Edit tour

Windows Analysis Report
https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe

Overview

General Information

Sample URL:	https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe
Analysis ID:	1521125
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3664 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2228,i,2634174614011090117,12737702450936448669,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_72	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe	LLM: Score: 9 Reasons: The brand 'Norton' is well-known and associated with cybersecurity products., The legitimate domain for Norton is 'norton.com'., The provided URL 'ipfs.io' does not match the legitimate domain for Norton., The URL 'ipfs.io' is a generic domain and not specifically associated with Norton., The presence of input fields for 'Email Address' and 'Email Password' on a non-legitimate domain is highly suspicious and indicative of phishing. DOM: 0.1.pages.csv
Source: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe	LLM: Score: 9 Reasons: The brand 'Norton' is well-known and associated with cybersecurity products., The legitimate domain for Norton is 'norton.com'., The URL 'ipfs.io' does not match the legitimate domain for Norton., The URL 'ipfs.io' is a generic domain and not directly associated with Norton., The presence of input fields for 'Email Address' and 'Email Password' on a non-legitimate domain is highly suspicious and indicative of phishing. DOM: 0.2.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_72, type: DROPPED

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

Source: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe

HTTP Parser: Gateway: ipfs.io

Source: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe

HTTP Parser: Number of links: 0

Source: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe

HTTP Parser: Title: does not match URL

Source: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe

HTTP Parser: <input type="password" .../> found

Source: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe	HTTP Parser: No <meta name="author".. found
Source: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe	HTTP Parser: No <meta name="author".. found

Source: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe	HTTP Parser: No <meta name="copyright".. found
Source: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49730 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49724 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49730 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: ipfs.io
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: alphatrade-options.com

Source: chromecache_72.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Source: chromecache_72.2.dr	String found in binary or memory: https://alphatrade-options.com/git/rand/favicon.png
Source: chromecache_72.2.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/26-269507_arbys-logo-transpar
Source: chromecache_72.2.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=
Source: chromecache_72.2.dr	String found in binary or memory: https://webhook.site/da7cffb2-0fe4-45e6-857a-c2d4218db1ca
Source: chromecache_72.2.dr	String found in binary or memory: https://www.google.com/s2/favicons?domain=

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49724 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@16/19@9/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2228,i,2634174614011090117,12737702450936448669,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2228,i,2634174614011090117,12737702450936448669,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: continue
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: continue

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
www.google.com	142.250.186.36	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
ipfs.io	209.94.90.1	true	true	unknown
alphatrade-options.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://www.google.com/s2/favicons?domain=	chromecache_72.2.dr	false	unknown
https://alphatrade-options.com/git/rand/favicon.png	chromecache_72.2.dr	false	unknown
https://webhook.site/da7cffb2-0fe4-45e6-857a-c2d4218db1ca	chromecache_72.2.dr	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
209.94.90.1	ipfs.io	United States	40680	PROTOCOLUS	true

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521125
Start date and time:	2024-09-28 04:40:50 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@16/19@9/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.206, 172.217.16.195, 66.102.1.84, 34.104.35.123, 142.250.186.74, 216.58.206.74, 172.217.23.106, 216.58.206.42, 216.58.212.170, 172.217.16.138, 142.250.74.202, 142.250.185.74, 142.250.186.170, 172.217.18.106, 172.217.16.202, 142.250.186.42, 172.217.18.10, 142.250.181.234, 142.250.186.138, 142.250.186.106, 142.250.185.138, 142.250.185.106, 142.250.185.170, 142.250.184.234, 142.250.184.202, 142.250.185.234, 142.250.185.202, 216.58.212.138, 20.114.59.183, 199.232.214.172, 192.229.221.95, 13.85.23.206, 40.69.42.241, 142.250.186.131, 2.16.100.168, 88.221.110.91
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ajax.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, firebasestorage.googleapis.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe Model: jbxai	{ "brand":["Norton", "VeriSign"], "contains_trigger_text":true, "trigger_text":"Continue", "prominent_button_name":"Continue", "text_input_field_labels":["Email Address", "Email Password"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe Model: jbxai	{ "phishing_score":9, "brands":"Norton", "legit_domain":"norton.com", "classification":"wellknown", "reasons":["The brand 'Norton' is well-known and associated with cybersecurity products.", "The legitimate domain for Norton is 'norton.com'.", "The provided URL 'ipfs.io' does not match the legitimate domain for Norton.", "The URL 'ipfs.io' is a generic domain and not specifically associated with Norton.", "The presence of input fields for 'Email Address' and 'Email Password' on a non-legitimate domain is highly suspicious and indicative of phishing."], "brand_matches":[false], "url_match":false, "brand_input":"Norton", "input_fields":"Email Address, Email Password"}

