Edit tour

Windows Analysis Report
http://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva

Overview

General Information

Sample URL:	http://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva
Analysis ID:	1592347
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2332,i,2636424786149384070,13294196481122330184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:27:57 GMTContent-Length: 4288Content-Security-Policy: object-src 'none'; base-uri 'self'; default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'X-Frame-Options: SAMEORIGINVary: Accept-EncodingContent-Language: enX-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originCache-Control: public, max-age=31536000X-XSS-Protection: 1; mode=blockPermissions-Policy: fullscreen=(self)Connection: closeContent-Type: text/html; charset=utf-8

Source: chromecache_65.2.dr	String found in binary or memory: https://alphatrade-options.com/git/rand/favicon.png
Source: chromecache_65.2.dr	String found in binary or memory: https://code.jquery.com/jquery-2.2.4.min.js
Source: chromecache_65.2.dr	String found in binary or memory: https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/
Source: chromecache_65.2.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=
Source: chromecache_65.2.dr	String found in binary or memory: https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55500
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: classification engine

Classification label: mal52.phis.win@18/16@19/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2332,i,2636424786149384070,13294196481122330184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2332,i,2636424786149384070,13294196481122330184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label	Link
https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/	0%	Avira URL Cloud	safe
https://alphatrade-options.com/git/rand/favicon.png	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
code.jquery.com	151.101.194.137	true	false	high
www.google.com	142.250.185.100	true	false	high
fac.corp.fortinet.com	208.91.114.103	true	false	unknown
d28h3jm4r3crf8.cloudfront.net	65.9.66.52	true	false	unknown
ipfs.io	209.94.90.1	true	false	high
alphatrade-options.com	unknown	unknown	false	high
ik.imagekit.io	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-2.2.4.min.js	false		high
https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/	false	Avira URL Cloud: safe	unknown
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://alphatrade-options.com/git/rand/favicon.png	chromecache_65.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
151.101.130.137	unknown	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
65.9.66.52	d28h3jm4r3crf8.cloudfront.net	United States	16509	AMAZON-02US	false
208.91.114.103	fac.corp.fortinet.com	United States	40934	FORTINETUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
209.94.90.1	ipfs.io	United States	40680	PROTOCOLUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1592347
Start date and time:	2025-01-16 01:26:55 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@18/16@19/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 216.58.206.78, 74.125.133.84, 142.250.184.206, 142.250.185.238, 142.250.186.78, 172.217.23.106, 172.217.16.202, 142.250.185.106, 142.250.185.234, 142.250.184.202, 142.250.185.74, 142.250.185.138, 216.58.206.74, 142.250.186.138, 142.250.181.234, 142.250.186.106, 142.250.186.170, 216.58.206.42, 172.217.18.10, 142.250.184.234, 142.250.186.42, 199.232.214.172, 2.23.77.188, 142.250.185.206, 142.251.40.110, 74.125.0.102, 142.250.185.142, 142.250.184.227, 2.23.242.162, 13.107.246.45, 52.149.20.212, 172.202.163.200
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, r1.sn-t0aekn7e.gvt1.com, clients.l.google.com, r1---sn-t0aekn7e.gvt1.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva

Input	Output
URL: http://ipfs.io Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false, "reasoning": "This is the legitimate domain for the InterPlanetary File System (IPFS). The .io TLD is commonly used for technology services and is the official domain for IPFS." }
URL: http://ipfs.io
URL: https://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This is a very important security measure. To protect your email account. Your account may be restricted until you can verify your identity.", "prominent_button_name": "Log in", "text_input_field_labels": [ "Email:", "Password:" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To protect your email account. Your account may be restricted until you can verify your identity.", "prominent_button_name": "Log in", "text_input_field_labels": [ "Email:", "Password:" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:27:50 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9786516758572894
Encrypted:	false
SSDEEP:	48:8id3Tv99yH/idAKZdA19ehwiZUklqeh9y+3:8ep92ey
MD5:	37198739964EB71A130045F76B5CE059
SHA1:	5B0E25AB195E074295F685794636287CCB86713E
SHA-256:	9F90D948D3A6D0F90EF7B67F2D11EC98B586B9578BB97A51B7BD57B721E3FC2D
SHA-512:	D99D4D290DCE2E4319A05F93F3F5B5B4A14F3C1F0DC9E4D3CB1FBA6D22D4D2D553A6CEBAB1CFDB3E87D4048BDB5982243CD56B1C491D09DA95099891BB1CBA0A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Nt.y.g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I0Zw.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Zw.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0Zw.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0Zw............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Zz............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............6v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:27:50 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.993916533390109
Encrypted:	false
SSDEEP:	48:88d3Tv99yH/idAKZdA1weh/iZUkAQkqehOy+2:8Mp9U9Qry
MD5:	4B849A9C9EDFFB3F1270CF8128F0C751
SHA1:	905A677BA2F7E7E2436E2C28567277AF3759C45C
SHA-256:	73A425B055D861D09837C82C47751702863FC1544B1B1945CB1D5BCDA1DB0794
SHA-512:	B61953E18661DBDA4B95C3488573D9587804406732458D202A31782141D1D2CBC64BB1DA33BDDD96C255C71A0EDBE39FEBA2E1363DF18AA8E62ED1E9725B1235
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....l&.y.g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I0Zw.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Zw.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0Zw.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0Zw............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Zz............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............6v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.006384381708451
Encrypted:	false
SSDEEP:	48:8xMd3Tv99sH/idAKZdA14tseh7sFiZUkmgqeh7ssy+BX:8x8p9qnKy
MD5:	40580C0FD4956E6EFBFBE5C24194B426
SHA1:	621B461F526BED4C7D051E2E29E55275A0FD4A4C
SHA-256:	29F8271C21777EC908A23F82FFA6FE305EAC3AC7D66450FB855104025219CC8F
SHA-512:	D39784C2CE5522E0A7E96FEABE2B096AFB46DA265727214786AF3EC9D992E0D7B48AB84FF1A9611BB822F4D411BE63E22621E9C974B8ED1E58212F8D4BD4D355
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I0Zw.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Zw.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0Zw.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0Zw............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............6v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:27:50 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9960231257514467
Encrypted:	false
SSDEEP:	48:8sd3Tv99yH/idAKZdA1vehDiZUkwqehiy+R:8cp9/ky
MD5:	52BAB87BC699A68C2270D870E437EC6E
SHA1:	5368EC7BB0F8EBB4FDEF7A24BAC3087C1DB16078
SHA-256:	C0D5D00C8AEDF2E597CA3C2D401EB81C8665D5D9C826ACB6B1BEC937B0EF5B5D
SHA-512:	EDCEA1A5DCA3942F529D63BD31AF9CD675C7B8719FDB8A018422A6ABE1B70CA9019147CC05F7F3CF0DE9303DF19AED77140E56CB584A6CA7F4ADA5DC246EC3EA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......y.g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I0Zw.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Zw.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0Zw.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0Zw............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Zz............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............6v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:27:50 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.981383324798285
Encrypted:	false
SSDEEP:	48:8bd3Tv99yH/idAKZdA1hehBiZUk1W1qehYy+C:8pp9/94y
MD5:	5488E170E1BB4F98632789606799A252
SHA1:	6648BC15A4450B98914E13D4899A05C816BE45FE
SHA-256:	48C789966A664210CE9FD256332B8E01535936279BC7E5511D706A27D92BDE65
SHA-512:	D352283DF571447E39C9C2DA224724D8B7BEF1E0698430988964F1ADEACC6A7A04054320961B46B37B799C29E9A9320DC0CFD1E52C0BADDD7CAB18DCE5BB6B12
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....CM.y.g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I0Zw.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Zw.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0Zw.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0Zw............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Zz............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............6v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:27:50 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.994164162712615
Encrypted:	false
SSDEEP:	48:8ld3Tv99yH/idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbKy+yT+:8Pp93T/TbxWOvTbKy7T
MD5:	C4953A5C4928E0608B52A4C92CFD6FCD
SHA1:	FD240DC2F5CE4E1B0ECF73F6FB305A2C545189E1
SHA-256:	C39E86AA9273DA2ECDB95F4278B428F65E6A0017B38E48C8E46E4F32E26C618E
SHA-512:	A0DDEBD9DCE21E14F2AEDA589C4F4A900122D502AA647D02471A9D98275C9778D22DEC3918ACEF9C208D3E45CDBCABD5DFEF962CE2793729827A2E908E757503
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....u.y.g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I0Zw.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Zw.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0Zw.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0Zw............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Zz............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............6v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	dropped
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (52134), with CRLF line terminators
Category:	downloaded
Size (bytes):	159340
Entropy (8bit):	5.157103019944494
Encrypted:	false
SSDEEP:	3072:98ygto9fDFVxwupNW2kJRCsZE6JtX6diUB9TNDyI6s:rgy9fDFVxwwN7kJRCsZE6JtX6diMTNWY
MD5:	93FDB3B330DC828CE166D335B73D2B58
SHA1:	350778D5B8075E65345F59DA07A6C2437DDD9AB2
SHA-256:	861676BBDDE3AB1FE9E848914EEA947272FD574D07AFAB6FA2E82E1A07AF29A8
SHA-512:	0E7D01814727CE01E9C8C73BC7E9230BF5C89658E6515EB55F0F3C6A4518284362023529954F29E5941736BDD7A688C3D34682D335F96469462899395070D415
Malicious:	false
Reputation:	low
URL:	https://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva
Preview:	<!DOCTYPE html>..<html lang="en">.. "ozmaqo0gyduxo9cb9c1yu3sv8t3xh6kqi3367gurxytp1uft4yivz9ry508x9nt50gsidfmigm4vx2v8qrdbptw90aj1hxnjewyra7aqqjb8bo2p8kv08obd31wytkbuzwnpx18whgq"-->..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta http-equiv="X-UA-Compatible" content="ie=edge">.. <meta name="referrer" content="strict-origin">.. <link id="favicon" rel="shortcut icon" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png">.... <script src="https://code.jquery.com/jquery-2.2.4.min.js".. integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" crossorigin="anonymous"></script>.. <title>Webmail</title>.. <script nonce="">.. // Ensure that parent window and opener reload if a page is redirected to login.. if (top.location != window.location) {.. top.location.reload();.. }.. if (window.opener && window.opener.top.location != windo

