo-small-70.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:26 GMT
content-type: image/png
content-length: 2367
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"93f-1938958981e"
x-robots-tag: all
GET

https://gofile.io/plugins/fontawesome/webfonts/fa-solid-900.woff2

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /plugins/fontawesome/webfonts/fa-solid-900.woff2 HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://gofile.io
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:26 GMT
content-type: font/woff2
content-length: 157192
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:25 GMT
etag: W/"26608-1938958982a"
x-robots-tag: all
GET

https://gofile.io/plugins/fontawesome/webfonts/fa-brands-400.woff2

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /plugins/fontawesome/webfonts/fa-brands-400.woff2 HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://gofile.io
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:26 GMT
content-type: font/woff2
content-length: 118072
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"1cd38-19389589822"
x-robots-tag: all
GET

https://gofile.io/dist/img/favicon32.png

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /dist/img/favicon32.png HTTP/2.0
host: gofile.io
pragma: no-cache
cache-control: no-cache
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:26 GMT
content-type: image/png
content-length: 903
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Mon, 02 Dec 2024 21:48:24 GMT
etag: W/"387-1938958981e"
x-robots-tag: all
GET

https://gofile.io/contents/filemanager.html

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /contents/filemanager.html HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=T3aNTJbL3w8cobI9960nvTcQXormDGi4

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:43 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Mon, 27 Jan 2025 00:42:52 GMT
etag: W/"4aef-194a5361328"
x-robots-tag: all
content-encoding: gzip
DNS

4.4.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.4.8.8.in-addr.arpa

IN PTR

Response

4.4.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

126.123.112.45.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.123.112.45.in-addr.arpa

IN PTR

Response
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

msedge.exe

Remote address:

13.87.96.169:443

Request

POST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiWHN5eEgzNEV0aFk9Iiwia2V5IjoiWEZ3SDE3THg5Z2lPK3hyNjJHZVd4Zz09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 1374
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Date: Fri, 31 Jan 2025 03:07:25 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 811
Connection: keep-alive
Server: Kestrel
Cache-Control: max-age=0, private
Request-Context: appId=cid-v1:7f05e9f0-1fe6-401c-8ae7-2478e40e2f1e
DNS

169.96.87.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.96.87.13.in-addr.arpa

IN PTR

Response
DNS

169.96.87.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.96.87.13.in-addr.arpa

IN PTR
DNS

169.96.87.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.96.87.13.in-addr.arpa

IN PTR
DNS

s.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

s.gofile.io

IN A
DNS

s.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

s.gofile.io

IN A
DNS

s.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

s.gofile.io

IN A
DNS

s.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

s.gofile.io

IN A
DNS

s.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

s.gofile.io

IN A
DNS

api.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

api.gofile.io

IN A

Response

api.gofile.io

IN A

45.112.123.126
POST

https://api.gofile.io/accounts

msedge.exe

Remote address:

45.112.123.126:443

Request

POST /accounts HTTP/2.0
host: api.gofile.io
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:27 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"b2-7fBxgr8jMTYgHMYpPRh9zL8abz8"
x-robots-tag: noindex, nofollow
content-encoding: gzip
OPTIONS

https://api.gofile.io/accounts/website

msedge.exe

Remote address:

45.112.123.126:443

Request

OPTIONS /accounts/website HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:34 GMT
content-type: text/html; charset=utf-8
content-length: 8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
x-robots-tag: noindex, nofollow
GET

https://api.gofile.io/accounts/website

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /accounts/website HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
sec-ch-ua-mobile: ?0
authorization: Bearer T3aNTJbL3w8cobI9960nvTcQXormDGi4
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:34 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"144-1rl/PZ6/Mw7H+ohToTBqF/6GCis"
x-robots-tag: noindex, nofollow
content-encoding: gzip
OPTIONS

https://api.gofile.io/contents/OgdM4f?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1

msedge.exe

Remote address:

