Edit tour

Windows Analysis Report
https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr= 6F8CQAJrB6#adres@example.com

Overview

General Information

Sample URL:https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr= 6F8CQAJrB6#adres@example.com
Analysis ID:1645156
Infos:

Detection

Score:56
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Creates files inside the system directory
Deletes files inside the Windows folder
URL contains potential PII (phishing indication)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 4156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 1632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2192,i,5519731064174341387,10171050664537622976,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2220 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6#adres@example.com" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6#adres@example.comAvira URL Cloud: detection malicious, Label: phishing
Source: https://gateway.btfs.io/favicon.icoAvira URL Cloud: Label: phishing
Source: https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6Avira URL Cloud: Label: phishing
Source: https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6#adres@example.comSample URL: PII: adres@example.com
Source: https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6#adres@example.comHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.10:49688 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.250.202.186:443 -> 192.168.2.10:49690 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.250.202.186:443 -> 192.168.2.10:49689 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.49.110:443 -> 192.168.2.10:49692 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.10:49710 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6 HTTP/1.1Host: gateway.btfs.ioConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gateway.btfs.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: finder.btfs.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gateway.btfs.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: gateway.btfs.io
Source: global trafficDNS traffic detected: DNS query: finder.btfs.io
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeServer: AmazonS3Date: Fri, 21 Mar 2025 13:33:32 GMTX-Cache: Error from cloudfrontVia: 1.1 876bec0443fc8f764d98d36e203f84e0.cloudfront.net (CloudFront)X-Amz-Cf-Pop: JFK52-P3X-Amz-Cf-Id: uKXbsCzDo75Y2DJEmKhO9WtLhFRA2FoIk_j0DkFRJS8ylHf-hp2BZw==
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.10:49688 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.250.202.186:443 -> 192.168.2.10:49690 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.250.202.186:443 -> 192.168.2.10:49689 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.49.110:443 -> 192.168.2.10:49692 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.10:49710 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir4156_518366490Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir4156_518366490Jump to behavior
Source: classification engineClassification label: mal56.win@21/2@6/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2192,i,5519731064174341387,10171050664537622976,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2220 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6#adres@example.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2192,i,5519731064174341387,10171050664537622976,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2220 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1645156 URL: https://gateway.btfs.io/btf... Startdate: 21/03/2025 Architecture: WINDOWS Score: 56 24 Antivirus detection for URL or domain 2->24 26 Antivirus / Scanner detection for submitted sample 2->26 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.10, 138, 443, 49688 unknown unknown 6->14 16 192.168.2.6 unknown unknown 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 www.google.com 142.251.32.100, 443, 49688, 49708 GOOGLEUS United States 11->18 20 k8s-btfsprod-btfsgate-f999b78d32-493095428.ap-southeast-1.elb.amazonaws.com 13.250.202.186, 443, 49689, 49690 AMAZON-02US United States 11->20 22 3 other IPs or domains 11->22