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-2.2.4.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.452819531114783
Encrypted:	false
SSDEEP:	3:HrRL:1L
MD5:	1E864FBFC865DB4414C7938AF8717484
SHA1:	F8BF8AC081AEC1C65D319CA5F7011A563DBA68BB
SHA-256:	DD41A8261FB62B1852F6937368C64238FF2FEEFD0CB07567EB74A29004DA344A
SHA-512:	824D5EBC56C9E9DBC7B10BBC33D45BEE0640DEE1D3F16888ADD60E8F6B3BA62F961B0519ECEDFC7294A2B74B293728C24BD8B6EFD7D925509A2A6F770F26471A
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmOrPg53DWYGBIFDYbYYl4=?alt=proto
Preview:	CgkKBw2G2GJeGgA=

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	downloaded
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
URL:	https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 16, 2025 01:27:43.510763884 CET	49674	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:27:43.510785103 CET	49675	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:27:43.604450941 CET	49673	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:27:53.112464905 CET	49674	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:27:53.112468958 CET	49675	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:27:53.206227064 CET	49673	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:27:53.434914112 CET	49711	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:27:53.435009003 CET	443	49711	142.250.185.100	192.168.2.5
Jan 16, 2025 01:27:53.435087919 CET	49711	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:27:53.435339928 CET	49711	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:27:53.435363054 CET	443	49711	142.250.185.100	192.168.2.5
Jan 16, 2025 01:27:54.071866035 CET	443	49711	142.250.185.100	192.168.2.5
Jan 16, 2025 01:27:54.072176933 CET	49711	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:27:54.072202921 CET	443	49711	142.250.185.100	192.168.2.5
Jan 16, 2025 01:27:54.073870897 CET	443	49711	142.250.185.100	192.168.2.5
Jan 16, 2025 01:27:54.073942900 CET	49711	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:27:54.074979067 CET	49711	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:27:54.075067997 CET	443	49711	142.250.185.100	192.168.2.5
Jan 16, 2025 01:27:54.127912045 CET	49711	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:27:54.127934933 CET	443	49711	142.250.185.100	192.168.2.5
Jan 16, 2025 01:27:54.174736023 CET	49711	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:27:54.877469063 CET	443	49703	23.1.237.91	192.168.2.5
Jan 16, 2025 01:27:54.877568007 CET	49703	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:27:55.296680927 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.296727896 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.296792984 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.297028065 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.297045946 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.755414009 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.755724907 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.755738020 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.756913900 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.756973982 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.761601925 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.761672974 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.761791945 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.761799097 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.815407991 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.897772074 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.897912025 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.897975922 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.897983074 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.898051023 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.898109913 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.898113966 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.898178101 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.898216963 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.898221016 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.898298979 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.898335934 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.898339987 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.898513079 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.898725033 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.898730040 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.944243908 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.944252014 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.959693909 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:55.959727049 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:55.959960938 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:55.960896969 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:55.960907936 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:55.981374025 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:55.981419086 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:55.981529951 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:55.981712103 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:55.981720924 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:55.984107971 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.984183073 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.984237909 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.984311104 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.984313011 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.984313011 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.984319925 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.984441042 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.984539986 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.984546900 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.984617949 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.984997988 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.985138893 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.985207081 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.985239983 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.985245943 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.985327959 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.985366106 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.985372066 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.985488892 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.985953093 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.986083031 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.986150026 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.986251116 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.986308098 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.986308098 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.986314058 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.987109900 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.987157106 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.987168074 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.987236023 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.987284899 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.987294912 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.987883091 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:55.988440037 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:55.988445997 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.035613060 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.070816040 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.070868969 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.070929050 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.070960045 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.070987940 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.070997000 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.071000099 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.071017981 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.071074009 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.071341038 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.071391106 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.071404934 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.071413040 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.071432114 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.071441889 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.071495056 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.071500063 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.071559906 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.071707010 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.071793079 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.072105885 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.072278023 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.072294950 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.072299957 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.072341919 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.072357893 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.072427988 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.072441101 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.072446108 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.072474957 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.072856903 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.072937012 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.072943926 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.072947025 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.072992086 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.073074102 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.073168039 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.073175907 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.073179960 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.073247910 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.073292971 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.073292971 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.073297977 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.073340893 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.157785892 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.157862902 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.157897949 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.158020020 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.158036947 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.158061981 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.158087969 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.158102989 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.158144951 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.158196926 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.158196926 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.158204079 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.158612967 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.158751965 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.158785105 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.158790112 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.158838987 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.158854961 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.158921003 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.158925056 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.158968925 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.158972979 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.159002066 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.159024000 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.159106970 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.159164906 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.159169912 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.159205914 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.159238100 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.159244061 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.159292936 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.159298897 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.159362078 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.159367085 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.159409046 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.159425974 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.159603119 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.159679890 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.159769058 CET	49713	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:27:56.159784079 CET	443	49713	209.94.90.1	192.168.2.5
Jan 16, 2025 01:27:56.294476032 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:27:56.294531107 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:56.294610023 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:27:56.295094967 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:27:56.295114994 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:56.444576025 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.444951057 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.444994926 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.446024895 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.446104050 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.447307110 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.447400093 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.447515011 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.447531939 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.500947952 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.545803070 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.561963081 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.561971903 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.562009096 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.562028885 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.562036991 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.562057972 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.562133074 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.562172890 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.562201977 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.628084898 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.628413916 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.628437042 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.629662037 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.629729986 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.630858898 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.630923986 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.631139040 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.631145954 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.637192011 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.637217045 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.637274027 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.637295008 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.637310982 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.637334108 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.638602972 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.638621092 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.638694048 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.638704062 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.638874054 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.674117088 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.727456093 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.727519035 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.727569103 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.727631092 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.727663994 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.727688074 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.728537083 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.728580952 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.728634119 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.728647947 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.728674889 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.728682995 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.728703976 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.728725910 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.728734016 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.728907108 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.729101896 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.729232073 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.729265928 CET	443	49715	151.101.194.137	192.168.2.5
Jan 16, 2025 01:27:56.729288101 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.729594946 CET	49715	443	192.168.2.5	151.101.194.137