45.112.123.126:443

Request

OPTIONS /contents/OgdM4f?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1 HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:43 GMT
content-type: text/html; charset=utf-8
content-length: 8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
x-robots-tag: noindex, nofollow
GET

https://api.gofile.io/contents/OgdM4f?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1

msedge.exe

Remote address:

45.112.123.126:443

Request

GET /contents/OgdM4f?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1 HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
sec-ch-ua-mobile: ?0
authorization: Bearer T3aNTJbL3w8cobI9960nvTcQXormDGi4
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.27.1
date: Fri, 31 Jan 2025 03:07:43 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"36a-eTjnaNhHSVhH5tcD+ky4vg8/7kA"
x-robots-tag: noindex, nofollow
content-encoding: gzip
DNS

200.163.202.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.163.202.172.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

13.153.16.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.153.16.2.in-addr.arpa

IN PTR

Response

13.153.16.2.in-addr.arpa

IN PTR

a2-16-153-13deploystaticakamaitechnologiescom
DNS

25.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.73.42.20.in-addr.arpa

IN PTR

Response

51.11.108.188:443

nav.smartscreen.microsoft.com

msedge.exe

260 B
5
51.11.108.188:443

nav.smartscreen.microsoft.com

msedge.exe

260 B
5
51.11.108.188:443

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

tls, http

msedge.exe

10.9kB
10.7kB
29
18

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

HTTP Response

200
45.112.123.126:443

gofile.io

tls, http2

msedge.exe

3.7kB
5.0kB
22
17
45.112.123.126:443

gofile.io

tls, http2

msedge.exe

3.4kB
4.8kB
17
13
45.112.123.126:443

https://gofile.io/contents/filemanager.html

tls, http2

msedge.exe

15.1kB
435.8kB
216
337

HTTP Request

GET https://gofile.io/d/OgdM4f

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/output.css

HTTP Request

GET https://gofile.io/plugins/fontawesome/css/all.min.css

HTTP Request

GET https://gofile.io/dist/js/global.js

HTTP Request

GET https://gofile.io/dist/js/framework.js

HTTP Request

GET https://gofile.io/dist/js/blockies.min.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/logo-small-70.png

HTTP Request

GET https://gofile.io/plugins/fontawesome/webfonts/fa-solid-900.woff2

HTTP Request

GET https://gofile.io/plugins/fontawesome/webfonts/fa-brands-400.woff2

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon32.png

HTTP Response

200

HTTP Request

GET https://gofile.io/contents/filemanager.html

HTTP Response

200
13.87.96.169:443

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

tls, http

msedge.exe

3.7kB
18.1kB
23
21

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

HTTP Response

200
45.112.123.126:443

https://api.gofile.io/contents/OgdM4f?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1

tls, http2

msedge.exe

5.2kB
13.2kB
33
28

HTTP Request

POST https://api.gofile.io/accounts

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/accounts/website

HTTP Response

200

HTTP Request

GET https://api.gofile.io/accounts/website

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/contents/OgdM4f?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1

HTTP Response

200

HTTP Request

GET https://api.gofile.io/contents/OgdM4f?wt=4fd6sg89d7s6&contentFilter=&page=1&pageSize=1000&sortField=name&sortDirection=1

