Edit tour

Windows Analysis Report
https://0_kid43983.inibara.eu/

Overview

General Information

Sample URL:	https://0_kid43983.inibara.eu/
Analysis ID:	1431077
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://0_kid43983.inibara.eu/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2008,i,17672308247299657137,1969579376477920447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://directlycoldnesscomponent.com/ec4fc9c1f0b8d2b72f7ca9031eea4499/invoke.js	Avira URL Cloud: Label: malware
Source: https://directlycoldnesscomponent.com/dcc70babb195d7f16e186a05029ee138/invoke.js	Avira URL Cloud: Label: malware
Source: https://directlycoldnesscomponent.com/b1/4e/be/b14ebe110d77a1dc726a741d86ac665b.js	Avira URL Cloud: Label: malware
Source: https://directlycoldnesscomponent.com/0c/5d/cb/0c5dcba9c70d7411b076ac515b88ebcf.js	Avira URL Cloud: Label: malware
Source: https://directlycoldnesscomponent.com/cb0abcbecf3789f13af8d655e46fefa7/invoke.js	Avira URL Cloud: Label: malware
Source: https://directlycoldnesscomponent.com/9bb1e723dfbb9b4b72f7e607ef03f101/invoke.js	Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: directlycoldnesscomponent.com

Virustotal: Detection: 10%

Perma Link

Source: https://0_kid43983.inibara.eu/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49723 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 0_kid43983.inibara.euConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery2.js HTTP/1.1Host: 0_kid43983.inibara.euConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0_kid43983.inibara.eu/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0c/5d/cb/0c5dcba9c70d7411b076ac515b88ebcf.js HTTP/1.1Host: directlycoldnesscomponent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0_kid43983.inibara.eu/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b1/4e/be/b14ebe110d77a1dc726a741d86ac665b.js HTTP/1.1Host: directlycoldnesscomponent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0_kid43983.inibara.eu/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hit;esgusi?t45.6;r;s1280102424;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422 HTTP/1.1Host: counter.yadro.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0_kid43983.inibara.eu/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dcc70babb195d7f16e186a05029ee138/invoke.js HTTP/1.1Host: directlycoldnesscomponent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0_kid43983.inibara.eu/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ec4fc9c1f0b8d2b72f7ca9031eea4499/invoke.js HTTP/1.1Host: directlycoldnesscomponent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0_kid43983.inibara.eu/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /9bb1e723dfbb9b4b72f7e607ef03f101/invoke.js HTTP/1.1Host: directlycoldnesscomponent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0_kid43983.inibara.eu/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cb0abcbecf3789f13af8d655e46fefa7/invoke.js HTTP/1.1Host: directlycoldnesscomponent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0_kid43983.inibara.eu/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hit;esgusi?q;t45.6;r;s1280102424;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422 HTTP/1.1Host: counter.yadro.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0_kid43983.inibara.eu/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FTID=1cAFum1sJaun1cAFum0014l6
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 0_kid43983.inibara.euConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0_kid43983.inibara.eu/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hit;esgusi?q;t45.6;r;s1280102424;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422 HTTP/1.1Host: counter.yadro.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FTID=1cAFum1sJaun1cAFum0014l6; VID=3V83mr1mQ8en1cAFun0014-J
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 0_kid43983.inibara.euConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sg1hOrhlExSgnoX&MD=xM3CFG7N HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sg1hOrhlExSgnoX&MD=xM3CFG7N HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: 0_kid43983.inibara.eu
Source: global traffic	DNS traffic detected: DNS query: directlycoldnesscomponent.com
Source: global traffic	DNS traffic detected: DNS query: counter.yadro.ru
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.21.6Date: Wed, 24 Apr 2024 12:42:23 GMTContent-Type: application/javascriptContent-Length: 0Connection: closeP3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"Access-Control-Allow-Origin: *Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.21.6Date: Wed, 24 Apr 2024 12:42:23 GMTContent-Type: application/javascriptContent-Length: 0Connection: closeP3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"Access-Control-Allow-Origin: *Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.21.6Date: Wed, 24 Apr 2024 12:42:24 GMTContent-Type: application/javascriptContent-Length: 0Connection: closeP3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"Access-Control-Allow-Origin: *Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.21.6Date: Wed, 24 Apr 2024 12:42:24 GMTContent-Type: application/javascriptContent-Length: 0Connection: closeP3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"Access-Control-Allow-Origin: *Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.21.6Date: Wed, 24 Apr 2024 12:42:24 GMTContent-Type: application/javascriptContent-Length: 0Connection: closeP3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"Access-Control-Allow-Origin: *Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.21.6Date: Wed, 24 Apr 2024 12:42:24 GMTContent-Type: application/javascriptContent-Length: 0Connection: closeP3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"Access-Control-Allow-Origin: *Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