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6#adres@example.com100%Avira URL Cloudphishing
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://gateway.btfs.io/favicon.ico100%Avira URL Cloudphishing
https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6100%Avira URL Cloudphishing
https://finder.btfs.io/favicon.ico0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
k8s-btfsprod-btfsgate-f999b78d32-493095428.ap-southeast-1.elb.amazonaws.com
13.250.202.186
truefalse
    unknown
    www.google.com
    142.251.32.100
    truefalse
      high
      d2zgzy9au3frt5.cloudfront.net
      18.238.49.110
      truefalse
        unknown
        gateway.btfs.io
        unknown
        unknownfalse
          unknown
          finder.btfs.io
          unknown
          unknownfalse
            high
            NameMaliciousAntivirus DetectionReputation
            https://gateway.btfs.io/favicon.icofalse
            • Avira URL Cloud: phishing
            unknown
            https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6#adres@example.comtrue
              unknown
              https://finder.btfs.io/favicon.icofalse
              • Avira URL Cloud: safe
              unknown
              https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6false
              • Avira URL Cloud: phishing
              unknown
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              13.250.202.186
              k8s-btfsprod-btfsgate-f999b78d32-493095428.ap-southeast-1.elb.amazonaws.comUnited States
              16509AMAZON-02USfalse
              142.251.32.100
              www.google.comUnited States
              15169GOOGLEUSfalse
              18.238.49.110
              d2zgzy9au3frt5.cloudfront.netUnited States
              16509AMAZON-02USfalse
              IP
              192.168.2.6
              192.168.2.10
              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1645156
              Start date and time:2025-03-21 14:32:24 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 1s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr= 6F8CQAJrB6#adres@example.com
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:18
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal56.win@21/2@6/5
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe, TextInputHost.exe
              • Excluded IPs from analysis (whitelisted): 142.250.80.67, 142.250.64.110, 142.250.80.110, 142.251.163.84, 142.250.65.174, 142.250.80.78, 199.232.210.172, 142.250.65.238, 142.251.40.238, 142.250.80.46, 142.251.40.142, 142.250.65.195, 142.251.40.99, 142.251.167.84, 52.149.20.212, 184.31.69.3
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtOpenFile calls found.
              • VT rate limit hit for: https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6#adres@example.com
              No simulations
              No context
              No context
              No context
              No context
              No context
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text
              Category:downloaded
              Size (bytes):135
              Entropy (8bit):5.191626082812419
              Encrypted:false
              SSDEEP:3:KTmisTEJRror0IHgAw32S/ThMPBvdDizJmfAGMudBKCxKiAZ:KKis0RixAA1SbDmf2udBLm
              MD5:5DD5AA18CC83A00EE287880C4AE38042
              SHA1:6F3768ADDA69DF4FAB8FB15BE86DF45685F736D7
              SHA-256:12C806FA6E624E81F48C0B378FE4304B06FC193E9636471604AFFC4D346DF9CF
              SHA-512:808F249BE82F292661562A4A36F4FDEE6D6460DE60A416BC5C6AEDF7A85431198A5796FA6963919A12DDEF718BBDD4F7DBA0CCBFB41E668A1F45A1F6BCF129D8
              Malicious:false
              Reputation:low
              URL:https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6
              Preview:invalid btfs path: invalid path "/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr= 6F8CQAJrB6": invalid CID: selected encoding not supported.
              No static file info