HTTP Response

200

8.8.8.8:53

gofile.io

dns

msedge.exe

275 B
5

DNS Request

gofile.io

DNS Request

gofile.io

DNS Request

gofile.io

DNS Request

gofile.io

DNS Request

gofile.io
8.8.8.8:53

nav.smartscreen.microsoft.com

dns

msedge.exe

75 B
191 B
1
1

DNS Request

nav.smartscreen.microsoft.com

DNS Response

51.11.108.188
224.0.0.251:5353

580 B
9
8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

216 B
158 B
3
1

DNS Request

17.160.190.20.in-addr.arpa

DNS Request

17.160.190.20.in-addr.arpa

DNS Request

17.160.190.20.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

370 B
128 B
5
1

DNS Request

172.214.232.199.in-addr.arpa

DNS Request

172.214.232.199.in-addr.arpa

DNS Request

172.214.232.199.in-addr.arpa

DNS Request

172.214.232.199.in-addr.arpa

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

google.com

dns

msedge.exe

56 B
1

DNS Request

google.com
8.8.8.8:53

google.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

216.58.201.110
8.8.4.4:53

google.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

216.58.201.110
8.8.8.8:53

gofile.io

dns

msedge.exe

55 B
71 B
1
1

DNS Request

gofile.io

DNS Response

45.112.123.126
8.8.8.8:53

nav.smartscreen.microsoft.com

dns

msedge.exe

300 B
192 B
4
1

DNS Request

nav.smartscreen.microsoft.com

DNS Request

nav.smartscreen.microsoft.com

DNS Request

nav.smartscreen.microsoft.com

DNS Request

nav.smartscreen.microsoft.com

DNS Response

13.87.96.169
8.8.8.8:53

4.4.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

4.4.8.8.in-addr.arpa
8.8.8.8:53

126.123.112.45.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

126.123.112.45.in-addr.arpa
8.8.8.8:53

169.96.87.13.in-addr.arpa

dns

213 B
145 B
3
1

DNS Request

169.96.87.13.in-addr.arpa

DNS Request

169.96.87.13.in-addr.arpa

DNS Request

169.96.87.13.in-addr.arpa
8.8.8.8:53

s.gofile.io

dns

msedge.exe

285 B
5

DNS Request

s.gofile.io

DNS Request

s.gofile.io

DNS Request

s.gofile.io

DNS Request

s.gofile.io

DNS Request

s.gofile.io
8.8.8.8:53

api.gofile.io

dns

msedge.exe

59 B
75 B
1
1

DNS Request

api.gofile.io

DNS Response

45.112.123.126
8.8.8.8:53

200.163.202.172.in-addr.arpa

dns

74 B
160 B
1
1

DNS Request

200.163.202.172.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

13.153.16.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

13.153.16.2.in-addr.arpa
8.8.8.8:53

25.73.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

25.73.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ec94745cd72f974e0497aa41415bad9b

SHA1
d21ff8668515f2a51aa6a746b3fa15336fc62b5a

SHA256
af45c7c9220e3798ec9208de192ca021515dfba1be3caa38836c6d6d5d3d75b5

SHA512
7ecc68f20c8cb104aacdcb02ed78225d55ac97fe617acac03a4da1650e0066993660cfc9d9d164a71f4e4713f11754c1006c7a43d3462bd41b9f3775a7dc65ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
17b998629af6fe0ecbc748c04e327a5a

SHA1
46a201eb1edb8d767f4417c0cf2052002f093dd0

SHA256
49db79c30d5024a6ff463552a31af854531a15f0c41f50b836a983c0ac085397

SHA512
4ba6d06e9cc2993043960f66ad858087cfb6573b50bc69579e52f10681eae0c98de856023471514ca16aeb782a172cb2b2856dab0131de59c70d5835fd13040c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
248B

MD5
521dcecec1b9ea5f087d0cf3bb08aff3

SHA1
13d79f96808cb8ecd6f092208d84d37a7f61db7c

SHA256
3bfa380dcb731a603fa52ef1768ec146b07f2f7ec1f8ff39a1e95a235caa7caf

SHA512
97f0d5b03f993f8d946765eff0a2a63c0752313e702ac58c7054f4cde5f89c0044d1023043a0bb471cafe2f2825179db188cb54c7808063ff4479c481d5dac39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
765221ac2e48bc7a356190e7cc9760c5

SHA1
9aef7ea07c520f974a4192bcc73d95476f6a7abd

SHA256
c189757a5493b247c7dde15785febd97bdd4b362ab4f0758b3c4f9cf414cb652

SHA512
6bd7eaf1a3cee2bdc79c0541d53be444828f33e26cc0110913f266b86b99eeb3ef167e9ca6874e6f17411041bcc1075e0825fac96f7a8375e596e2682ac20bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a04e6c68f7d517104d3985982cf09175