Jan 16, 2025 01:27:56.743402958 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:56.743441105 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:56.743582964 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:56.743968010 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:56.743982077 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:56.900775909 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.900844097 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.900865078 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.900904894 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.900923967 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.900948048 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.900955915 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.900971889 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.900998116 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.981252909 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.981329918 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.981369019 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.981395960 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.981426001 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.981443882 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.987107992 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.987162113 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.987196922 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.987205982 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:56.987241983 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.987262964 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:56.994872093 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:57.030513048 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:57.030596972 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:57.030684948 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:57.030685902 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:57.048548937 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:27:57.192172050 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.201988935 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:27:57.202063084 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:57.205957890 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:57.205996037 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:57.206068039 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:27:57.233963966 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.284162998 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.284188032 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.285396099 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.285476923 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.328177929 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.328314066 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.330037117 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:27:57.330149889 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.330167055 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.330383062 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:57.330425978 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:27:57.371377945 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:57.379549026 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:27:57.379573107 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:57.379618883 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.389333010 CET	49716	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:57.389358044 CET	443	49716	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:57.428872108 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:27:57.432830095 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.438869953 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.438878059 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.438942909 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.438966036 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.438977003 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.438985109 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.438998938 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.439014912 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.439018965 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.439050913 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.456023932 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:57.456037045 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:57.456089020 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:57.456330061 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:57.456337929 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:57.491519928 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.521174908 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.521187067 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.521281004 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.521291018 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.521300077 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.521311045 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.521320105 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.521334887 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.521419048 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.524226904 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:57.524266958 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:57.524333000 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:57.524408102 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:27:57.527090073 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:27:57.527101040 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:27:57.605165005 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.605175972 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.605205059 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.605211973 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.605230093 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.605237007 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.605387926 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.605387926 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.606460094 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.606476068 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.606524944 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.606528997 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.606551886 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.606570959 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.608616114 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.608629942 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.608656883 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.608731031 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:57.608778000 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.608778000 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.608778000 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.609607935 CET	49718	443	192.168.2.5	151.101.130.137
Jan 16, 2025 01:27:57.609621048 CET	443	49718	151.101.130.137	192.168.2.5
Jan 16, 2025 01:27:58.095475912 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.095762014 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.095825911 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.097510099 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.097587109 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.098303080 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.098403931 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.098469973 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.098496914 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.143600941 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.375916958 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.375955105 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.375967026 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.375989914 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.376005888 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.376029015 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.376060009 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.376075029 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.376075029 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.376094103 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.457798004 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.457834005 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.457873106 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.457886934 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.457918882 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.464389086 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.464412928 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.464447021 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.464453936 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.464483976 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.508533955 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.508632898 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:27:58.508631945 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.508686066 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.509166002 CET	49721	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:27:58.509193897 CET	443	49721	65.9.66.52	192.168.2.5
Jan 16, 2025 01:28:04.003350019 CET	443	49711	142.250.185.100	192.168.2.5
Jan 16, 2025 01:28:04.003499985 CET	443	49711	142.250.185.100	192.168.2.5
Jan 16, 2025 01:28:04.003561020 CET	49711	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:28:04.051526070 CET	49711	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:28:04.051547050 CET	443	49711	142.250.185.100	192.168.2.5
Jan 16, 2025 01:28:11.792237997 CET	55280	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:28:11.798377037 CET	53	55280	1.1.1.1	192.168.2.5
Jan 16, 2025 01:28:11.798443079 CET	55280	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:28:11.798516035 CET	55280	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:28:11.804610014 CET	53	55280	1.1.1.1	192.168.2.5
Jan 16, 2025 01:28:12.262126923 CET	53	55280	1.1.1.1	192.168.2.5
Jan 16, 2025 01:28:12.262934923 CET	55280	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:28:12.267966032 CET	53	55280	1.1.1.1	192.168.2.5
Jan 16, 2025 01:28:12.268079042 CET	55280	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:28:53.488924026 CET	55500	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:28:53.488974094 CET	443	55500	142.250.185.100	192.168.2.5
Jan 16, 2025 01:28:53.489041090 CET	55500	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:28:53.489437103 CET	55500	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:28:53.489456892 CET	443	55500	142.250.185.100	192.168.2.5
Jan 16, 2025 01:28:54.137986898 CET	443	55500	142.250.185.100	192.168.2.5
Jan 16, 2025 01:28:54.138345003 CET	55500	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:28:54.138365984 CET	443	55500	142.250.185.100	192.168.2.5
Jan 16, 2025 01:28:54.138824940 CET	443	55500	142.250.185.100	192.168.2.5
Jan 16, 2025 01:28:54.139106035 CET	55500	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:28:54.139180899 CET	443	55500	142.250.185.100	192.168.2.5
Jan 16, 2025 01:28:54.189707041 CET	55500	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:29:04.069709063 CET	443	55500	142.250.185.100	192.168.2.5
Jan 16, 2025 01:29:04.069794893 CET	443	55500	142.250.185.100	192.168.2.5
Jan 16, 2025 01:29:04.069880962 CET	55500	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:29:06.052860975 CET	55500	443	192.168.2.5	142.250.185.100
Jan 16, 2025 01:29:06.052870989 CET	443	55500	142.250.185.100	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 16, 2025 01:27:49.676598072 CET	53	58010	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:49.678150892 CET	53	54455	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:50.709626913 CET	53	61688	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:53.426546097 CET	49351	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:53.426892042 CET	61761	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:53.433931112 CET	53	61761	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:53.433970928 CET	53	49351	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:55.269925117 CET	64556	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:55.270184994 CET	54470	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:55.276587009 CET	53	64556	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:55.279175043 CET	53	54470	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:55.289047956 CET	60698	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:55.289202929 CET	58025	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:55.295545101 CET	53	60698	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:55.296191931 CET	53	58025	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:55.945867062 CET	65488	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:55.946013927 CET	54745	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:55.952405930 CET	53	65488	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:55.952579021 CET	53	54745	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:55.970021963 CET	62808	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:55.970192909 CET	54916	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:55.970557928 CET	49832	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:55.970694065 CET	51764	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:55.977179050 CET	53	62808	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:55.980910063 CET	53	54916	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:56.290350914 CET	53	49832	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:56.291153908 CET	53	51764	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:56.735634089 CET	57311	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:56.735860109 CET	57400	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:56.742419958 CET	53	57311	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:56.742479086 CET	53	57400	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:56.849560022 CET	53	62519	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:57.432580948 CET	53928	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:57.432626009 CET	63691	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:57.444341898 CET	53	53928	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:57.455641985 CET	53	63691	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:57.560359955 CET	52108	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:57.560777903 CET	53431	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:57.569617987 CET	53	53431	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:57.724252939 CET	53	52108	1.1.1.1	192.168.2.5
Jan 16, 2025 01:27:57.725197077 CET	64493	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:27:57.732333899 CET	53	64493	1.1.1.1	192.168.2.5
Jan 16, 2025 01:28:07.745167017 CET	53	52971	1.1.1.1	192.168.2.5
Jan 16, 2025 01:28:11.791757107 CET	53	49383	1.1.1.1	192.168.2.5
Jan 16, 2025 01:28:49.404254913 CET	53	58459	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 16, 2025 01:27:53.426546097 CET	192.168.2.5	1.1.1.1	0xb04b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:53.426892042 CET	192.168.2.5	1.1.1.1	0x3d3f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 16, 2025 01:27:55.269925117 CET	192.168.2.5	1.1.1.1	0xbaa2	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.270184994 CET	192.168.2.5	1.1.1.1	0xabb2	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Jan 16, 2025 01:27:55.289047956 CET	192.168.2.5	1.1.1.1	0x1fcb	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.289202929 CET	192.168.2.5	1.1.1.1	0xea2b	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Jan 16, 2025 01:27:55.945867062 CET	192.168.2.5	1.1.1.1	0x3bfd	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.946013927 CET	192.168.2.5	1.1.1.1	0xda17	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Jan 16, 2025 01:27:55.970021963 CET	192.168.2.5	1.1.1.1	0x9f88	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.970192909 CET	192.168.2.5	1.1.1.1	0x5863	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Jan 16, 2025 01:27:55.970557928 CET	192.168.2.5	1.1.1.1	0xf1c2	Standard query (0)	fac.corp.fortinet.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.970694065 CET	192.168.2.5	1.1.1.1	0x455b	Standard query (0)	fac.corp.fortinet.com	65	IN (0x0001)	false
Jan 16, 2025 01:27:56.735634089 CET	192.168.2.5	1.1.1.1	0x21ef	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:56.735860109 CET	192.168.2.5	1.1.1.1	0x2c34	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Jan 16, 2025 01:27:57.432580948 CET	192.168.2.5	1.1.1.1	0x5625	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:57.432626009 CET	192.168.2.5	1.1.1.1	0x20ab	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Jan 16, 2025 01:27:57.560359955 CET	192.168.2.5	1.1.1.1	0xf1dd	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:57.560777903 CET	192.168.2.5	1.1.1.1	0xbc68	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Jan 16, 2025 01:27:57.725197077 CET	192.168.2.5	1.1.1.1	0x330d	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 16, 2025 01:27:53.433931112 CET	1.1.1.1	192.168.2.5	0x3d3f	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 16, 2025 01:27:53.433970928 CET	1.1.1.1	192.168.2.5	0xb04b	No error (0)	www.google.com		142.250.185.100	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.276587009 CET	1.1.1.1	192.168.2.5	0xbaa2	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.279175043 CET	1.1.1.1	192.168.2.5	0xabb2	No error (0)	ipfs.io			65	IN (0x0001)	false
Jan 16, 2025 01:27:55.295545101 CET	1.1.1.1	192.168.2.5	0x1fcb	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.296191931 CET	1.1.1.1	192.168.2.5	0xea2b	No error (0)	ipfs.io			65	IN (0x0001)	false
Jan 16, 2025 01:27:55.952405930 CET	1.1.1.1	192.168.2.5	0x3bfd	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.952405930 CET	1.1.1.1	192.168.2.5	0x3bfd	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.952405930 CET	1.1.1.1	192.168.2.5	0x3bfd	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.952405930 CET	1.1.1.1	192.168.2.5	0x3bfd	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.977179050 CET	1.1.1.1	192.168.2.5	0x9f88	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 01:27:55.977179050 CET	1.1.1.1	192.168.2.5	0x9f88	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.52	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.977179050 CET	1.1.1.1	192.168.2.5	0x9f88	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.41	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.977179050 CET	1.1.1.1	192.168.2.5	0x9f88	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.13	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.977179050 CET	1.1.1.1	192.168.2.5	0x9f88	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.107	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:55.980910063 CET	1.1.1.1	192.168.2.5	0x5863	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 01:27:56.290350914 CET	1.1.1.1	192.168.2.5	0xf1c2	No error (0)	fac.corp.fortinet.com		208.91.114.103	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:56.742419958 CET	1.1.1.1	192.168.2.5	0x21ef	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:56.742419958 CET	1.1.1.1	192.168.2.5	0x21ef	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:56.742419958 CET	1.1.1.1	192.168.2.5	0x21ef	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:56.742419958 CET	1.1.1.1	192.168.2.5	0x21ef	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:57.444341898 CET	1.1.1.1	192.168.2.5	0x5625	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 01:27:57.444341898 CET	1.1.1.1	192.168.2.5	0x5625	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.52	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:57.444341898 CET	1.1.1.1	192.168.2.5	0x5625	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.41	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:57.444341898 CET	1.1.1.1	192.168.2.5	0x5625	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.13	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:57.444341898 CET	1.1.1.1	192.168.2.5	0x5625	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.107	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:57.455641985 CET	1.1.1.1	192.168.2.5	0x20ab	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 01:27:57.569617987 CET	1.1.1.1	192.168.2.5	0xbc68	Name error (3)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Jan 16, 2025 01:27:57.724252939 CET	1.1.1.1	192.168.2.5	0xf1dd	Name error (3)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:27:57.732333899 CET	1.1.1.1	192.168.2.5	0x330d	Name error (3)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipfs.io