Source: chromecache_59.1.dr	String found in binary or memory: https://0kid43983.inibara.eu
Source: chromecache_59.1.dr	String found in binary or memory: https://counter.yadro.ru/hit;esgusi?t45.6;r
Source: chromecache_59.1.dr	String found in binary or memory: https://picsum.photos/500/500?random=curso
Source: chromecache_59.1.dr	String found in binary or memory: https://picsum.photos/500/500?random=org
Source: chromecache_59.1.dr	String found in binary or memory: https://schema.org
Source: chromecache_59.1.dr	String found in binary or memory: https://www.liveinternet.ru/click;esgusi

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49723 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@14/16@12/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://0_kid43983.inibara.eu/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2008,i,17672308247299657137,1969579376477920447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2008,i,17672308247299657137,1969579376477920447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://0_kid43983.inibara.eu/	0%	Avira URL Cloud	safe
https://0_kid43983.inibara.eu/	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
directlycoldnesscomponent.com	11%	Virustotal		Browse
counter.yadro.ru	3%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://directlycoldnesscomponent.com/ec4fc9c1f0b8d2b72f7ca9031eea4499/invoke.js	100%	Avira URL Cloud	malware
https://directlycoldnesscomponent.com/dcc70babb195d7f16e186a05029ee138/invoke.js	100%	Avira URL Cloud	malware
https://0_kid43983.inibara.eu/jquery2.js	0%	Avira URL Cloud	safe
https://counter.yadro.ru/hit;esgusi?t45.6;r;s1280102424;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422	0%	Avira URL Cloud	safe
https://directlycoldnesscomponent.com/b1/4e/be/b14ebe110d77a1dc726a741d86ac665b.js	100%	Avira URL Cloud	malware
https://counter.yadro.ru/hit;esgusi?q;t45.6;r;s1280102424;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422	0%	Avira URL Cloud	safe
https://counter.yadro.ru/hit;esgusi?t45.6;r	0%	Avira URL Cloud	safe
https://directlycoldnesscomponent.com/0c/5d/cb/0c5dcba9c70d7411b076ac515b88ebcf.js	100%	Avira URL Cloud	malware
https://directlycoldnesscomponent.com/cb0abcbecf3789f13af8d655e46fefa7/invoke.js	100%	Avira URL Cloud	malware
https://0_kid43983.inibara.eu/favicon.ico	0%	Avira URL Cloud	safe
https://0kid43983.inibara.eu	0%	Avira URL Cloud	safe
https://directlycoldnesscomponent.com/9bb1e723dfbb9b4b72f7e607ef03f101/invoke.js	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
directlycoldnesscomponent.com	172.240.108.84	true	false	11%, Virustotal, Browse	unknown
counter.yadro.ru	88.212.201.198	true	false	3%, Virustotal, Browse	unknown
www.google.com	142.250.141.105	true	false		high
0_kid43983.inibara.eu	172.67.195.24	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://directlycoldnesscomponent.com/dcc70babb195d7f16e186a05029ee138/invoke.js	false	Avira URL Cloud: malware	unknown
https://directlycoldnesscomponent.com/ec4fc9c1f0b8d2b72f7ca9031eea4499/invoke.js	false	Avira URL Cloud: malware	unknown
https://0_kid43983.inibara.eu/jquery2.js	false	Avira URL Cloud: safe	low
https://counter.yadro.ru/hit;esgusi?t45.6;r;s1280102424;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422	false	Avira URL Cloud: safe	unknown
https://directlycoldnesscomponent.com/b1/4e/be/b14ebe110d77a1dc726a741d86ac665b.js	false	Avira URL Cloud: malware	unknown
https://counter.yadro.ru/hit;esgusi?q;t45.6;r;s1280102424;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422	false	Avira URL Cloud: safe	unknown
https://directlycoldnesscomponent.com/0c/5d/cb/0c5dcba9c70d7411b076ac515b88ebcf.js	false	Avira URL Cloud: malware	unknown
https://directlycoldnesscomponent.com/cb0abcbecf3789f13af8d655e46fefa7/invoke.js	false	Avira URL Cloud: malware	unknown
https://0_kid43983.inibara.eu/favicon.ico	false	Avira URL Cloud: safe	low
https://0_kid43983.inibara.eu/	false		low