              Download Network PCAP: filteredfull

              • Total Packets: 86
              • 443 (HTTPS)
              • 80 (HTTP)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Mar 21, 2025 14:33:16.833877087 CET49677443192.168.2.102.23.227.208
              Mar 21, 2025 14:33:16.833878994 CET49676443192.168.2.102.23.227.208
              Mar 21, 2025 14:33:16.833909988 CET49675443192.168.2.102.23.227.208
              Mar 21, 2025 14:33:26.503859997 CET49677443192.168.2.102.23.227.208
              Mar 21, 2025 14:33:26.564415932 CET49676443192.168.2.102.23.227.208
              Mar 21, 2025 14:33:26.564439058 CET49675443192.168.2.102.23.227.208
              Mar 21, 2025 14:33:29.591933012 CET49688443192.168.2.10142.251.32.100
              Mar 21, 2025 14:33:29.591968060 CET44349688142.251.32.100192.168.2.10
              Mar 21, 2025 14:33:29.592053890 CET49688443192.168.2.10142.251.32.100
              Mar 21, 2025 14:33:29.592403889 CET49688443192.168.2.10142.251.32.100
              Mar 21, 2025 14:33:29.592415094 CET44349688142.251.32.100192.168.2.10
              Mar 21, 2025 14:33:29.799058914 CET44349688142.251.32.100192.168.2.10
              Mar 21, 2025 14:33:29.799143076 CET49688443192.168.2.10142.251.32.100
              Mar 21, 2025 14:33:29.801034927 CET49688443192.168.2.10142.251.32.100
              Mar 21, 2025 14:33:29.801048994 CET44349688142.251.32.100192.168.2.10
              Mar 21, 2025 14:33:29.801356077 CET44349688142.251.32.100192.168.2.10
              Mar 21, 2025 14:33:29.848292112 CET49688443192.168.2.10142.251.32.100
              Mar 21, 2025 14:33:31.399997950 CET49689443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:31.400046110 CET4434968913.250.202.186192.168.2.10
              Mar 21, 2025 14:33:31.400212049 CET49689443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:31.400635958 CET49690443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:31.400670052 CET4434969013.250.202.186192.168.2.10
              Mar 21, 2025 14:33:31.400820017 CET49689443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:31.400835037 CET4434968913.250.202.186192.168.2.10
              Mar 21, 2025 14:33:31.400856972 CET49690443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:31.401072025 CET49690443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:31.401084900 CET4434969013.250.202.186192.168.2.10
              Mar 21, 2025 14:33:32.414505959 CET4434969013.250.202.186192.168.2.10
              Mar 21, 2025 14:33:32.414623022 CET49690443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:32.415996075 CET49690443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:32.416006088 CET4434969013.250.202.186192.168.2.10
              Mar 21, 2025 14:33:32.416259050 CET4434969013.250.202.186192.168.2.10
              Mar 21, 2025 14:33:32.416415930 CET4434968913.250.202.186192.168.2.10
              Mar 21, 2025 14:33:32.416480064 CET49689443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:32.416632891 CET49690443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:32.417578936 CET49689443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:32.417587042 CET4434968913.250.202.186192.168.2.10
              Mar 21, 2025 14:33:32.417812109 CET4434968913.250.202.186192.168.2.10
              Mar 21, 2025 14:33:32.460323095 CET4434969013.250.202.186192.168.2.10
              Mar 21, 2025 14:33:32.470387936 CET49689443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:32.753530979 CET4434969013.250.202.186192.168.2.10
              Mar 21, 2025 14:33:32.753619909 CET4434969013.250.202.186192.168.2.10
              Mar 21, 2025 14:33:32.753695965 CET49690443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:32.755191088 CET49690443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:32.755207062 CET4434969013.250.202.186192.168.2.10
              Mar 21, 2025 14:33:32.859695911 CET49689443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:32.900330067 CET4434968913.250.202.186192.168.2.10
              Mar 21, 2025 14:33:32.928199053 CET49672443192.168.2.10204.79.197.203
              Mar 21, 2025 14:33:33.199059010 CET4434968913.250.202.186192.168.2.10
              Mar 21, 2025 14:33:33.199136019 CET4434968913.250.202.186192.168.2.10
              Mar 21, 2025 14:33:33.199470043 CET49689443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:33.199831009 CET49689443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:33.199831009 CET49689443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:33.199855089 CET4434968913.250.202.186192.168.2.10
              Mar 21, 2025 14:33:33.200068951 CET49689443192.168.2.1013.250.202.186
              Mar 21, 2025 14:33:33.237642050 CET49672443192.168.2.10204.79.197.203
              Mar 21, 2025 14:33:33.372406960 CET49692443192.168.2.1018.238.49.110
              Mar 21, 2025 14:33:33.372454882 CET4434969218.238.49.110192.168.2.10
              Mar 21, 2025 14:33:33.372584105 CET49692443192.168.2.1018.238.49.110
              Mar 21, 2025 14:33:33.373091936 CET49692443192.168.2.1018.238.49.110
              Mar 21, 2025 14:33:33.373121023 CET4434969218.238.49.110192.168.2.10
              Mar 21, 2025 14:33:33.571991920 CET4434969218.238.49.110192.168.2.10
              Mar 21, 2025 14:33:33.572133064 CET49692443192.168.2.1018.238.49.110
              Mar 21, 2025 14:33:33.587027073 CET49692443192.168.2.1018.238.49.110
              Mar 21, 2025 14:33:33.587063074 CET4434969218.238.49.110192.168.2.10
              Mar 21, 2025 14:33:33.587728977 CET4434969218.238.49.110192.168.2.10
              Mar 21, 2025 14:33:33.590528011 CET49692443192.168.2.1018.238.49.110
              Mar 21, 2025 14:33:33.632322073 CET4434969218.238.49.110192.168.2.10
              Mar 21, 2025 14:33:33.795239925 CET4434969218.238.49.110192.168.2.10