https:

code.jquery.com

ik.imagekit.io

fac.corp.fortinet.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49713	209.94.90.1	443	1288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:27:55 UTC	714	OUT	GET /ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva HTTP/1.1 Host: ipfs.io Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:27:55 UTC	1069	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 00:27:55 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close access-control-allow-headers: Content-Type access-control-allow-headers: Range access-control-allow-headers: User-Agent access-control-allow-headers: X-Requested-With access-control-allow-methods: GET access-control-allow-methods: HEAD access-control-allow-methods: OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Length access-control-expose-headers: Content-Range access-control-expose-headers: X-Chunked-Output access-control-expose-headers: X-Ipfs-Path access-control-expose-headers: X-Ipfs-Roots access-control-expose-headers: X-Stream-Output Cache-Control: public, max-age=29030400, immutable x-ipfs-path: /ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva x-ipfs-roots: bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva x-ipfs-pop: rainbow-ny5-01 CF-Cache-Status: HIT Age: 27986 Server: cloudflare CF-RAY: 9029fb89fbc941d2-EWR alt-svc: h3=":443"; ma=86400
2025-01-16 00:27:55 UTC	300	IN	Data Raw: 37 62 38 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 21 2d 2d 22 6f 7a 6d 61 71 6f 30 67 79 64 75 78 6f 39 63 62 39 63 31 79 75 33 73 76 38 74 33 78 68 36 6b 71 69 33 33 36 37 67 75 72 78 79 74 70 31 75 66 74 34 79 69 76 7a 39 72 79 35 30 38 78 39 6e 74 35 30 67 73 69 64 66 6d 69 67 6d 34 76 78 32 76 38 71 72 64 62 70 74 77 39 30 61 6a 31 68 78 6e 6a 65 77 79 72 61 37 61 71 71 6a 62 38 62 6f 32 70 38 6b 76 30 38 6f 62 64 33 31 77 79 74 6b 62 75 7a 77 6e 70 78 31 38 77 68 67 71 22 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f Data Ascii: 7b83<!DOCTYPE html><html lang="en">..."ozmaqo0gyduxo9cb9c1yu3sv8t3xh6kqi3367gurxytp1uft4yivz9ry508x9nt50gsidfmigm4vx2v8qrdbptw90aj1hxnjewyra7aqqjb8bo2p8kv08obd31wytkbuzwnpx18whgq"--><head> <meta charset="UTF-8"> <meta name="viewport" co
2025-01-16 00:27:55 UTC	1369	IN	Data Raw: 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 69 64 3d 22 66 61 76 69 63 6f 6e 22 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 70 68 61 74 72 61 64 65 2d 6f 70 74 69 6f 6e 73 2e 63 6f 6d 2f 67 69 74 2f 72 61 6e 64 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 Data Ascii: > <meta http-equiv="X-UA-Compatible" content="ie=edge"> <meta name="referrer" content="strict-origin"> <link id="favicon" rel="shortcut icon" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png"> <script src="h
2025-01-16 00:27:55 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 35 31 35 32 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 20 33 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 2e 73 75 Data Ascii: color: #425152; text-decoration: none; } a:hover { text-decoration: underline; } input { border-radius: 5px; padding: 5px 3px; } input.su
2025-01-16 00:27:55 UTC	1369	IN	Data Raw: 47 36 4a 2f 65 4f 2b 71 59 65 4f 61 50 47 74 53 61 36 6e 47 31 67 6f 5a 65 63 30 33 65 5a 4d 36 72 38 48 4f 39 30 30 70 73 66 7a 75 57 6d 4f 56 35 79 2f 58 47 30 31 31 74 4b 6c 74 56 4f 6c 37 49 79 31 63 31 53 49 65 74 62 52 48 6e 70 2f 73 41 36 57 39 59 39 74 4d 5a 56 79 6b 43 6e 4b 42 63 52 45 72 78 6e 4e 44 63 71 4d 42 63 62 4f 65 37 56 49 6e 41 4a 2f 2f 6b 42 47 63 37 56 67 54 54 59 64 66 4f 36 78 72 6a 52 55 42 65 4b 76 34 64 73 65 34 32 44 61 73 30 7a 36 71 4f 69 50 47 78 56 4a 52 6c 44 66 5a 73 66 71 59 2b 6d 79 6e 39 7a 2b 78 63 30 32 73 53 4c 50 6a 6b 46 4e 44 58 64 43 4f 6d 6c 31 62 6d 36 34 70 4d 64 67 52 48 67 32 4a 5a 75 77 36 58 62 7a 33 46 59 66 42 42 51 4f 78 62 47 4f 72 61 41 6f 47 57 45 69 46 71 55 62 4b 51 73 63 43 6b 75 4e 79 4b 71 33 Data Ascii: G6J/eO+qYeOaPGtSa6nG1goZec03eZM6r8HO900psfzuWmOV5y/XG011tKltVOl7Iy1c1SIetbRHnp/sA6W9Y9tMZVykCnKBcRErxnNDcqMBcbOe7VInAJ//kBGc7VgTTYdfO6xrjRUBeKv4dse42Das0z6qOiPGxVJRlDfZsfqY+myn9z+xc02sSLPjkFNDXdCOml1bm64pMdgRHg2JZuw6Xbz3FYfBBQOxbGOraAoGWEiFqUbKQscCkuNyKq3
2025-01-16 00:27:55 UTC	1369	IN	Data Raw: 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 34 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 32 34 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 32 38 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 69 6e 70 75 74 20 7b 0d 0a 20 20 20 Data Ascii: middle; padding-top: 4px; } .col1 { width: 124px; font-size: 13px; font-weight: 600; } .col2 { width: 286px; } .col2 input {
2025-01-16 00:27:55 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 35 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 39 30 70 78 20 61 75 74 6f 20 61 75 74 6f 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 0d 0a 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 36 30 30 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: width: 500px; margin: 90px auto auto auto; padding-left: 10px; } @media only screen and (max-width: 600px) { body { background-image: none; }
2025-01-16 00:27:55 UTC	1369	IN	Data Raw: 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 32 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 78 6c 6f 67 6f 20 69 6d 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 35 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 35 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 62 6a 65 63 74 2d 66 69 74 3a 20 63 6f 6e 74 61 69 6e 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 78 6c 6f 67 6f 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 0d 0a 20 20 20 20 20 20 20 Data Ascii: margin-top: -25px; } .xlogo img { vertical-align: middle; width: 5%; height: 5%; object-fit: contain } .xlogo span { vertical-align: middle