URL: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe Model: jbxai	{ "brand":["Norton Secured powered by VeriSign"], "contains_trigger_text":false, "trigger_text":"unknown", "prominent_button_name":"Continue", "text_input_field_labels":["Email Address", "Email Password"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe Model: jbxai	{ "phishing_score":9, "brands":"Norton Secured powered by VeriSign", "legit_domain":"norton.com", "classification":"wellknown", "reasons":["The brand 'Norton' is well-known and associated with cybersecurity products.", "The legitimate domain for Norton is 'norton.com'.", "The URL 'ipfs.io' does not match the legitimate domain for Norton.", "The URL 'ipfs.io' is a generic domain and not directly associated with Norton.", "The presence of input fields for 'Email Address' and 'Email Password' on a non-legitimate domain is highly suspicious and indicative of phishing."], "brand_matches":[false], "url_match":false, "brand_input":"Norton Secured powered by VeriSign", "input_fields":"Email Address, Email Password"}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 01:41:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9778443424349277
Encrypted:	false
SSDEEP:	48:8LdQTUgEHridAKZdA19ehwiZUklqehwy+3:8uvwLy
MD5:	BD26079F7C47BB16C40E4D9AAAF3439D
SHA1:	36F6CA30AC840CCEBCA532D58398CED775F868D5
SHA-256:	7F5BEF92290A4C9700A982C105DF1CB3E023F0E1103A276977249E681EA79DB2
SHA-512:	144D36A71E31F0DDF9DB7A8A60D325535191C7139064E9108D4B91D69B6B9526D032ED2575479361B4657AEDA6A6E60D8B756E73C2549305C3A96BA5E1938AF3
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....c..O...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y5.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Y5.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Y5.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Y5............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<Y7............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s.m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 01:41:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.993741700878807
Encrypted:	false
SSDEEP:	48:8tdQTUgEHridAKZdA1weh/iZUkAQkqeh7y+2:8wvK9QSy
MD5:	E32BCE3C3B5946DEA5C4A9CA8E4A37D1
SHA1:	639D30CD8D8FC67456F91C77C7CA6E067D8D597B
SHA-256:	6E6BFD93B9697998CED83F12AA7A3B00EBCAC07F78E89FF2E653AB356C5B555B
SHA-512:	AD57BACB5CB35CD69F4C787794D45E74C8BCA4C9834AFE71B0467B879F88C93127D26534FBD58FD74AC5F506D020FB1F2541F5B77F4C4852CF68A648003F9289
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........O...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y5.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Y5.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Y5.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Y5............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<Y7............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s.m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0053922956270185
Encrypted:	false
SSDEEP:	48:8xBdQTUgsHridAKZdA14tseh7sFiZUkmgqeh7sly+BX:8x8vqnXy
MD5:	545C7E131EDEC74914986A9020E8F2CE
SHA1:	77860A4AF07905BAAF450E956191142BB1201F58
SHA-256:	62C96B56BA8ECEBF0BF485E974ED10F437D7676DBD4B68D054B0FECEDA3F4E02
SHA-512:	21432884DB81C648385402790A5129739671DED54CD29A3DB82D0EC12705806A8CF3F2727316679B5E7F45C363713C52171F27EDB488455E9574F8E9B4070AF5
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y5.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Y5.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Y5.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Y5............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s.m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 01:41:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9906166857210095
Encrypted:	false
SSDEEP:	48:8KVdQTUgEHridAKZdA1vehDiZUkwqehPy+R:8FvRdy
MD5:	B516E70A2C6073D0F6C0C779EF9DD454
SHA1:	66793224E8F58E44411ED6E163C6CEFD3F7467E0
SHA-256:	CF797B5091F564B10971586B36D9C51173EA71582C4581EEE7037C523F5136C4
SHA-512:	EB38641019C2F4D9923B2E7EF599BB0CE4970ECDFEF3833DFB6AA0405AA367DBB95346308D4D6B21C443440D21F95A3554A5876EB39696A8D39AEDB373A58E48
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....i..O...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y5.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Y5.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Y5.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Y5............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<Y7............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s.m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 01:41:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9807688906886827
Encrypted:	false
SSDEEP:	48:8+dQTUgEHridAKZdA1hehBiZUk1W1qehRy+C:8Jvx9xy
MD5:	BC1F8F86D002D01111447D5621137312
SHA1:	93F62BB4143EBCD661309E0C1A57CC16F61E5387
SHA-256:	539BF57DA78EAF7F0816F29D6E07280327AB8FE0874C6F1A5FA2A11937EE481C
SHA-512:	5A190E6D4E5278DFD7EEE9AC6EAFD7C32406F273BB50A4B7FC7382B619601F2E426745E9B2AAEC93EABEE5142A0526056841B6696AF4D243E9356DBF978D9B3C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....y...O...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y5.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Y5.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Y5.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Y5............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<Y7............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s.m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 01:41:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9898042241777683
Encrypted:	false
SSDEEP:	48:87dQTUgEHridAKZdA1duT+ehOuTbbiZUk5OjqehOuTbXy+yT+:8evtT/TbxWOvTbXy7T
MD5:	D6CF4E3C4468E410BD98E115FB53932B
SHA1:	06175CD1123CE0E838A4BFCFC3708098CCB8BD11
SHA-256:	7643CC4BDE129541368FEC01EA28F0FDFD576170AD64CC06D27372CDCD92E350
SHA-512:	9C24CF8BBC9818F2C07B7F1CEDFEF7C0B78E29799D12190267AD1AF058891EB4316DC92E7F5493A4795A214282131C5DEF08DD3FA988E9EC501AB81717F95CC1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....-...O...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y5.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Y5.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Y5.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Y5............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<Y7............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s.m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	64
Entropy (8bit):	4.6448585007312415
Encrypted:	false
SSDEEP:	3:vXVCZWBAKjT1MKfkcy9J+WrY:PVCZ4B7WM
MD5:	0561199C318C6C263423CEDA83A72238
SHA1:	41E546AA1137EC9ECFA61BB4056EB5F3D605936F
SHA-256:	2936588BF9A9235167A9050BFC73EB586442C76262F648FBE24EC8EFFBC2E068
SHA-512:	868D6377104BC111D2E1BCE6E3B00925C53B33FEA1446EF42450B6C62CD05589F73761F6BE3911799E15D0DFA6B6C4D076FFD83468CDE6E18E55F0255FC67702
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwnafXqpG7OCbBIFDbq_44ASBQ1MSZGY?alt=proto
Preview:	CiwKCw26v+OAGgQIVhgCCh0NTEmRmBoECEsYAioQCApSDAoCQCEQARj/////Dw==

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 860 x 460, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	56109
Entropy (8bit):	7.973537367126651
Encrypted:	false
SSDEEP:	768:K2IH1Jqp3G6W3cZZq0PtaJg01kv+HnSKDS+Mj4wjRHQV2w/BCnhdKGNqvzgkH0O1:ArqpXH3RlCgLFjj4mRHs2w0n6IstzQq
MD5:	CE793AC1E75B3F60908CC6E3D63379E5
SHA1:	3BF1BAD607D899BB91DECB1BB0B32A0D82C233A8
SHA-256:	42171D76548498998DA88F032ABA50A028B9481FD7004A9A3B5D3B8D98FE48A2
SHA-512:	025C6474A68618D59ABD019B1821C5ACBDA6958FF7FC9D97DBBECA02C0BCBE2C5329603AE61EC89B00DBA1F09525F76D04B54BC6D9B5B8D230609282E78CC1FC
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...\.................IDATx....T..........vE....(..."..{..z.M.J...^ ..T. $@..........L..g.=s.p}<G!..u].i....#!..B.!..b>..@.!..B.!..B.!..B..p.B.!..B..p.B.!..B....B.!..B(\..B.!..B(\..B.!..B."..B.!....!..B.!....!..B.!.P..!..B.!..E.!..B.!..E.!..B.!..B.!..B..p.B.!..B..p.B.!..B....B.!..B(\..B.!..B(\..B.!..B."..B.!....!..B.!....!..B.!.P..!..B.!..E.!..B.!..E.!..B.!..B.!..B..p.B.!..B..p.B.!..B....B.!..B(\..B.!..B(\..B.!..B."..B.!....!..B.!....!..B.!.P..!..B.!..E.!..B.!..E.!..B.!..B.!..B..p.B.!..B..p.B4.U./.%.M.M.G..x..!..B.".....Z).C..$..H...<^..B..p.B....B.!..E..p.B.!.P..!....!..B(\..B."..B..p.B(\..B.!..B....E.!....!.P..!..B(\....!..B.....Trrrd.M2w.&....q..l.[..U...J.!....!....$...w....d....y.U..B.!..E.!u....o..k.7..5kx..!..B."....!..B....B."..B..p.B(\..B.!.P..!..E.!..B.".P..!..B(\.......B.!..BH......W\...QQ.s....{.7..k.UQ.$.@U...!..B(\..gSYY)K.,i62.....+.....>w.Jy...&...D..\..!..B....B.p.B.!.P..!..B.!....!..E."..B....B.p.B.!.P..!..B.!....!..E."..B....B.p.B.!.P