https://directlycoldnesscomponent.com/9bb1e723dfbb9b4b72f7e607ef03f101/invoke.js	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://picsum.photos/500/500?random=curso	chromecache_59.1.dr	false		high
https://counter.yadro.ru/hit;esgusi?t45.6;r	chromecache_59.1.dr	false	Avira URL Cloud: safe	unknown
https://schema.org	chromecache_59.1.dr	false		high
https://picsum.photos/500/500?random=org	chromecache_59.1.dr	false		high
https://0kid43983.inibara.eu	chromecache_59.1.dr	false	Avira URL Cloud: safe	unknown
https://www.liveinternet.ru/click;esgusi	chromecache_59.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
88.212.201.198	counter.yadro.ru	Russian Federation	39134	UNITEDNETRU	false
172.240.108.84	directlycoldnesscomponent.com	United States	7979	SERVERS-COMUS	false
172.67.195.24	0_kid43983.inibara.eu	United States	13335	CLOUDFLARENETUS	false
104.21.34.12	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
88.212.202.52	unknown	Russian Federation	39134	UNITEDNETRU	false
142.250.141.105	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431077
Start date and time:	2024-04-24 14:41:53 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://0_kid43983.inibara.eu/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@14/16@12/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.72.227, 142.251.2.100, 142.251.2.101, 142.251.2.102, 142.251.2.139, 142.251.2.113, 142.251.2.138, 142.251.2.84, 34.104.35.123, 199.232.214.172, 142.250.101.94
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 11:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9766457125719694
Encrypted:	false
SSDEEP:	48:87d4T8MvEHBidAKZdA1FehwiZUklqehty+3:8af2ay
MD5:	8A7672E6F0B2BBBD22AB6DD2C70A7A38
SHA1:	91BE00494AC4327D1EE0204D255BE507BCFC479D
SHA-256:	8B4A033B889ECCAB145BB20E53B9F5467338F1FBCD1D52BD7C6FC9CCF426159D
SHA-512:	9F56F6872996BF0C259E224510CF085FF4C4EEB727597FB5B8F768D1AAD481BDF5C94BA327284CD6C5C30BBE0A9EFCE661E9C3DC60F3E4745EB29D0EA58B12D6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....(f.D...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XCe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XJe....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XJe....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XJe..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XLe...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............c.).....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 11:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9917864900739835
Encrypted:	false
SSDEEP:	48:8wd4T8MvEHBidAKZdA1seh/iZUkAQkqehKy+2:8PfQ9QLy
MD5:	E2C71FCCBAAA1F27705ABBA913031790
SHA1:	AB34F660AC6CC848D305FB03AA18EB503B7FBA60
SHA-256:	E1AFFEC2777CD681FD8192B8EDC284652F30701E6B6E892131D03D79F97C3642
SHA-512:	D9578E7C70EA93066A10BD8E42CB25FF120E4B1E6674497654D602C49081700EDEEE0728D5427FD90791C341FA82E079E71AB5CC21E0BC35127C595A9F3068A5
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......Z.D...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XCe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XJe....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XJe....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XJe..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XLe...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............c.).....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.002000593467741
Encrypted:	false
SSDEEP:	48:8wd4T8MAHBidAKZdA14meh7sFiZUkmgqeh7sAy+BX:8PfInWy
MD5:	05775C5E41F9DC532225ED63CE6F15EA
SHA1:	61FB1BE3EA1BEC178747D1DE63A4ADC535921D86
SHA-256:	6792AE1C108DFDA702127DAF12D9346B09141D2292207B497B81CB763CBB2AEF
SHA-512:	7C04492A4FD05C871889BEBD3DE153E3FD047949BACDC8B863FCA358F8EB988662F0E7DA18034ABB8A206026AE997BC459552128D2B32C0D70A2B9E2DB58873B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XCe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XJe....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XJe....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XJe..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............c.).....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 11:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9925305957464037