2025-01-16 00:27:55 UTC	1369	IN	Data Raw: 3b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 62 67 5f 73 63 72 65 65 6e 22 3e 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6b 2e 69 6d 61 67 65 6b 69 74 2e 69 6f 2f 65 73 63 72 6f 77 6d 61 64 65 2f 52 6f 6c 6c 69 6e 67 2d 31 73 2d 32 30 30 70 78 5f 5f 31 5f 5f 74 72 48 43 57 58 79 39 6a 44 2e 67 69 66 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 35 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 35 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 20 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 6c 6f 61 64 69 6e 67 5f 69 6d 61 67 65 22 Data Ascii: ; display:none" id="bg_screen"> </div> <img src="https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif" style="width:50px; position:absolute; top:50%; left:50%; transform:translate(-50%, -50%); display:none" id="loading_image"
2025-01-16 00:27:55 UTC	1369	IN	Data Raw: 72 64 5f 68 69 64 64 65 6e 3a 39 33 65 64 66 37 64 33 63 65 62 37 30 34 62 65 39 32 65 65 30 38 34 65 63 63 36 32 63 36 63 38 2f 22 20 61 6c 74 3d 22 22 20 6f 6e 63 6c 69 63 6b 3d 22 73 65 74 56 69 73 69 62 69 6c 69 74 79 28 29 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 3c 62 72 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 20 69 64 3d 22 65 72 72 6f 72 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 Data Ascii: rd_hidden:93edf7d3ceb704be92ee084ecc62c6c8/" alt="" onclick="setVisibility()"> </div> <br><br> <div class="row"> <div><span class="error" id="error"></span></div> </div> <di
2025-01-16 00:27:55 UTC	1369	IN	Data Raw: 6f 6d 2f 76 30 2f 62 2f 70 6f 72 74 61 6c 2d 61 61 33 36 33 2e 61 70 70 73 70 6f 74 2e 63 6f 6d 2f 6f 2f 66 61 76 69 63 6f 6e 73 2e 70 6e 67 3f 61 6c 74 3d 6d 65 64 69 61 26 74 6f 6b 65 6e 3d 38 30 35 66 62 30 65 66 2d 61 32 64 39 2d 34 61 37 66 2d 38 35 65 36 2d 64 36 38 33 38 34 65 31 36 36 65 33 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 63 61 70 69 74 61 6c 69 7a 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 22 20 63 6c 61 73 73 3d 27 74 65 78 74 2d 67 27 20 69 64 3d 22 62 61 6e 4e 65 72 22 3e 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: om/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3"> <span style="text-transform: capitalize !important;" class='text-g' id="banNer"></span> </div> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49715	151.101.194.137	443	1288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:27:56 UTC	547	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ipfs.io sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:27:56 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 16 Jan 2025 00:27:56 GMT Age: 2478847 X-Served-By: cache-lga21935-LGA, cache-ewr-kewr1740060-EWR X-Cache: HIT, HIT X-Cache-Hits: 2413, 4 X-Timer: S1736987276.499970,VS0,VE0 Vary: Accept-Encoding
2025-01-16 00:27:56 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2025-01-16 00:27:56 UTC	16384	IN	Data Raw: 65 73 74 28 61 7c 7c 22 22 29 7c 7c 66 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 6c 61 6e 67 3a 20 22 2b 61 29 2c 61 3d 61 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3b 64 6f 20 69 66 28 63 3d 70 3f 62 2e 6c 61 6e 67 3a 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 78 6d 6c 3a 6c 61 6e 67 22 29 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 61 6e 67 22 29 29 72 65 74 75 72 6e 20 63 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 63 3d 3d 3d 61 7c 7c 30 3d 3d 3d 63 2e 69 6e 64 65 78 4f 66 28 61 2b 22 2d 22 29 3b 77 68 69 6c 65 28 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 26 26 31 3d 3d 3d 62 2e 6e 6f 64 65 54 79 70 65 Data Ascii: est(a\|\|"")\|\|fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")\|\|b.getAttribute("lang"))return c=c.toLowerCase(),c===a\|\|0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType
2025-01-16 00:27:56 UTC	16384	IN	Data Raw: 68 69 73 2c 61 29 7d 29 3a 4b 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 2c 64 3b 69 66 28 66 26 26 76 6f 69 64 20 30 3d 3d 3d 62 29 7b 69 66 28 63 3d 4f 2e 67 65 74 28 66 2c 61 29 7c 7c 4f 2e 67 65 74 28 66 2c 61 2e 72 65 70 6c 61 63 65 28 51 2c 22 2d 24 26 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 63 3d 4f 2e 67 65 74 28 66 2c 64 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 63 3d 52 28 66 2c 64 2c 76 6f 69 64 20 30 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 7d 65 6c 73 65 20 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 74 68 69 73 2e 65 61 63 Data Ascii: his,a)}):K(this,function(b){var c,d;if(f&&void 0===b){if(c=O.get(f,a)\|\|O.get(f,a.replace(Q,"-$&").toLowerCase()),void 0!==c)return c;if(d=n.camelCase(a),c=O.get(f,d),void 0!==c)return c;if(c=R(f,d,void 0),void 0!==c)return c}else d=n.camelCase(a),this.eac
2025-01-16 00:27:56 UTC	16384	IN	Data Raw: 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 2c 67 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 62 6f 72 64 65 72 3a 30 3b 77 69 64 74 68 3a 38 70 78 3b 68 65 69 67 68 74 3a 30 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 2d 39 39 39 39 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 22 2c 67 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 68 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 68 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 Data Ascii: .style.backgroundClip,g.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",g.appendChild(h);function i(){h.style.cssText="-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box