              Mar 21, 2025 14:33:33.795383930 CET4434969218.238.49.110192.168.2.10
              Mar 21, 2025 14:33:33.795551062 CET49692443192.168.2.1018.238.49.110
              Mar 21, 2025 14:33:33.797884941 CET49692443192.168.2.1018.238.49.110
              Mar 21, 2025 14:33:33.797904968 CET4434969218.238.49.110192.168.2.10
              Mar 21, 2025 14:33:33.846653938 CET49672443192.168.2.10204.79.197.203
              Mar 21, 2025 14:33:35.050807953 CET49672443192.168.2.10204.79.197.203
              Mar 21, 2025 14:33:37.455944061 CET49672443192.168.2.10204.79.197.203
              Mar 21, 2025 14:33:39.786298990 CET44349688142.251.32.100192.168.2.10
              Mar 21, 2025 14:33:39.786386013 CET44349688142.251.32.100192.168.2.10
              Mar 21, 2025 14:33:39.786429882 CET49688443192.168.2.10142.251.32.100
              Mar 21, 2025 14:33:39.788741112 CET4969980192.168.2.10142.250.80.99
              Mar 21, 2025 14:33:39.804718971 CET49688443192.168.2.10142.251.32.100
              Mar 21, 2025 14:33:39.804749966 CET44349688142.251.32.100192.168.2.10
              Mar 21, 2025 14:33:39.888735056 CET8049699142.250.80.99192.168.2.10
              Mar 21, 2025 14:33:39.888834000 CET4969980192.168.2.10142.250.80.99
              Mar 21, 2025 14:33:39.889163017 CET4969980192.168.2.10142.250.80.99
              Mar 21, 2025 14:33:39.986761093 CET8049699142.250.80.99192.168.2.10
              Mar 21, 2025 14:33:39.987291098 CET8049699142.250.80.99192.168.2.10
              Mar 21, 2025 14:33:39.993973017 CET4969980192.168.2.10142.250.80.99
              Mar 21, 2025 14:33:40.086534977 CET8049699142.250.80.99192.168.2.10
              Mar 21, 2025 14:33:40.127820015 CET4969980192.168.2.10142.250.80.99
              Mar 21, 2025 14:33:41.441910028 CET49678443192.168.2.1020.189.173.26
              Mar 21, 2025 14:33:41.753834963 CET49678443192.168.2.1020.189.173.26
              Mar 21, 2025 14:33:42.260659933 CET49672443192.168.2.10204.79.197.203
              Mar 21, 2025 14:33:42.363723993 CET49678443192.168.2.1020.189.173.26
              Mar 21, 2025 14:33:43.566597939 CET49678443192.168.2.1020.189.173.26
              Mar 21, 2025 14:33:45.973444939 CET49678443192.168.2.1020.189.173.26
              Mar 21, 2025 14:33:50.783061028 CET49678443192.168.2.1020.189.173.26
              Mar 21, 2025 14:33:51.862270117 CET49672443192.168.2.10204.79.197.203
              Mar 21, 2025 14:34:00.393701077 CET49678443192.168.2.1020.189.173.26
              Mar 21, 2025 14:34:29.551805973 CET49708443192.168.2.10142.251.32.100
              Mar 21, 2025 14:34:29.551851988 CET44349708142.251.32.100192.168.2.10
              Mar 21, 2025 14:34:29.551922083 CET49708443192.168.2.10142.251.32.100
              Mar 21, 2025 14:34:29.552170992 CET49708443192.168.2.10142.251.32.100
              Mar 21, 2025 14:34:29.552182913 CET44349708142.251.32.100192.168.2.10
              Mar 21, 2025 14:34:29.753736973 CET44349708142.251.32.100192.168.2.10
              Mar 21, 2025 14:34:29.754194975 CET49708443192.168.2.10142.251.32.100
              Mar 21, 2025 14:34:29.754246950 CET44349708142.251.32.100192.168.2.10
              Mar 21, 2025 14:34:31.683214903 CET49674443192.168.2.102.23.227.208
              Mar 21, 2025 14:34:31.684097052 CET49710443192.168.2.102.23.227.208
              Mar 21, 2025 14:34:31.684145927 CET443497102.23.227.208192.168.2.10
              Mar 21, 2025 14:34:31.684211969 CET49710443192.168.2.102.23.227.208
              Mar 21, 2025 14:34:31.684776068 CET49710443192.168.2.102.23.227.208
              Mar 21, 2025 14:34:31.684788942 CET443497102.23.227.208192.168.2.10
              Mar 21, 2025 14:34:31.989142895 CET49674443192.168.2.102.23.227.208
              Mar 21, 2025 14:34:32.052210093 CET443497102.23.227.208192.168.2.10
              Mar 21, 2025 14:34:32.052326918 CET49710443192.168.2.102.23.227.208
              Mar 21, 2025 14:34:32.597453117 CET49674443192.168.2.102.23.227.208
              Mar 21, 2025 14:34:33.799668074 CET49674443192.168.2.102.23.227.208
              Mar 21, 2025 14:34:36.205553055 CET49674443192.168.2.102.23.227.208
              Mar 21, 2025 14:34:39.786310911 CET44349708142.251.32.100192.168.2.10
              Mar 21, 2025 14:34:39.786390066 CET44349708142.251.32.100192.168.2.10
              Mar 21, 2025 14:34:39.786446095 CET49708443192.168.2.10142.251.32.100
              Mar 21, 2025 14:34:39.804486036 CET49708443192.168.2.10142.251.32.100
              Mar 21, 2025 14:34:39.804516077 CET44349708142.251.32.100192.168.2.10
              Mar 21, 2025 14:34:40.284162998 CET4969980192.168.2.10142.250.80.99
              Mar 21, 2025 14:34:40.379627943 CET8049699142.250.80.99192.168.2.10
              Mar 21, 2025 14:34:40.379678011 CET4969980192.168.2.10142.250.80.99
              Mar 21, 2025 14:34:41.020479918 CET49674443192.168.2.102.23.227.208
              Mar 21, 2025 14:34:50.627613068 CET49674443192.168.2.102.23.227.208
              Mar 21, 2025 14:34:51.226991892 CET443497102.23.227.208192.168.2.10
              Mar 21, 2025 14:34:51.227066994 CET49710443192.168.2.102.23.227.208
              TimestampSource PortDest PortSource IPDest IP
              Mar 21, 2025 14:33:25.854384899 CET53571751.1.1.1192.168.2.10
              Mar 21, 2025 14:33:25.856383085 CET53536721.1.1.1192.168.2.10
              Mar 21, 2025 14:33:26.452116013 CET53506431.1.1.1192.168.2.10
              Mar 21, 2025 14:33:26.606076002 CET53648971.1.1.1192.168.2.10
              Mar 21, 2025 14:33:29.488866091 CET5097053192.168.2.101.1.1.1
              Mar 21, 2025 14:33:29.489097118 CET5503653192.168.2.101.1.1.1
              Mar 21, 2025 14:33:29.590219021 CET53509701.1.1.1192.168.2.10
              Mar 21, 2025 14:33:29.590363026 CET53550361.1.1.1192.168.2.10
              Mar 21, 2025 14:33:31.230773926 CET6250553192.168.2.101.1.1.1