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	492
Entropy (8bit):	7.443140866786406
Encrypted:	false
SSDEEP:	12:6v/7w9xBoc7dfbmXwR54uPABdsBCRGE03H76f79ysL5w:t9/1dfbV5pIssN03H7kpyW5w
MD5:	3CA64F83FDCF25135D87E08AF65E68C9
SHA1:	B82D0979D555BD137B33C15021129E06CBEEA59A
SHA-256:	2E30FF33270FD8687B0EB4D12652BFD967F23975F158BF8DA93BECE2BA4AB947
SHA-512:	7675A8C4E6146E62DDA019340EF95E477AA3D14364B5A773114EA1110C38233F5D8D9B08F6C83BF7664B33695AAC7254B25D727A15EA6A9DED2EC9D1EA07DC0E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................a....IDATx.b...?E........;C..i[PI....>......(.1.c..b...d..m.m';]...W{...S......+..'.}..X........~...N..1...E...S1E..O.PX\..C...o]<.........[.T..d.Rm..u.n.....<........:...#.P..c.*2....g.....!...>v.:...#...J..d.xx."..x._=....k...!.!!;@.....+.{`..+.....gk.....@N..-@.X.q......K...'..@@)...........&.w.......%..<&.N.._x.G`c..F%L.eC.80H`L...#Z..F....e.......L.H...L.&a..5.0..V4N..m..........$.......(..b{....8a.L.a.BM....0.....IEND.B`.

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 860 x 460, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	56109
Entropy (8bit):	7.973537367126651
Encrypted:	false
SSDEEP:	768:K2IH1Jqp3G6W3cZZq0PtaJg01kv+HnSKDS+Mj4wjRHQV2w/BCnhdKGNqvzgkH0O1:ArqpXH3RlCgLFjj4mRHs2w0n6IstzQq
MD5:	CE793AC1E75B3F60908CC6E3D63379E5
SHA1:	3BF1BAD607D899BB91DECB1BB0B32A0D82C233A8
SHA-256:	42171D76548498998DA88F032ABA50A028B9481FD7004A9A3B5D3B8D98FE48A2
SHA-512:	025C6474A68618D59ABD019B1821C5ACBDA6958FF7FC9D97DBBECA02C0BCBE2C5329603AE61EC89B00DBA1F09525F76D04B54BC6D9B5B8D230609282E78CC1FC
Malicious:	false
Reputation:	low
URL:	https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png?alt=media&token=270a0942-12e5-423b-8855-04615084dca8
Preview:	.PNG........IHDR...\.................IDATx....T..........vE....(..."..{..z.M.J...^ ..T. $@..........L..g.=s.p}<G!..u].i....#!..B.!..b>..@.!..B.!..B.!..B..p.B.!..B..p.B.!..B....B.!..B(\..B.!..B(\..B.!..B."..B.!....!..B.!....!..B.!.P..!..B.!..E.!..B.!..E.!..B.!..B.!..B..p.B.!..B..p.B.!..B....B.!..B(\..B.!..B(\..B.!..B."..B.!....!..B.!....!..B.!.P..!..B.!..E.!..B.!..E.!..B.!..B.!..B..p.B.!..B..p.B.!..B....B.!..B(\..B.!..B(\..B.!..B."..B.!....!..B.!....!..B.!.P..!..B.!..E.!..B.!..E.!..B.!..B.!..B..p.B.!..B..p.B4.U./.%.M.M.G..x..!..B.".....Z).C..$..H...<^..B..p.B....B.!..E..p.B.!.P..!....!..B(\..B."..B..p.B(\..B.!..B....E.!....!.P..!..B(\....!..B.....Trrrd.M2w.&....q..l.[..U...J.!....!....$...w....d....y.U..B.!..E.!u....o..k.7..5kx..!..B."....!..B....B."..B..p.B(\..B.!.P..!..E.!..B.".P..!..B(\.......B.!..BH......W\...QQ.s....{.7..k.UQ.$.@U...!..B(\..gSYY)K.,i62.....+.....>w.Jy...&...D..\..!..B....B.p.B.!.P..!..B.!....!..E."..B....B.p.B.!.P..!..B.!....!..E."..B....B.p.B.!.P

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	492
Entropy (8bit):	7.443140866786406
Encrypted:	false
SSDEEP:	12:6v/7w9xBoc7dfbmXwR54uPABdsBCRGE03H76f79ysL5w:t9/1dfbV5pIssN03H7kpyW5w
MD5:	3CA64F83FDCF25135D87E08AF65E68C9
SHA1:	B82D0979D555BD137B33C15021129E06CBEEA59A
SHA-256:	2E30FF33270FD8687B0EB4D12652BFD967F23975F158BF8DA93BECE2BA4AB947
SHA-512:	7675A8C4E6146E62DDA019340EF95E477AA3D14364B5A773114EA1110C38233F5D8D9B08F6C83BF7664B33695AAC7254B25D727A15EA6A9DED2EC9D1EA07DC0E
Malicious:	false
Reputation:	low
URL:	https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3
Preview:	.PNG........IHDR................a....IDATx.b...?E........;C..i[PI....>......(.1.c..b...d..m.m';]...W{...S......+..'.}..X........~...N..1...E...S1E..O.PX\..C...o]<.........[.T..d.Rm..u.n.....<........:...#.P..c.*2....g.....!...>v.:...#...J..d.xx."..x._=....k...!.!!;@.....+.{`..+.....gk.....@N..-@.X.q......K...'..@@)...........&.w.......%..<&.N.._x.G`c..F%L.eC.80H`L...#Z..F....e.......L.H...L.&a..5.0..V4N..m..........$.......(..b{....8a.L.a.BM....0.....IEND.B`.