2025-01-16 00:27:56 UTC	16384	IN	Data Raw: 61 29 7b 62 3d 61 2e 6d 61 74 63 68 28 47 29 7c 7c 5b 5d 3b 77 68 69 6c 65 28 63 3d 74 68 69 73 5b 69 2b 2b 5d 29 69 66 28 65 3d 66 62 28 63 29 2c 64 3d 31 3d 3d 3d 63 2e 6e 6f 64 65 54 79 70 65 26 26 28 22 20 22 2b 65 2b 22 20 22 29 2e 72 65 70 6c 61 63 65 28 65 62 2c 22 20 22 29 29 7b 67 3d 30 3b 77 68 69 6c 65 28 66 3d 62 5b 67 2b 2b 5d 29 77 68 69 6c 65 28 64 2e 69 6e 64 65 78 4f 66 28 22 20 22 2b 66 2b 22 20 22 29 3e 2d 31 29 64 3d 64 2e 72 65 70 6c 61 63 65 28 22 20 22 2b 66 2b 22 20 22 2c 22 20 22 29 3b 68 3d 6e 2e 74 72 69 6d 28 64 29 2c 65 21 3d 3d 68 26 26 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 68 29 7d 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 74 6f 67 67 6c 65 43 6c 61 73 73 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 Data Ascii: a){b=a.match(G)\|\|[];while(c=this[i++])if(e=fb(c),d=1===c.nodeType&&(" "+e+" ").replace(eb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&c.setAttribute("class",h)}}return this},toggleClass:function(a,b
2025-01-16 00:27:56 UTC	3658	IN	Data Raw: 2e 63 68 69 6c 64 4e 6f 64 65 73 29 29 7d 3b 76 61 72 20 4c 62 3d 6e 2e 66 6e 2e 6c 6f 61 64 3b 6e 2e 66 6e 2e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 61 26 26 4c 62 29 72 65 74 75 72 6e 20 4c 62 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 76 61 72 20 64 2c 65 2c 66 2c 67 3d 74 68 69 73 2c 68 3d 61 2e 69 6e 64 65 78 4f 66 28 22 20 22 29 3b 72 65 74 75 72 6e 20 68 3e 2d 31 26 26 28 64 3d 6e 2e 74 72 69 6d 28 61 2e 73 6c 69 63 65 28 68 29 29 2c 61 3d 61 2e 73 6c 69 63 65 28 30 2c 68 29 29 2c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 29 3f 28 63 3d 62 2c 62 3d 76 6f 69 64 20 30 29 3a 62 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 Data Ascii: .childNodes))};var Lb=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&Lb)return Lb.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49716	65.9.66.52	443	1288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:27:56 UTC	611	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:27:56 UTC	807	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: f3b958f7-e514-4441-9b79-2da1c5ddee92 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Mon, 30 Sep 2024 19:32:04 GMT Date: Thu, 31 Oct 2024 19:52:56 GMT Via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront), 1.1 afcdbc9d4d397c4a65e6b312552ff7ee.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-C1 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: bCjNtePLDp2wUzATBgEwY3Y7td7yRTjmX4B8a7lNoul2f_tako0JNA== Age: 6582900
2025-01-16 00:27:56 UTC	15577	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2025-01-16 00:27:56 UTC	16384	IN	Data Raw: cd 21 18 33 26 01 e0 00 2c 1d f9 ce 98 10 00 03 f9 b0 e6 00 75 32 1a 0e a0 b3 94 9b 64 ca 06 5a 50 01 19 66 52 06 e0 94 09 02 1a 40 02 10 70 13 91 1d c8 26 53 0a e8 c8 0c 90 b1 2a 57 fc a4 00 b4 c8 14 08 c5 12 8d 54 c1 0a 2e 3b 70 d1 a1 74 2f 96 11 28 a4 4e 0c ba ca 14 24 d4 22 92 c9 9c 24 4e 86 52 3c 6b 56 a0 a4 1e 39 41 3b 85 60 80 b8 a1 04 8c 3b 05 40 06 42 c9 90 22 06 15 00 32 e0 28 c8 8e 5a 84 07 f0 11 20 16 64 2a 00 24 a0 81 97 3a 23 06 52 3d c2 6c 98 b9 0d 5f 66 95 08 12 98 c1 e4 b8 21 ce a3 76 a0 05 bb e4 45 ef be ca 84 07 a8 40 04 38 d5 05 f3 d8 1a 05 01 70 e0 03 30 38 81 50 78 46 57 2a 14 c0 02 1c f8 55 5f 07 4b d8 c2 1a f6 b0 88 4d ac 62 17 cb d8 c6 3a f6 b1 90 8d ac 64 27 4b d9 ca 5a f6 b2 70 08 02 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 Data Ascii: !3&,u2dZPfR@p&SWT.;pt/(N$"$NR<kV9A;`;@B"2(Z d$:#R=l_f!vE@8p08PxFW*U_KMb:d'KZp!,
2025-01-16 00:27:56 UTC	16384	IN	Data Raw: 3e ea 6c 5b 48 87 f1 64 66 ff 2e 21 14 c4 33 eb ba 84 18 40 6c 39 e5 c2 2b c8 9d e6 fc 64 ef 20 aa c2 f3 c1 be 83 c8 0b 0f 0b 00 0f 82 2f 39 08 b4 5a 70 1e fd be 13 ed c2 7b 44 90 2e c4 80 d4 4a 4e 9b 14 fb b1 67 39 2f 64 ec 07 07 f1 28 ec f1 1c 12 c4 b3 ec c8 7a 14 9a 0d 83 28 eb 91 6c 39 b7 b6 6c 47 8d e6 88 2a f3 1d 2a c0 f3 e8 cd 77 54 00 8f b6 3c d7 f1 c0 4a 41 db 61 00 3c 0c 14 6d c7 bc d9 24 ad 34 1d 49 3a f5 34 1d b9 98 03 c1 d4 73 3c 5b ce d5 58 c7 a1 72 33 0a 74 1d 47 98 e4 84 2d f6 1b 5f 33 63 f6 d9 6d 30 8d cd da 6c ab 71 f4 3b 1b c4 cd c6 9f e6 bc 6b 37 1a 8d 9a 83 f1 de 68 80 fc ce 90 80 9f d1 e3 3b 36 17 5e 06 89 ef 1c a9 b8 19 5a 97 73 dd e3 64 48 0c 4f b8 94 87 31 e7 3b 08 64 4e 06 8a e6 10 ec b9 18 39 9a b3 f3 e8 5f 58 fe 8e ba a8 73 d1 Data Ascii: >l[Hdf.!3@l9+d /9Zp{D.JNg9/d(z(l9lG**wT<JAa<m$4I:4s<[Xr3tG-_3cm0lq;k7h;6^ZsdHO1;dN9_Xs
2025-01-16 00:27:57 UTC	6857	IN	Data Raw: ff ca 00 0a 7c 85 80 82 65 94 a6 15 75 af 1c a7 15 50 6b b4 a6 55 7e af f8 f6 d5 6a 68 6c f0 d5 0a b1 0c 30 d9 53 2c ac 61 00 5e b2 c8 f7 14 02 cf 91 21 a3 56 3a c5 f2 91 56 d9 9d 41 c1 57 1e c6 62 c0 70 3d a5 a0 46 3f 5a 91 40 0b 85 4a 69 a0 86 74 4f 59 25 8b 8a 4a 35 90 c6 8f 5f 59 38 4b 31 5f 15 19 46 07 09 d2 82 a0 56 5c 9d b1 a4 52 51 ce 42 e5 4d c2 9c 41 91 56 1a d2 62 de 53 12 96 31 c3 57 c0 d5 e2 a2 52 79 99 11 60 55 b6 38 30 23 1a e2 3d 85 82 2d 0c 02 8a 86 7f 44 f5 49 0b 86 4f b9 80 c6 40 4f d5 49 4b 67 5a e5 49 c6 8e 4a d1 37 8b 04 8e a1 c1 2a 51 24 ba 52 40 ac 67 cc da 53 ad ad dc aa 95 02 b2 7e 05 23 2d be 3e 05 ec 19 21 be 68 4b b1 4a 1d 6b 46 b2 4f 0d 3b 0b 87 bf a2 01 6d ab b6 50 6b ac b5 5f e1 46 4b 81 d5 9e 41 aa 52 bc d1 02 67 aa 68 0c Data Ascii: \|euPkU~jhl0S,a^!V:VAWbp=F?Z@JitOY%J5_Y8K1_FV\RQBMAVbS1WRy`U80#=-DIO@OIKgZIJ7*Q$R@gS~#->!hKJkFO;mPk_FKARgh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49718	151.101.130.137	443	1288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:27:57 UTC	358	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:27:57 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 16 Jan 2025 00:27:57 GMT Age: 2478847 X-Served-By: cache-lga21935-LGA, cache-ewr-kewr1740075-EWR X-Cache: HIT, HIT X-Cache-Hits: 2413, 2 X-Timer: S1736987277.381943,VS0,VE0 Vary: Accept-Encoding