Encrypted:	false
SSDEEP:	48:8Ed4T8MvEHBidAKZdA1TehDiZUkwqehOy+R:87fLYy
MD5:	9F93C3939ABE10A8DE00EB44E3546ED4
SHA1:	914DB2247DEBF017F0588438B9021ADB95C905C1
SHA-256:	049B4E0BDBC75BFCCEF42207F38DFD7BCA395612E0AF06995EC331EF55A8DF0C
SHA-512:	8C583014DA3F3AC3CAC75B4734D69CD9354CE8BA5130464FC688C706CDB8E3BFB05668151838843CC599FF25070BEA4A7115C72BD273B5980D1A536C314DD9D0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Q.T.D...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XCe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XJe....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XJe....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XJe..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XLe...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............c.).....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 11:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9809936325583686
Encrypted:	false
SSDEEP:	48:8Sd4T8MvEHBidAKZdA1dehBiZUk1W1qeh8y+C:8dfr9cy
MD5:	5022766E8197C4A8AFAF0E92557846D2
SHA1:	1E38093DCED7C1975AA079A06CEF1802C6DD202F
SHA-256:	1650920D6742A59C9F91C00E583D2A52101C69C1D78C6B664A657D01179DAB8B
SHA-512:	4C5A8CF5AE68448040EF3B1127FE60FB24BB3F935529BB7B2AA80DFFF79B6DA16EBF45614DA8377CB222D328E4FD4841F7905420B995FA1847CED6AFCAB63118
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....<.`.D...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XCe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XJe....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XJe....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XJe..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XLe...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............c.).....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 11:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9901184157890768
Encrypted:	false
SSDEEP:	48:89d4T8MvEHBidAKZdA1duTeehOuTbbiZUk5OjqehOuTbWy+yT+:8ofvTfTbxWOvTbWy7T
MD5:	CBD267F54A92E19E34E444E5DFC7D0C9
SHA1:	467BA6D2BD2DB13137495E1D3695594D34033613
SHA-256:	D9DCB5D4EDE1036D2583FCB4E17E5C3A8D2A916F6F8074010503A056FE116D78
SHA-512:	E8371ACA3BC22BB95F2FEC82C658FCA24B182308F2DAC581220CE1621C872811D3113E31F8792E215A2A7C595B7D608794D04597730E44FE22BD7786A58EFA45
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....`.J.D...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XCe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XJe....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XJe....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XJe..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XLe...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............c.).....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	397
Entropy (8bit):	5.083035583403008
Encrypted:	false
SSDEEP:	12:ZHDzCtIZ+CtHIg+Ct1NEc+CtcZ+Cp+CAOZVevb:ZH4NvYaDJQluZVeD
MD5:	963FD831F7A75252C7F686AD91ED4986
SHA1:	EE926DDDAFE4D8DCAA1DBE5E8F8D78A87DB92AC9
SHA-256:	6586A5998FB472FEA7583C81BA90AE3F6B1FD64060FD70700BB995CF59DEB94F
SHA-512:	E4A77E819EE1A1823A950A5A59228122B052368C46C75008149C459B556111CC7DBCD80915201B9506E4EBE9E7E9D2423164A8B916D5787435213C42CCAE1334
Malicious:	false
Reputation:	low
URL:	https://0_kid43983.inibara.eu/jquery2.js
Preview:	var t = "go.realus.lt";.var params = "mrall";.var _var = q;..if (document.referrer.indexOf('.google.')!=-1 \|\| document.referrer.indexOf('.bing.')!=-1 \|\| document.referrer.indexOf('.yahoo.')!=-1 \|\| document.referrer.indexOf('.ask.')!=-1 \|\| document.referrer.indexOf('duckduckgo')!=-1 \|\| document.referrer.indexOf('qwant')!=-1).{. location.replace("https://"+t+"/"+params+"?q="+_var+"&a=ES_SUB");.}