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1705), with CRLF line terminators
Category:	downloaded
Size (bytes):	55398
Entropy (8bit):	5.480666993026314
Encrypted:	false
SSDEEP:	384:CVfMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnq:CjJBaAR
MD5:	4C6707F6BECB5FAB0B09B5CE91739374
SHA1:	5AF867D752961977594C2D3848C72F3AC4EC9D81
SHA-256:	309DEFFDF8A4F0720CC1CCB25BFB9A7B0A2BFF4E41E1CFB63EC4CAF652B7A709
SHA-512:	58C238B321B04DA68A343D1A54C4588E4617B6C7029B5C7C441A39D68FA1A48348F303A8F8250E619BEF3FA555E4CC0AF53FA82F0B367F9B37C873B45DBBF67F
Malicious:	false
Reputation:	low
URL:	https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<html>..<head>.. lJfw87er........,Shop in bo..Hi Yin..E-mail......Explore your weekly savings..Warm up with great deals on your faves.....Shop deals ..Discover today's top deals..See all..Image of Dyson V11. Advanced Stick.....Dyson V11. Advanced Stick.....AU $788.00....AU $1,199.00 . AU $411.00 OFF....Direct from Dyson Direct from Dyson....Image of AZDOME 4K Dash Cam UHD.....AZDOME 4K Dash Cam UHD.....AU $55.99....AU $71.99 . 22% OFF....Image of Perfect Choice Red Mixed Wines.....Perfect Choice Red Mixed Wines.....AU $65.00....AU $230.00 . AU $165.00 OFF....Image of EVERAU. Women Men Slippers.....EVERAU. Women Men Slippers.....AU $54.00....AU $99.95 . 46% OFF....Image of ALFORDSON Greenhouse Aluminium.....ALFORDSON Greenhouse Aluminium.....AU $199.95....AU $1,199.75 . AU $999.80 OFF....Image of BLACK LORD Kettlebell Set 20kg.....BLACK LORD Kettlebell Set 20kg.....A