2025-01-16 00:27:57 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2025-01-16 00:27:57 UTC	16384	IN	Data Raw: 65 73 74 28 61 7c 7c 22 22 29 7c 7c 66 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 6c 61 6e 67 3a 20 22 2b 61 29 2c 61 3d 61 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3b 64 6f 20 69 66 28 63 3d 70 3f 62 2e 6c 61 6e 67 3a 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 78 6d 6c 3a 6c 61 6e 67 22 29 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 61 6e 67 22 29 29 72 65 74 75 72 6e 20 63 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 63 3d 3d 3d 61 7c 7c 30 3d 3d 3d 63 2e 69 6e 64 65 78 4f 66 28 61 2b 22 2d 22 29 3b 77 68 69 6c 65 28 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 26 26 31 3d 3d 3d 62 2e 6e 6f 64 65 54 79 70 65 Data Ascii: est(a\|\|"")\|\|fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")\|\|b.getAttribute("lang"))return c=c.toLowerCase(),c===a\|\|0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType
2025-01-16 00:27:57 UTC	16384	IN	Data Raw: 68 69 73 2c 61 29 7d 29 3a 4b 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 2c 64 3b 69 66 28 66 26 26 76 6f 69 64 20 30 3d 3d 3d 62 29 7b 69 66 28 63 3d 4f 2e 67 65 74 28 66 2c 61 29 7c 7c 4f 2e 67 65 74 28 66 2c 61 2e 72 65 70 6c 61 63 65 28 51 2c 22 2d 24 26 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 63 3d 4f 2e 67 65 74 28 66 2c 64 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 63 3d 52 28 66 2c 64 2c 76 6f 69 64 20 30 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 7d 65 6c 73 65 20 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 74 68 69 73 2e 65 61 63 Data Ascii: his,a)}):K(this,function(b){var c,d;if(f&&void 0===b){if(c=O.get(f,a)\|\|O.get(f,a.replace(Q,"-$&").toLowerCase()),void 0!==c)return c;if(d=n.camelCase(a),c=O.get(f,d),void 0!==c)return c;if(c=R(f,d,void 0),void 0!==c)return c}else d=n.camelCase(a),this.eac
2025-01-16 00:27:57 UTC	16384	IN	Data Raw: 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 2c 67 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 62 6f 72 64 65 72 3a 30 3b 77 69 64 74 68 3a 38 70 78 3b 68 65 69 67 68 74 3a 30 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 2d 39 39 39 39 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 22 2c 67 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 68 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 68 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 Data Ascii: .style.backgroundClip,g.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",g.appendChild(h);function i(){h.style.cssText="-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box
2025-01-16 00:27:57 UTC	16384	IN	Data Raw: 61 29 7b 62 3d 61 2e 6d 61 74 63 68 28 47 29 7c 7c 5b 5d 3b 77 68 69 6c 65 28 63 3d 74 68 69 73 5b 69 2b 2b 5d 29 69 66 28 65 3d 66 62 28 63 29 2c 64 3d 31 3d 3d 3d 63 2e 6e 6f 64 65 54 79 70 65 26 26 28 22 20 22 2b 65 2b 22 20 22 29 2e 72 65 70 6c 61 63 65 28 65 62 2c 22 20 22 29 29 7b 67 3d 30 3b 77 68 69 6c 65 28 66 3d 62 5b 67 2b 2b 5d 29 77 68 69 6c 65 28 64 2e 69 6e 64 65 78 4f 66 28 22 20 22 2b 66 2b 22 20 22 29 3e 2d 31 29 64 3d 64 2e 72 65 70 6c 61 63 65 28 22 20 22 2b 66 2b 22 20 22 2c 22 20 22 29 3b 68 3d 6e 2e 74 72 69 6d 28 64 29 2c 65 21 3d 3d 68 26 26 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 68 29 7d 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 74 6f 67 67 6c 65 43 6c 61 73 73 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 Data Ascii: a){b=a.match(G)\|\|[];while(c=this[i++])if(e=fb(c),d=1===c.nodeType&&(" "+e+" ").replace(eb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&c.setAttribute("class",h)}}return this},toggleClass:function(a,b
2025-01-16 00:27:57 UTC	3658	IN	Data Raw: 2e 63 68 69 6c 64 4e 6f 64 65 73 29 29 7d 3b 76 61 72 20 4c 62 3d 6e 2e 66 6e 2e 6c 6f 61 64 3b 6e 2e 66 6e 2e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 61 26 26 4c 62 29 72 65 74 75 72 6e 20 4c 62 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 76 61 72 20 64 2c 65 2c 66 2c 67 3d 74 68 69 73 2c 68 3d 61 2e 69 6e 64 65 78 4f 66 28 22 20 22 29 3b 72 65 74 75 72 6e 20 68 3e 2d 31 26 26 28 64 3d 6e 2e 74 72 69 6d 28 61 2e 73 6c 69 63 65 28 68 29 29 2c 61 3d 61 2e 73 6c 69 63 65 28 30 2c 68 29 29 2c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 29 3f 28 63 3d 62 2c 62 3d 76 6f 69 64 20 30 29 3a 62 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 Data Ascii: .childNodes))};var Lb=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&Lb)return Lb.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49717	208.91.114.103	443	1288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:27:57 UTC	639	OUT	GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1 Host: fac.corp.fortinet.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:27:57 UTC	548	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 00:27:57 GMT Content-Length: 4288 Content-Security-Policy: object-src 'none'; base-uri 'self'; default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' X-Frame-Options: SAMEORIGIN Vary: Accept-Encoding Content-Language: en X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Cache-Control: public, max-age=31536000 X-XSS-Protection: 1; mode=block Permissions-Policy: fullscreen=(self) Connection: close Content-Type: text/html; charset=utf-8
2025-01-16 00:27:57 UTC	4288	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 73 69 74 65 5f 6d 65 64 69 61 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-type" content="text/html; charset=UTF-8"> <meta name="referrer" content="strict-origin"> <title>Not Found</title> <link rel="stylesheet" type="text/css" href="/site_media/css/font-aweso