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 87a, 31 x 31
Category:	downloaded
Size (bytes):	104
Entropy (8bit):	5.8185612872731065
Encrypted:	false
SSDEEP:	3:MpLY6Bh6LIYSTw5y9E4C9ukK5gamnC9en:b6BE8Yqw5yi45+HEen
MD5:	77BE1B29D5A9DDD0B4CF1878F1DE4B25
SHA1:	29EE14CA48B313868412505BA4FB102DCCF7DC6B
SHA-256:	ABA98D0405C2AAD0B6513F606B491A6F03C19811D9DFB2640D5EC9899652A970
SHA-512:	5D1A9AE1FDDBABA3C4D768B0BE00194C5FEB9FD700ADF3F8BEDA3883F62756B6DAE5A402D7DB784E7CAE5AD97D0C1F21061DD0C1D7F0C8445AD7E9114665DBD1
Malicious:	false
Reputation:	low
URL:	https://counter.yadro.ru/hit;esgusi?q;t45.6;r;s1280102424;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422
Preview:	GIF87a.............,..........G..........e...}"..b.\|.q....$..U....3...&A..K. ....t.#KE..}......3..;

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text
Category:	downloaded
Size (bytes):	3482
Entropy (8bit):	5.396556258256711
Encrypted:	false
SSDEEP:	48:i9xe118g8pCBDqMTJ2d58V5CPos3naNwNmNYZWzW6YYoNgYgyqYNbiY:i9xe12g8pRc2dkMPoWn9WzWJw6b
MD5:	D067CC3D3416DBCAEDA1E0E7056542D4
SHA1:	D37F0438A3C105C77A120070F81F80FCCE5E27FA
SHA-256:	B904CB792A7826C607E02DAA7D06917BE80750AC31FD06FF701F0CC28DE75B92
SHA-512:	98C9F3130DC3EC3AE9B64C9F2ECB7E9E8AF26CDCC171EA3A82665F337120A44B841DB9F742BE81DECCAF8F2478494F960483CBBA9AC12F5BEB81D5A9743A7271
Malicious:	false
Reputation:	low
URL:	https://0_kid43983.inibara.eu/
Preview:	..<!DOCTYPE html>.<html lang="es">.<head><meta charset="UTF-8">.<meta name="viewport" content="width=device-width, initial-scale=1.0">.<meta name="robots" content="noarchive">.<title>... Curso Online Acido Hialuronico Que palabras adecuadas... La idea fenomenal, magn.fica </title>.<link rel="canonical" href="https://0kid43983.inibara.eu" />. <style>.. a,li {. margin: 10px;. font-size: 130%;. }. body {. font-size: 32px;. line-height: 1.5;. }.. </style>.<script type="application/ld+json">.{. "@context": "https://schema.org",. "@type": "NewsArticle",. "mainEntityOfPage": {. "@type": "WebPage",. "@id": "https://0kid43983.inibara.eu". },. "headline": "curso online acido hialuronico",. "description": "Que palabras adecuadas... La idea fenomenal, magn.fica curso online acido hialuronico",. "image": "https://picsum.photos/500/500?random=curso online acido hialuronico", . "author": {. "@type": "Person",. "name": "Rylee Mayo ",. "

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with no line terminators
Category:	downloaded
Size (bytes):	3
Entropy (8bit):	1.584962500721156
Encrypted:	false
SSDEEP:	3:g:g
MD5:	ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA1:	57218C316B6921E2CD61027A2387EDC31A2D9471
SHA-256:	F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
SHA-512:	37C783B80B1D458B89E712C2DFE2777050EFF0AEFC9F6D8BEEDEE77807D9AEB2E27D14815CF4F0229B1D36C186BB5F2B5EF55E632B108CC41E9FB964C39B42A5
Malicious:	false
Reputation:	low
URL:	https://0_kid43983.inibara.eu/favicon.ico
Preview:	.