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 04:41:37.314471960 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:41:37.314481020 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:41:37.439521074 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:41:46.920670986 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:41:46.961123943 CEST	49709	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:46.961164951 CEST	443	49709	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:46.961246967 CEST	49709	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:46.961481094 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:46.961493015 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:46.961546898 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:46.961889982 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:46.961905003 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:46.962074041 CEST	49709	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:46.962084055 CEST	443	49709	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.094260931 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:41:47.110266924 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:41:47.434587002 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.435007095 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.435028076 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.436086893 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.436192989 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.441276073 CEST	443	49709	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.441637993 CEST	49709	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.441654921 CEST	443	49709	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.443430901 CEST	443	49709	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.443506956 CEST	49709	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.449368000 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.449469090 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.449609041 CEST	49709	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.449711084 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.449726105 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.449742079 CEST	443	49709	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.497543097 CEST	49711	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:41:47.497590065 CEST	443	49711	142.250.186.36	192.168.2.5
Sep 28, 2024 04:41:47.497664928 CEST	49711	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:41:47.497893095 CEST	49711	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:41:47.497908115 CEST	443	49711	142.250.186.36	192.168.2.5
Sep 28, 2024 04:41:47.504084110 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.577970028 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.578022003 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.578051090 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.578083992 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.578119993 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.578145027 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.578155994 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.578161001 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.578167915 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.578201056 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.578788996 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.578845978 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.578855991 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.578888893 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.578928947 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.578936100 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.582798958 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.582873106 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.582884073 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.595419884 CEST	49709	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.595434904 CEST	443	49709	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.625833035 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.641890049 CEST	49709	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.666444063 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.666507006 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.666558027 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.666577101 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.666654110 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.666680098 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.666706085 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.666713953 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.666773081 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.666965008 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.667047977 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.667084932 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.667092085 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.667562962 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.667607069 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.667613983 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.667666912 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.667710066 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.667717934 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.667886019 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.667915106 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.667936087 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.667942047 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.667984009 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.668430090 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.668520927 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.668570042 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.668577909 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.668899059 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.668932915 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.668941021 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.668948889 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.668981075 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.668987036 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.718952894 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.718971014 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.755006075 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.755064011 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.755067110 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.755086899 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.755125046 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.755126953 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.755140066 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.755191088 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.755198002 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.755289078 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:47.755337000 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.755788088 CEST	49710	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:41:47.755803108 CEST	443	49710	209.94.90.1	192.168.2.5
Sep 28, 2024 04:41:48.144575119 CEST	443	49711	142.250.186.36	192.168.2.5
Sep 28, 2024 04:41:48.195960045 CEST	49711	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:41:48.239762068 CEST	49711	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:41:48.239818096 CEST	443	49711	142.250.186.36	192.168.2.5
Sep 28, 2024 04:41:48.241097927 CEST	443	49711	142.250.186.36	192.168.2.5
Sep 28, 2024 04:41:48.241266012 CEST	49711	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:41:48.326937914 CEST	49711	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:41:48.327333927 CEST	443	49711	142.250.186.36	192.168.2.5
Sep 28, 2024 04:41:48.381268024 CEST	49711	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:41:48.381284952 CEST	443	49711	142.250.186.36	192.168.2.5
Sep 28, 2024 04:41:48.428452015 CEST	49711	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:41:48.685539007 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 28, 2024 04:41:48.685689926 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:41:51.146591902 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:51.146632910 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:51.146722078 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:51.150289059 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:51.150304079 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:51.820461035 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:51.820518970 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:51.826349020 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:51.826359034 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:51.826718092 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:51.873262882 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:51.901201010 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:51.947407007 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:52.099517107 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:52.099566936 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:52.099610090 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:52.099718094 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:52.099726915 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:52.099735975 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:52.099740982 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:52.127825975 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:52.127861977 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:52.127931118 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:52.128232956 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:52.128246069 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:52.782717943 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:52.782874107 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:52.784792900 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:52.784806013 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:52.785150051 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:52.786858082 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:52.831398964 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:53.062392950 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:53.062462091 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:53.062572956 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:53.277298927 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:53.277298927 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 28, 2024 04:41:53.277345896 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:53.277359962 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 28, 2024 04:41:58.061336040 CEST	443	49711	142.250.186.36	192.168.2.5