SHA1
a3d119cffc7dced65e36b0f36772173cbe5d7fba

SHA256
7fae9d47d16b77a026b5830ea8dceb9d0fc253775c260e14e7ea644be87ce6b9

SHA512
cbceba260b0b1b3fc6de8690fba963abffafa6ac23a5f36c6952eeb1e188cf7b108e28ddcfe017252a2ac12150cea43a26fdc4f0dab220b1fae5323b4b695c87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c25a258ad0ceadcd0e338d995e2a9be5

SHA1
0f25d9b626299265324a39dd967ceaf1fa86b04c

SHA256
6b7e2aedd1d0908a29f9d31f870a3f9b2c92ab661e964675b2259df8087d2513

SHA512
66fa2704c4d7147a52df42d43db6a81eaf62a3d83efb8281868655ed3e70b11d08a73ca12173a43edf8e6a5d8195b0dc2b0c85d58fde301e01bcea1c1b512ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a1ffeb2302e8044fdaaabf36916d0801

SHA1
7f3f9a2aa3551b61179847786971cd882477f539

SHA256
15098702f410bf6ed7b238db38d1d3cafb14274779ddbf40843de9ba40666e19

SHA512
ec6a4ec858c52f668f8a93d2d0113a9dc05638d24cc924e30ad429cbfd25a0ac9361af9de9c4108d5ca9dfe60acc94e156ddc0752b5035b6168067f4e1bd8ac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58148d.TMP

Filesize
370B

MD5
d0a5ee7cbf3715d4e11ead0ccd074b25

SHA1
00e8a8767f897394cf539eab0d4f8d12b8d38372

SHA256
6448f21648492a48b6f6835abe34c1a0dc7bb48e4426d60af5e2f0fd0620fa3c

SHA512
ffe43c555f0ee71578c9f5212166cd1f2d715844e3991b881d5b401ac5cd1dd7e4a832a4726931168af681be678c97842c54e5dc8a7353bdb6ad2a89bbf9ce02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
8d92eadd14612a64741092a559bf83d0

SHA1
6e4ae21a1a07668f065cea8712956d1785027455

SHA256
3c764f2ae1670e77b94bde7b8e9d4a5aee1be956fe6433db711e092332ce6b43

SHA512
6c7348be9858f151320ffd67ed009f15059f86ae009affa9392587c1e820f169e94864eb2299a0f9ec4a0c48d6b3a94ed86390a492b545b46237d68aa6ba34a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
5KB

MD5
4d530e469557237d6eefbc2562b13101

SHA1
8ba3673955feb631ce177df0fd0d4ed95fa64544

SHA256
42a30effaed82059b8f16eeb3363e638dbee56d4cd864819a77fd49899bf8a1e

SHA512
1366663b8a7caee7e0ea8a1bff5efa1af9ace1c75179d6a3dd8d5e509e39d3d939492cd487a3e23298118a999d18e51a071489f5a7abe33a9a5832d242e10573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
25083afced9c5de14df96e512f702ef9

SHA1
6dda6a43339cdc9ada862dafe267f5d854bb9115

SHA256
688a870a2881942d2d2ccb211645cc50a57651ea000d3d3ac31a8e1cd078b018

SHA512
5483e1f8b8e0eb477a903723eaacedf6b33c75b9135a2f05446e636c1b2943983881b10b02d564470f7872ec718c8b9325663c4709b43e5bfad005cc6998ea65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
7d06a23ca3db557a266f61f72ee3b669

SHA1
dc627c96323dbb7328cfe931734eab69db1a8f01

SHA256
10a5f62c3ab26a641365099b7c8139742dd214810b1c7c52fec31ddf5deab8eb

SHA512
50495cb03479f897e52d2357457f4f5bb6f70354e106eb16ae1e06534f869230179c9aa1af1eb1c9832c887d726ed302e47f1db2e22cda7dc7037424c2c20fe9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request