              Mar 21, 2025 14:33:31.231066942 CET6272953192.168.2.101.1.1.1
              Mar 21, 2025 14:33:31.346673012 CET53627291.1.1.1192.168.2.10
              Mar 21, 2025 14:33:31.399112940 CET53625051.1.1.1192.168.2.10
              Mar 21, 2025 14:33:33.202217102 CET5575053192.168.2.101.1.1.1
              Mar 21, 2025 14:33:33.202378988 CET5198253192.168.2.101.1.1.1
              Mar 21, 2025 14:33:33.342753887 CET53519821.1.1.1192.168.2.10
              Mar 21, 2025 14:33:33.371074915 CET53557501.1.1.1192.168.2.10
              Mar 21, 2025 14:33:43.545213938 CET53619901.1.1.1192.168.2.10
              Mar 21, 2025 14:34:02.380290985 CET53505861.1.1.1192.168.2.10
              Mar 21, 2025 14:34:25.139795065 CET53594711.1.1.1192.168.2.10
              Mar 21, 2025 14:34:25.275759935 CET53647781.1.1.1192.168.2.10
              Mar 21, 2025 14:34:27.058109999 CET53594201.1.1.1192.168.2.10
              Mar 21, 2025 14:34:27.912463903 CET53590341.1.1.1192.168.2.10
              Mar 21, 2025 14:34:40.087915897 CET138138192.168.2.10192.168.2.255
              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Mar 21, 2025 14:33:29.488866091 CET192.168.2.101.1.1.10xf2a8Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Mar 21, 2025 14:33:29.489097118 CET192.168.2.101.1.1.10xf683Standard query (0)www.google.com65IN (0x0001)false
              Mar 21, 2025 14:33:31.230773926 CET192.168.2.101.1.1.10xd603Standard query (0)gateway.btfs.ioA (IP address)IN (0x0001)false
              Mar 21, 2025 14:33:31.231066942 CET192.168.2.101.1.1.10xf6cStandard query (0)gateway.btfs.io65IN (0x0001)false
              Mar 21, 2025 14:33:33.202217102 CET192.168.2.101.1.1.10xea5eStandard query (0)finder.btfs.ioA (IP address)IN (0x0001)false
              Mar 21, 2025 14:33:33.202378988 CET192.168.2.101.1.1.10x1075Standard query (0)finder.btfs.io65IN (0x0001)false
              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Mar 21, 2025 14:33:29.590219021 CET1.1.1.1192.168.2.100xf2a8No error (0)www.google.com142.251.32.100A (IP address)IN (0x0001)false
              Mar 21, 2025 14:33:29.590363026 CET1.1.1.1192.168.2.100xf683No error (0)www.google.com65IN (0x0001)false
              Mar 21, 2025 14:33:31.346673012 CET1.1.1.1192.168.2.100xf6cNo error (0)gateway.btfs.iok8s-btfsprod-btfsgate-f999b78d32-493095428.ap-southeast-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Mar 21, 2025 14:33:31.399112940 CET1.1.1.1192.168.2.100xd603No error (0)gateway.btfs.iok8s-btfsprod-btfsgate-f999b78d32-493095428.ap-southeast-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Mar 21, 2025 14:33:31.399112940 CET1.1.1.1192.168.2.100xd603No error (0)k8s-btfsprod-btfsgate-f999b78d32-493095428.ap-southeast-1.elb.amazonaws.com13.250.202.186A (IP address)IN (0x0001)false
              Mar 21, 2025 14:33:31.399112940 CET1.1.1.1192.168.2.100xd603No error (0)k8s-btfsprod-btfsgate-f999b78d32-493095428.ap-southeast-1.elb.amazonaws.com13.215.113.18A (IP address)IN (0x0001)false
              Mar 21, 2025 14:33:31.399112940 CET1.1.1.1192.168.2.100xd603No error (0)k8s-btfsprod-btfsgate-f999b78d32-493095428.ap-southeast-1.elb.amazonaws.com52.220.237.40A (IP address)IN (0x0001)false
              Mar 21, 2025 14:33:33.342753887 CET1.1.1.1192.168.2.100x1075No error (0)finder.btfs.iod2zgzy9au3frt5.cloudfront.netCNAME (Canonical name)IN (0x0001)false
              Mar 21, 2025 14:33:33.371074915 CET1.1.1.1192.168.2.100xea5eNo error (0)finder.btfs.iod2zgzy9au3frt5.cloudfront.netCNAME (Canonical name)IN (0x0001)false
              Mar 21, 2025 14:33:33.371074915 CET1.1.1.1192.168.2.100xea5eNo error (0)d2zgzy9au3frt5.cloudfront.net18.238.49.110A (IP address)IN (0x0001)false
              Mar 21, 2025 14:33:33.371074915 CET1.1.1.1192.168.2.100xea5eNo error (0)d2zgzy9au3frt5.cloudfront.net18.238.49.47A (IP address)IN (0x0001)false
              Mar 21, 2025 14:33:33.371074915 CET1.1.1.1192.168.2.100xea5eNo error (0)d2zgzy9au3frt5.cloudfront.net18.238.49.129A (IP address)IN (0x0001)false
              Mar 21, 2025 14:33:33.371074915 CET1.1.1.1192.168.2.100xea5eNo error (0)d2zgzy9au3frt5.cloudfront.net18.238.49.59A (IP address)IN (0x0001)false
              • gateway.btfs.io
                • finder.btfs.io
              • c.pki.goog
              Session IDSource IPSource PortDestination IPDestination Port
              0192.168.2.1049699142.250.80.9980
              TimestampBytes transferredDirectionData
              Mar 21, 2025 14:33:39.889163017 CET202OUTGET /r/gsr1.crl HTTP/1.1
              Cache-Control: max-age = 3000
              Connection: Keep-Alive
              Accept: */*
              If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
              User-Agent: Microsoft-CryptoAPI/10.0
              Host: c.pki.goog
              Mar 21, 2025 14:33:39.987291098 CET223INHTTP/1.1 304 Not Modified
              Date: Fri, 21 Mar 2025 13:03:27 GMT
              Expires: Fri, 21 Mar 2025 13:53:27 GMT
              Age: 1812
              Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
              Cache-Control: public, max-age=3000
              Vary: Accept-Encoding
              Mar 21, 2025 14:33:39.993973017 CET200OUTGET /r/r4.crl HTTP/1.1
              Cache-Control: max-age = 3000
              Connection: Keep-Alive
              Accept: */*
              If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
              User-Agent: Microsoft-CryptoAPI/10.0
              Host: c.pki.goog
              Mar 21, 2025 14:33:40.086534977 CET223INHTTP/1.1 304 Not Modified
              Date: Fri, 21 Mar 2025 13:03:30 GMT
              Expires: Fri, 21 Mar 2025 13:53:30 GMT
              Age: 1810
              Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
              Cache-Control: public, max-age=3000
              Vary: Accept-Encoding