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49721	65.9.66.52	443	1288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:27:58 UTC	384	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:27:58 UTC	805	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: 77f56fe4-746b-47c7-81b6-47a394580022 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Thu, 31 Oct 2024 20:27:09 GMT Date: Wed, 15 Jan 2025 12:13:19 GMT Via: 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront), 1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-C1 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: yYtkpqpcvdbKxX9akMopgqGjBTAre75578x_ecZihGqwAmX65zJkhw== Age: 44079
2025-01-16 00:27:58 UTC	15579	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2025-01-16 00:27:58 UTC	16384	IN	Data Raw: 18 33 26 01 e0 00 2c 1d f9 ce 98 10 00 03 f9 b0 e6 00 75 32 1a 0e a0 b3 94 9b 64 ca 06 5a 50 01 19 66 52 06 e0 94 09 02 1a 40 02 10 70 13 91 1d c8 26 53 0a e8 c8 0c 90 b1 2a 57 fc a4 00 b4 c8 14 08 c5 12 8d 54 c1 0a 2e 3b 70 d1 a1 74 2f 96 11 28 a4 4e 0c ba ca 14 24 d4 22 92 c9 9c 24 4e 86 52 3c 6b 56 a0 a4 1e 39 41 3b 85 60 80 b8 a1 04 8c 3b 05 40 06 42 c9 90 22 06 15 00 32 e0 28 c8 8e 5a 84 07 f0 11 20 16 64 2a 00 24 a0 81 97 3a 23 06 52 3d c2 6c 98 b9 0d 5f 66 95 08 12 98 c1 e4 b8 21 ce a3 76 a0 05 bb e4 45 ef be ca 84 07 a8 40 04 38 d5 05 f3 d8 1a 05 01 70 e0 03 30 38 81 50 78 46 57 2a 14 c0 02 1c f8 55 5f 07 4b d8 c2 1a f6 b0 88 4d ac 62 17 cb d8 c6 3a f6 b1 90 8d ac 64 27 4b d9 ca 5a f6 b2 70 08 02 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 Data Ascii: 3&,u2dZPfR@p&SWT.;pt/(N$"$NR<kV9A;`;@B"2(Z d$:#R=l_f!vE@8p08PxFW*U_KMb:d'KZp!,
2025-01-16 00:27:58 UTC	16384	IN	Data Raw: 6c 5b 48 87 f1 64 66 ff 2e 21 14 c4 33 eb ba 84 18 40 6c 39 e5 c2 2b c8 9d e6 fc 64 ef 20 aa c2 f3 c1 be 83 c8 0b 0f 0b 00 0f 82 2f 39 08 b4 5a 70 1e fd be 13 ed c2 7b 44 90 2e c4 80 d4 4a 4e 9b 14 fb b1 67 39 2f 64 ec 07 07 f1 28 ec f1 1c 12 c4 b3 ec c8 7a 14 9a 0d 83 28 eb 91 6c 39 b7 b6 6c 47 8d e6 88 2a f3 1d 2a c0 f3 e8 cd 77 54 00 8f b6 3c d7 f1 c0 4a 41 db 61 00 3c 0c 14 6d c7 bc d9 24 ad 34 1d 49 3a f5 34 1d b9 98 03 c1 d4 73 3c 5b ce d5 58 c7 a1 72 33 0a 74 1d 47 98 e4 84 2d f6 1b 5f 33 63 f6 d9 6d 30 8d cd da 6c ab 71 f4 3b 1b c4 cd c6 9f e6 bc 6b 37 1a 8d 9a 83 f1 de 68 80 fc ce 90 80 9f d1 e3 3b 36 17 5e 06 89 ef 1c a9 b8 19 5a 97 73 dd e3 64 48 0c 4f b8 94 87 31 e7 3b 08 64 4e 06 8a e6 10 ec b9 18 39 9a b3 f3 e8 5f 58 fe 8e ba a8 73 d1 b0 39 Data Ascii: l[Hdf.!3@l9+d /9Zp{D.JNg9/d(z(l9lG**wT<JAa<m$4I:4s<[Xr3tG-_3cm0lq;k7h;6^ZsdHO1;dN9_Xs9
2025-01-16 00:27:58 UTC	6855	IN	Data Raw: 00 0a 7c 85 80 82 65 94 a6 15 75 af 1c a7 15 50 6b b4 a6 55 7e af f8 f6 d5 6a 68 6c f0 d5 0a b1 0c 30 d9 53 2c ac 61 00 5e b2 c8 f7 14 02 cf 91 21 a3 56 3a c5 f2 91 56 d9 9d 41 c1 57 1e c6 62 c0 70 3d a5 a0 46 3f 5a 91 40 0b 85 4a 69 a0 86 74 4f 59 25 8b 8a 4a 35 90 c6 8f 5f 59 38 4b 31 5f 15 19 46 07 09 d2 82 a0 56 5c 9d b1 a4 52 51 ce 42 e5 4d c2 9c 41 91 56 1a d2 62 de 53 12 96 31 c3 57 c0 d5 e2 a2 52 79 99 11 60 55 b6 38 30 23 1a e2 3d 85 82 2d 0c 02 8a 86 7f 44 f5 49 0b 86 4f b9 80 c6 40 4f d5 49 4b 67 5a e5 49 c6 8e 4a d1 37 8b 04 8e a1 c1 2a 51 24 ba 52 40 ac 67 cc da 53 ad ad dc aa 95 02 b2 7e 05 23 2d be 3e 05 ec 19 21 be 68 4b b1 4a 1d 6b 46 b2 4f 0d 3b 0b 87 bf a2 01 6d ab b6 50 6b ac b5 5f e1 46 4b 81 d5 9e 41 aa 52 bc d1 02 67 aa 68 0c aa ff Data Ascii: \|euPkU~jhl0S,a^!V:VAWbp=F?Z@JitOY%J5_Y8K1_FV\RQBMAVbS1WRy`U80#=-DIO@OIKgZIJ7*Q$R@gS~#->!hKJkFO;mPk_FKARgh

Target ID:	0
Start time:	19:27:44
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	19:27:47
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2332,i,2636424786149384070,13294196481122330184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:27:54
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva	HTTP Parser: Iframe src: https://www.YXNkYXNkQGdtYWlsLmNvbQ==
Source: https://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva	HTTP Parser: Iframe src: https://www.YXNkYXNkQGdtYWlsLmNvbQ==

Source: https://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva	HTTP Parser: No <meta name="author".. found
Source: https://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva	HTTP Parser: No <meta name="author".. found

Source: https://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva	HTTP Parser: No <meta name="copyright".. found
Source: https://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva	HTTP Parser: No <meta name="copyright".. found

Source: global traffic	HTTP traffic detected: GET /ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva HTTP/1.1Host: ipfs.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ipfs.iosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1Host: fac.corp.fortinet.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ipfs.io
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: ik.imagekit.io
Source: global traffic	DNS traffic detected: DNS query: fac.corp.fortinet.com
Source: global traffic	DNS traffic detected: DNS query: alphatrade-options.com

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6184, Parent PID: 5424

Windows Analysis Report
http://ipfs.io/ipfs/bafkreiegcz3lxxpdvmp6t2cisfhovfdsol6votihv6vw7ixifynaplzjva