Sep 28, 2024 04:41:58.061499119 CEST	443	49711	142.250.186.36	192.168.2.5
Sep 28, 2024 04:41:58.061559916 CEST	49711	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:41:58.089481115 CEST	49711	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:41:58.089504004 CEST	443	49711	142.250.186.36	192.168.2.5
Sep 28, 2024 04:41:59.469888926 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:41:59.470241070 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:41:59.471106052 CEST	49730	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:41:59.471157074 CEST	443	49730	23.1.237.91	192.168.2.5
Sep 28, 2024 04:41:59.471354961 CEST	49730	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:41:59.471980095 CEST	49730	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:41:59.471995115 CEST	443	49730	23.1.237.91	192.168.2.5
Sep 28, 2024 04:41:59.474649906 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 28, 2024 04:41:59.474992990 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 28, 2024 04:42:00.057957888 CEST	443	49730	23.1.237.91	192.168.2.5
Sep 28, 2024 04:42:00.058047056 CEST	49730	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:42:02.336004972 CEST	443	49709	209.94.90.1	192.168.2.5
Sep 28, 2024 04:42:02.336090088 CEST	443	49709	209.94.90.1	192.168.2.5
Sep 28, 2024 04:42:02.336169958 CEST	49709	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:42:03.515826941 CEST	49709	443	192.168.2.5	209.94.90.1
Sep 28, 2024 04:42:03.515867949 CEST	443	49709	209.94.90.1	192.168.2.5
Sep 28, 2024 04:42:19.216444016 CEST	443	49730	23.1.237.91	192.168.2.5
Sep 28, 2024 04:42:19.216532946 CEST	49730	443	192.168.2.5	23.1.237.91
Sep 28, 2024 04:42:47.554724932 CEST	49735	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:42:47.554771900 CEST	443	49735	142.250.186.36	192.168.2.5
Sep 28, 2024 04:42:47.554831982 CEST	49735	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:42:47.555151939 CEST	49735	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:42:47.555165052 CEST	443	49735	142.250.186.36	192.168.2.5
Sep 28, 2024 04:42:48.206908941 CEST	443	49735	142.250.186.36	192.168.2.5
Sep 28, 2024 04:42:48.207341909 CEST	49735	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:42:48.207413912 CEST	443	49735	142.250.186.36	192.168.2.5
Sep 28, 2024 04:42:48.208538055 CEST	443	49735	142.250.186.36	192.168.2.5
Sep 28, 2024 04:42:48.209218025 CEST	49735	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:42:48.209400892 CEST	443	49735	142.250.186.36	192.168.2.5
Sep 28, 2024 04:42:48.264492989 CEST	49735	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:42:58.108721972 CEST	443	49735	142.250.186.36	192.168.2.5
Sep 28, 2024 04:42:58.108820915 CEST	443	49735	142.250.186.36	192.168.2.5
Sep 28, 2024 04:42:58.108880997 CEST	49735	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:42:58.213593960 CEST	49735	443	192.168.2.5	142.250.186.36
Sep 28, 2024 04:42:58.213629961 CEST	443	49735	142.250.186.36	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 04:41:45.485141039 CEST	53	50604	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:45.485761881 CEST	53	49689	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:46.456820965 CEST	53	59600	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:46.946950912 CEST	56534	53	192.168.2.5	1.1.1.1
Sep 28, 2024 04:41:46.947160006 CEST	64070	53	192.168.2.5	1.1.1.1
Sep 28, 2024 04:41:46.953613043 CEST	53	56534	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:46.955768108 CEST	53	64070	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:47.490072012 CEST	50404	53	192.168.2.5	1.1.1.1
Sep 28, 2024 04:41:47.490222931 CEST	59287	53	192.168.2.5	1.1.1.1
Sep 28, 2024 04:41:47.496572018 CEST	53	50404	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:47.496665001 CEST	53	59287	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:47.679841042 CEST	53	57719	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:47.767441988 CEST	53	59934	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:49.254849911 CEST	53	65140	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:50.929034948 CEST	53	52992	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:50.967298985 CEST	56482	53	192.168.2.5	1.1.1.1
Sep 28, 2024 04:41:50.967786074 CEST	55216	53	192.168.2.5	1.1.1.1
Sep 28, 2024 04:41:51.163009882 CEST	53	55825	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:51.455542088 CEST	53	55216	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:51.494381905 CEST	53784	53	192.168.2.5	1.1.1.1
Sep 28, 2024 04:41:51.661890030 CEST	53	56482	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:51.662585020 CEST	55085	53	192.168.2.5	1.1.1.1
Sep 28, 2024 04:41:52.023134947 CEST	53	53784	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:52.165283918 CEST	53	55085	1.1.1.1	192.168.2.5
Sep 28, 2024 04:41:52.165971994 CEST	56934	53	192.168.2.5	1.1.1.1
Sep 28, 2024 04:41:52.172451973 CEST	53	56934	1.1.1.1	192.168.2.5
Sep 28, 2024 04:42:03.523538113 CEST	53	62401	1.1.1.1	192.168.2.5
Sep 28, 2024 04:42:22.562849045 CEST	53	57256	1.1.1.1	192.168.2.5
Sep 28, 2024 04:42:44.478760958 CEST	53	55765	1.1.1.1	192.168.2.5
Sep 28, 2024 04:42:45.803842068 CEST	53	52715	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 28, 2024 04:41:46.946950912 CEST	192.168.2.5	1.1.1.1	0xa14a	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:41:46.947160006 CEST	192.168.2.5	1.1.1.1	0x96b7	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Sep 28, 2024 04:41:47.490072012 CEST	192.168.2.5	1.1.1.1	0x7be1	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:41:47.490222931 CEST	192.168.2.5	1.1.1.1	0xcc97	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 28, 2024 04:41:50.967298985 CEST	192.168.2.5	1.1.1.1	0x156d	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:41:50.967786074 CEST	192.168.2.5	1.1.1.1	0xfd6f	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Sep 28, 2024 04:41:51.494381905 CEST	192.168.2.5	1.1.1.1	0x1aa9	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Sep 28, 2024 04:41:51.662585020 CEST	192.168.2.5	1.1.1.1	0x5588	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:41:52.165971994 CEST	192.168.2.5	1.1.1.1	0x7714	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 28, 2024 04:41:46.953613043 CEST	1.1.1.1	192.168.2.5	0xa14a	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:41:46.955768108 CEST	1.1.1.1	192.168.2.5	0x96b7	No error (0)	ipfs.io			65	IN (0x0001)	false
Sep 28, 2024 04:41:47.496572018 CEST	1.1.1.1	192.168.2.5	0x7be1	No error (0)	www.google.com		142.250.186.36	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:41:47.496665001 CEST	1.1.1.1	192.168.2.5	0xcc97	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 28, 2024 04:41:51.455542088 CEST	1.1.1.1	192.168.2.5	0xfd6f	Server failure (2)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Sep 28, 2024 04:41:51.661890030 CEST	1.1.1.1	192.168.2.5	0x156d	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:41:52.023134947 CEST	1.1.1.1	192.168.2.5	0x1aa9	Server failure (2)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Sep 28, 2024 04:41:52.165283918 CEST	1.1.1.1	192.168.2.5	0x5588	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:41:52.172451973 CEST	1.1.1.1	192.168.2.5	0x7714	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:41:58.133436918 CEST	1.1.1.1	192.168.2.5	0x4b86	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:41:58.133436918 CEST	1.1.1.1	192.168.2.5	0x4b86	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:41:58.838027954 CEST	1.1.1.1	192.168.2.5	0x719	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 04:41:58.838027954 CEST	1.1.1.1	192.168.2.5	0x719	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:42:12.678380013 CEST	1.1.1.1	192.168.2.5	0xfdc5	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 04:42:12.678380013 CEST	1.1.1.1	192.168.2.5	0xfdc5	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:42:37.747162104 CEST	1.1.1.1	192.168.2.5	0x8da1	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 04:42:37.747162104 CEST	1.1.1.1	192.168.2.5	0x8da1	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 04:42:57.507169008 CEST	1.1.1.1	192.168.2.5	0x898	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 04:42:57.507169008 CEST	1.1.1.1	192.168.2.5	0x898	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipfs.io