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.104969013.250.202.1864431632C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-03-21 13:33:32 UTC720OUTGET /btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6 HTTP/1.1
              Host: gateway.btfs.io
              Connection: keep-alive
              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
              sec-ch-ua-mobile: ?0
              sec-ch-ua-platform: "Windows"
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: navigate
              Sec-Fetch-User: ?1
              Sec-Fetch-Dest: document
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-03-21 13:33:32 UTC179INHTTP/1.1 400 Bad Request
              Date: Fri, 21 Mar 2025 13:33:32 GMT
              Content-Type: text/plain; charset=utf-8
              Content-Length: 135
              Connection: close
              X-Content-Type-Options: nosniff
              2025-03-21 13:33:32 UTC135INData Raw: 69 6e 76 61 6c 69 64 20 62 74 66 73 20 70 61 74 68 3a 20 69 6e 76 61 6c 69 64 20 70 61 74 68 20 22 2f 62 74 66 73 2f 51 6d 62 7a 6d 65 37 69 58 38 64 33 52 53 37 73 51 6b 79 76 44 77 77 73 4c 36 7a 32 4b 42 37 38 38 68 55 72 3d 20 36 46 38 43 51 41 4a 72 42 36 22 3a 20 69 6e 76 61 6c 69 64 20 43 49 44 3a 20 73 65 6c 65 63 74 65 64 20 65 6e 63 6f 64 69 6e 67 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 0a
              Data Ascii: invalid btfs path: invalid path "/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr= 6F8CQAJrB6": invalid CID: selected encoding not supported