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	209.94.90.1	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 02:41:47 UTC	714	OUT	GET /ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe HTTP/1.1 Host: ipfs.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 02:41:47 UTC	1039	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 02:41:47 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close access-control-allow-headers: Content-Type access-control-allow-headers: Range access-control-allow-headers: User-Agent access-control-allow-headers: X-Requested-With access-control-allow-methods: GET access-control-allow-methods: HEAD access-control-allow-methods: OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Length access-control-expose-headers: Content-Range access-control-expose-headers: X-Chunked-Output access-control-expose-headers: X-Ipfs-Path access-control-expose-headers: X-Ipfs-Roots access-control-expose-headers: X-Stream-Output Cache-Control: public, max-age=29030400, immutable x-ipfs-path: /ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe x-ipfs-roots: bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe x-ipfs-pop: rainbow-ny5-02 CF-Cache-Status: HIT Age: 69660 Server: cloudflare CF-RAY: 8ca0605ffdbc72b9-EWR
2024-09-28 02:41:47 UTC	330	IN	Data Raw: 37 62 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 21 2d 2d 6c 4a 66 77 38 37 65 72 e6 95 ac e7 9a 84 e5 90 84 e8 a1 8c e6 a5 ad e4 be 9b e6 87 89 e5 95 86 2c 53 68 6f 70 20 69 6e 20 62 6f 0d 0a 48 69 20 59 69 6e 0d 0a 45 2d 6d 61 69 6c 0d 0a 0d 0a 0d 0a 45 78 70 6c 6f 72 65 20 79 6f 75 72 20 77 65 65 6b 6c 79 20 73 61 76 69 6e 67 73 0d 0a 57 61 72 6d 20 75 70 20 77 69 74 68 20 67 72 65 61 74 20 64 65 61 6c 73 20 6f 6e 20 79 6f 75 72 20 66 61 76 65 73 2e 0d 0a 0d 0a Data Ascii: 7b90<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head>...lJfw87er,Shop in boHi YinE-mailExplore your weekly savingsWarm up with great deals on your faves.
2024-09-28 02:41:47 UTC	1369	IN	Data Raw: 61 6e 63 65 64 20 53 74 69 63 6b 2e 2e 2e 0d 0a 44 79 73 6f 6e 20 56 31 31 e2 84 a2 20 41 64 76 61 6e 63 65 64 20 53 74 69 63 6b 2e 2e 2e 0d 0a 41 55 20 24 37 38 38 2e 30 30 0d 0a 0d 0a 41 55 20 24 31 2c 31 39 39 2e 30 30 20 c2 b7 20 41 55 20 24 34 31 31 2e 30 30 20 4f 46 46 0d 0a 0d 0a 44 69 72 65 63 74 20 66 72 6f 6d 20 44 79 73 6f 6e 20 44 69 72 65 63 74 20 66 72 6f 6d 20 44 79 73 6f 6e 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 41 5a 44 4f 4d 45 20 34 4b 20 44 61 73 68 20 43 61 6d 20 55 48 44 2e 2e 2e 0d 0a 41 5a 44 4f 4d 45 20 34 4b 20 44 61 73 68 20 43 61 6d 20 55 48 44 2e 2e 2e 0d 0a 41 55 20 24 35 35 2e 39 39 0d 0a 0d 0a 41 55 20 24 37 31 2e 39 39 20 c2 b7 20 32 32 25 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 50 65 72 66 65 63 74 20 43 68 6f Data Ascii: anced Stick...Dyson V11 Advanced Stick...AU $788.00AU $1,199.00 AU $411.00 OFFDirect from Dyson Direct from DysonImage of AZDOME 4K Dash Cam UHD...AZDOME 4K Dash Cam UHD...AU $55.99AU $71.99 22% OFFImage of Perfect Cho
2024-09-28 02:41:47 UTC	1369	IN	Data Raw: 33 39 39 2e 39 35 20 c2 b7 20 41 55 20 24 32 30 30 2e 39 35 20 4f 46 46 0d 0a 0d 0a 44 69 72 65 63 74 20 66 72 6f 6d 20 53 65 6e 6e 68 65 69 73 65 72 20 44 69 72 65 63 74 20 66 72 6f 6d 20 53 65 6e 6e 68 65 69 73 65 72 0d 0a 0d 0a 45 78 70 6c 6f 72 65 20 67 72 65 61 74 20 6f 66 66 65 72 73 20 66 72 6f 6d 20 74 6f 70 20 62 72 61 6e 64 73 0d 0a 48 6f 74 20 73 61 76 69 6e 67 73 20 61 63 72 6f 73 73 20 61 20 68 75 67 65 20 72 61 6e 67 65 20 6f 6e 20 70 72 6f 64 75 63 74 73 20 79 6f 75 20 6c 6f 76 65 2e 0d 0a 0d 0a 53 68 6f 70 20 6e 6f 77 20 0d 0a 53 61 6c 65 73 20 26 20 65 76 65 6e 74 73 0d 0a 65 42 61 79 20 4c 6f 67 6f 09 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 0d 0a 55 70 64 61 74 65 20 79 6f 75 72 20 65 6d 61 69 6c 20 70 Data Ascii: 399.95 AU $200.95 OFFDirect from Sennheiser Direct from SennheiserExplore great offers from top brandsHot savings across a huge range on products you love.Shop now Sales & eventseBay Logo Update your email p
2024-09-28 02:41:47 UTC	1369	IN	Data Raw: 44 53 4f 4e 20 41 64 69 72 6f 6e 64 61 63 6b 20 43 68 61 69 72 2e 2e 2e 0d 0a 41 4c 46 4f 52 44 53 4f 4e 20 41 64 69 72 6f 6e 64 61 63 6b 20 43 68 61 69 72 2e 2e 2e 0d 0a 41 55 20 24 31 31 39 2e 39 35 0d 0a 0d 0a 41 55 20 24 39 35 39 2e 39 35 20 c2 b7 20 41 55 20 24 38 34 30 2e 30 30 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 4f 69 6b 69 74 75 72 65 20 4b 69 74 63 68 65 6e 20 49 73 6c 61 6e 64 2e 2e 2e 0d 0a 4f 69 6b 69 74 75 72 65 20 4b 69 74 63 68 65 6e 20 49 73 6c 61 6e 64 2e 2e 2e 0d 0a 41 55 20 24 31 37 30 2e 30 30 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 42 65 64 72 61 20 45 6c 65 63 74 72 69 63 20 42 6c 61 6e 6b 65 74 20 46 75 6c 6c 79 2e 2e 2e 0d 0a 42 65 64 72 61 20 45 6c 65 63 74 72 69 63 20 42 6c 61 6e 6b 65 74 20 46 75 6c 6c 79 2e 2e 2e Data Ascii: DSON Adirondack Chair...ALFORDSON Adirondack Chair...AU $119.95AU $959.95 AU $840.00 OFFImage of Oikiture Kitchen Island...Oikiture Kitchen Island...AU $170.00Image of Bedra Electric Blanket Fully...Bedra Electric Blanket Fully...
2024-09-28 02:41:47 UTC	1369	IN	Data Raw: 65 63 74 20 66 72 6f 6d 20 44 79 73 6f 6e 20 44 69 72 65 63 74 20 66 72 6f 6d 20 44 79 73 6f 6e 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 41 5a 44 4f 4d 45 20 34 4b 20 44 61 73 68 20 43 61 6d 20 55 48 44 2e 2e 2e 0d 0a 41 5a 44 4f 4d 45 20 34 4b 20 44 61 73 68 20 43 61 6d 20 55 48 44 2e 2e 2e 0d 0a 41 55 20 24 35 35 2e 39 39 0d 0a 0d 0a 41 55 20 24 37 31 2e 39 39 20 c2 b7 20 32 32 25 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 50 65 72 66 65 63 74 20 43 68 6f 69 63 65 20 52 65 64 20 4d 69 78 65 64 20 57 69 6e 65 73 2e 2e 2e 0d 0a 50 65 72 66 65 63 74 20 43 68 6f 69 63 65 20 52 65 64 20 4d 69 78 65 64 20 57 69 6e 65 73 2e 2e 2e 0d 0a 41 55 20 24 36 35 2e 30 30 0d 0a 0d 0a 41 55 20 24 32 33 30 2e 30 30 20 c2 b7 20 41 55 20 24 31 36 35 2e 30 30 20 4f 46 Data Ascii: ect from Dyson Direct from DysonImage of AZDOME 4K Dash Cam UHD...AZDOME 4K Dash Cam UHD...AU $55.99AU $71.99 22% OFFImage of Perfect Choice Red Mixed Wines...Perfect Choice Red Mixed Wines...AU $65.00AU $230.00 AU $165.00 OF