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.104968913.250.202.1864431632C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-03-21 13:33:32 UTC648OUTGET /favicon.ico HTTP/1.1
              Host: gateway.btfs.io
              Connection: keep-alive
              sec-ch-ua-platform: "Windows"
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
              sec-ch-ua-mobile: ?0
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Sec-Fetch-Site: same-origin
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: image
              Referer: https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-03-21 13:33:33 UTC206INHTTP/1.1 301 Moved Permanently
              Server: awselb/2.0
              Date: Fri, 21 Mar 2025 13:33:33 GMT
              Content-Type: text/html
              Content-Length: 134
              Connection: close
              Location: https://finder.btfs.io:443/favicon.ico
              2025-03-21 13:33:33 UTC134INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.104969218.238.49.1104431632C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-03-21 13:33:33 UTC590OUTGET /favicon.ico HTTP/1.1
              Host: finder.btfs.io
              Connection: keep-alive
              sec-ch-ua-platform: "Windows"
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
              sec-ch-ua-mobile: ?0
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Sec-Fetch-Site: same-site
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: image
              Referer: https://gateway.btfs.io/
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-03-21 13:33:33 UTC357INHTTP/1.1 403 Forbidden
              Content-Type: application/xml
              Transfer-Encoding: chunked
              Connection: close
              Server: AmazonS3
              Date: Fri, 21 Mar 2025 13:33:32 GMT
              X-Cache: Error from cloudfront
              Via: 1.1 876bec0443fc8f764d98d36e203f84e0.cloudfront.net (CloudFront)
              X-Amz-Cf-Pop: JFK52-P3
              X-Amz-Cf-Id: uKXbsCzDo75Y2DJEmKhO9WtLhFRA2FoIk_j0DkFRJS8ylHf-hp2BZw==
              2025-03-21 13:33:33 UTC117INData Raw: 36 66 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e 0d 0a
              Data Ascii: 6f<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>
              2025-03-21 13:33:33 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              020406080s020406080100

              Click to jump to process

              020406080s0.0050100MB

              Click to jump to process

              Target ID:1
              Start time:09:33:20
              Start date:21/03/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff7ea9f0000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:2
              Start time:09:33:24
              Start date:21/03/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2192,i,5519731064174341387,10171050664537622976,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2220 /prefetch:3
              Imagebase:0x7ff7ea9f0000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:6
              Start time:09:33:30
              Start date:21/03/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6#adres@example.com"
              Imagebase:0x7ff7ea9f0000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              No disassembly