2024-09-28 02:41:47 UTC	1369	IN	Data Raw: 72 6f 6d 20 74 6f 70 20 62 72 61 6e 64 73 0d 0a 48 6f 74 20 73 61 76 69 6e 67 73 20 61 63 72 6f 73 73 20 61 20 68 75 67 65 20 72 61 6e 67 65 20 6f 6e 20 70 72 6f 64 75 63 74 73 20 79 6f 75 20 6c 6f 76 65 2e 0d 0a 0d 0a 53 68 6f 70 20 6e 6f 77 20 0d 0a 53 61 6c 65 73 20 26 20 65 76 65 6e 74 73 0d 0a 65 42 61 79 20 4c 6f 67 6f 09 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 0d 0a 55 70 64 61 74 65 20 79 6f 75 72 20 65 6d 61 69 6c 20 70 72 65 66 65 72 65 6e 63 65 73 2c 20 75 6e 73 75 62 73 63 72 69 62 65 20 6f 72 20 6c 65 61 72 6e 20 61 62 6f 75 74 20 61 63 63 6f 75 6e 74 20 70 72 6f 74 65 63 74 69 6f 6e 2e 0d 0a 49 66 20 79 6f 75 20 68 61 76 65 20 61 20 71 75 65 73 74 69 6f 6e 2c 20 63 6f 6e 74 61 63 74 20 75 73 2e 20 65 42 61 Data Ascii: rom top brandsHot savings across a huge range on products you love.Shop now Sales & eventseBay Logo Update your email preferences, unsubscribe or learn about account protection.If you have a question, contact us. eBa
2024-09-28 02:41:47 UTC	1369	IN	Data Raw: 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 4f 69 6b 69 74 75 72 65 20 4b 69 74 63 68 65 6e 20 49 73 6c 61 6e 64 2e 2e 2e 0d 0a 4f 69 6b 69 74 75 72 65 20 4b 69 74 63 68 65 6e 20 49 73 6c 61 6e 64 2e 2e 2e 0d 0a 41 55 20 24 31 37 30 2e 30 30 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 42 65 64 72 61 20 45 6c 65 63 74 72 69 63 20 42 6c 61 6e 6b 65 74 20 46 75 6c 6c 79 2e 2e 2e 0d 0a 42 65 64 72 61 20 45 6c 65 63 74 72 69 63 20 42 6c 61 6e 6b 65 74 20 46 75 6c 6c 79 2e 2e 2e 0d 0a 41 55 20 24 36 33 2e 30 30 0d 0a 0d 0a 41 55 20 24 37 30 2e 39 30 20 c2 b7 20 31 31 25 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 42 6f 50 65 65 70 20 46 6f 6c 64 61 62 6c 65 20 4b 69 64 73 20 53 63 6f 6f 74 65 72 2e 2e 2e 0d 0a 42 6f 50 65 65 70 20 46 6f 6c 64 61 62 6c 65 20 4b 69 Data Ascii: Image of Oikiture Kitchen Island...Oikiture Kitchen Island...AU $170.00Image of Bedra Electric Blanket Fully...Bedra Electric Blanket Fully...AU $63.00AU $70.90 11% OFFImage of BoPeep Foldable Kids Scooter...BoPeep Foldable Ki
2024-09-28 02:41:47 UTC	1369	IN	Data Raw: 41 55 20 24 35 35 2e 39 39 0d 0a 0d 0a 41 55 20 24 37 31 2e 39 39 20 c2 b7 20 32 32 25 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 50 65 72 66 65 63 74 20 43 68 6f 69 63 65 20 52 65 64 20 4d 69 78 65 64 20 57 69 6e 65 73 2e 2e 2e 0d 0a 50 65 72 66 65 63 74 20 43 68 6f 69 63 65 20 52 65 64 20 4d 69 78 65 64 20 57 69 6e 65 73 2e 2e 2e 0d 0a 41 55 20 24 36 35 2e 30 30 0d 0a 0d 0a 41 55 20 24 32 33 30 2e 30 30 20 c2 b7 20 41 55 20 24 31 36 35 2e 30 30 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 45 56 45 52 41 55 c2 ae 20 57 6f 6d 65 6e 20 4d 65 6e 20 53 6c 69 70 70 65 72 73 2e 2e 2e 0d 0a 45 56 45 52 41 55 c2 ae 20 57 6f 6d 65 6e 20 4d 65 6e 20 53 6c 69 70 70 65 72 73 2e 2e 2e 0d 0a 41 55 20 24 35 34 2e 30 30 0d 0a 0d 0a 41 55 20 24 39 39 2e 39 Data Ascii: AU $55.99AU $71.99 22% OFFImage of Perfect Choice Red Mixed Wines...Perfect Choice Red Mixed Wines...AU $65.00AU $230.00 AU $165.00 OFFImage of EVERAU Women Men Slippers...EVERAU Women Men Slippers...AU $54.00AU $99.9
2024-09-28 02:41:47 UTC	1369	IN	Data Raw: 0a 65 42 61 79 20 4c 6f 67 6f 09 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 0d 0a 55 70 64 61 74 65 20 79 6f 75 72 20 65 6d 61 69 6c 20 70 72 65 66 65 72 65 6e 63 65 73 2c 20 75 6e 73 75 62 73 63 72 69 62 65 20 6f 72 20 6c 65 61 72 6e 20 61 62 6f 75 74 20 61 63 63 6f 75 6e 74 20 70 72 6f 74 65 63 74 69 6f 6e 2e 0d 0a 49 66 20 79 6f 75 20 68 61 76 65 20 61 20 71 75 65 73 74 69 6f 6e 2c 20 63 6f 6e 74 61 63 74 20 75 73 2e 20 65 42 61 79 20 4d e2 80 8c 61 72 6b 65 74 70 6c 61 63 65 73 20 47 e2 80 8c 6d 62 48 2c 20 48 e2 80 8c 65 6c 76 65 74 69 61 73 74 72 61 73 73 65 20 31 e2 80 8c 35 2f 31 37 2c 20 33 e2 80 8c 30 30 35 20 42 e2 80 8c 65 72 6e 2c 20 53 e2 80 8c 77 69 74 7a 65 72 6c 61 6e 64 20 c2 a9 20 31 39 39 35 2d 32 30 32 Data Ascii: eBay Logo Update your email preferences, unsubscribe or learn about account protection.If you have a question, contact us. eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland 1995-202
2024-09-28 02:41:47 UTC	1369	IN	Data Raw: 6c 65 63 74 72 69 63 20 42 6c 61 6e 6b 65 74 20 46 75 6c 6c 79 2e 2e 2e 0d 0a 42 65 64 72 61 20 45 6c 65 63 74 72 69 63 20 42 6c 61 6e 6b 65 74 20 46 75 6c 6c 79 2e 2e 2e 0d 0a 41 55 20 24 36 33 2e 30 30 0d 0a 0d 0a 41 55 20 24 37 30 2e 39 30 20 c2 b7 20 31 31 25 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 42 6f 50 65 65 70 20 46 6f 6c 64 61 62 6c 65 20 4b 69 64 73 20 53 63 6f 6f 74 65 72 2e 2e 2e 0d 0a 42 6f 50 65 65 70 20 46 6f 6c 64 61 62 6c 65 20 4b 69 64 73 20 53 63 6f 6f 74 65 72 2e 2e 2e 0d 0a 41 55 20 24 34 39 2e 39 39 0d 0a 0d 0a 41 55 20 24 31 30 37 2e 39 39 20 c2 b7 20 41 55 20 24 35 38 2e 30 30 20 4f 46 46 0d 0a 0d 0a 44 69 72 65 63 74 20 66 72 6f 6d 20 53 45 4c 4c 4f 20 44 69 72 65 63 74 20 66 72 6f 6d 20 53 45 4c 4c 4f 0d 0a 0d 0a 49 Data Ascii: lectric Blanket Fully...Bedra Electric Blanket Fully...AU $63.00AU $70.90 11% OFFImage of BoPeep Foldable Kids Scooter...BoPeep Foldable Kids Scooter...AU $49.99AU $107.99 AU $58.00 OFFDirect from SELLO Direct from SELLOI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49721	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 02:41:51 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 02:41:52 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=223391 Date: Sat, 28 Sep 2024 02:41:51 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49724	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 02:41:52 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 02:41:53 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=223420 Date: Sat, 28 Sep 2024 02:41:52 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-28 02:41:53 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 576, Parent PID: 5472

General

Target ID:	0
Start time:	22:41:40
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3664, Parent PID: 576

General

Target ID:	2
Start time:	22:41:41
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2228,i,2634174614011090117,12737702450936448669,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5632, Parent PID: 5472

General

Target ID:	3
Start time:	22:41:45
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

Windows Analysis Report
https://ipfs.io/ipfs/bafkreibqtxx736fe6bzazqomwjn7xgt3biv76tsb4hh3mpwezl3ffn5hbe