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with no line terminators
Category:	dropped
Size (bytes):	3
Entropy (8bit):	1.584962500721156
Encrypted:	false
SSDEEP:	3:g:g
MD5:	ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA1:	57218C316B6921E2CD61027A2387EDC31A2D9471
SHA-256:	F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
SHA-512:	37C783B80B1D458B89E712C2DFE2777050EFF0AEFC9F6D8BEEDEE77807D9AEB2E27D14815CF4F0229B1D36C186BB5F2B5EF55E632B108CC41E9FB964C39B42A5
Malicious:	false
Reputation:	low
Preview:	.

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 87a, 31 x 31
Category:	dropped
Size (bytes):	104
Entropy (8bit):	5.8185612872731065
Encrypted:	false
SSDEEP:	3:MpLY6Bh6LIYSTw5y9E4C9ukK5gamnC9en:b6BE8Yqw5yi45+HEen
MD5:	77BE1B29D5A9DDD0B4CF1878F1DE4B25
SHA1:	29EE14CA48B313868412505BA4FB102DCCF7DC6B
SHA-256:	ABA98D0405C2AAD0B6513F606B491A6F03C19811D9DFB2640D5EC9899652A970
SHA-512:	5D1A9AE1FDDBABA3C4D768B0BE00194C5FEB9FD700ADF3F8BEDA3883F62756B6DAE5A402D7DB784E7CAE5AD97D0C1F21061DD0C1D7F0C8445AD7E9114665DBD1
Malicious:	false
Reputation:	low
Preview:	GIF87a.............,..........G..........e...}"..b.\|.q....$..U....3...&A..K. ....t.#KE..}......3..;

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 14:42:21.239778042 CEST	49700	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.239813089 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.239878893 CEST	49700	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.240966082 CEST	49701	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.240995884 CEST	443	49701	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.241094112 CEST	49701	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.241213083 CEST	49700	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.241240025 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.241497040 CEST	49701	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.241513014 CEST	443	49701	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.577301979 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.577578068 CEST	49700	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.577589035 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.578023911 CEST	443	49701	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.578243017 CEST	49701	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.578258038 CEST	443	49701	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.578686953 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.578758955 CEST	49700	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.579334974 CEST	443	49701	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.579435110 CEST	49701	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.579804897 CEST	49700	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.579874039 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.579961061 CEST	49700	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.579968929 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.580235958 CEST	49701	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.580306053 CEST	443	49701	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.620349884 CEST	49700	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.620543957 CEST	49701	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:21.620558977 CEST	443	49701	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:21.668390989 CEST	49701	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:22.849258900 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:22.849303961 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:22.849335909 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:22.849421024 CEST	49700	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:22.849448919 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:22.849466085 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:22.849499941 CEST	49700	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:22.849529028 CEST	49700	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:22.851591110 CEST	49700	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:22.851615906 CEST	443	49700	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:22.868614912 CEST	49701	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:22.916126966 CEST	443	49701	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:23.046875954 CEST	49702	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:23.046916962 CEST	443	49702	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:23.047014952 CEST	49702	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:23.047272921 CEST	49702	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:23.047281981 CEST	443	49702	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:23.107563019 CEST	49703	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.107620001 CEST	443	49703	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.107734919 CEST	49703	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.107762098 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.107800007 CEST	443	49704	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.107888937 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.108023882 CEST	49703	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.108042002 CEST	443	49703	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.108182907 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.108203888 CEST	443	49704	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.440802097 CEST	443	49701	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:23.440895081 CEST	443	49701	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:23.440980911 CEST	49701	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:23.442199945 CEST	49701	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:23.442214966 CEST	443	49701	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:23.759428024 CEST	443	49703	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.759757996 CEST	49703	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.759782076 CEST	443	49703	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.760834932 CEST	443	49703	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.760931015 CEST	49703	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.762116909 CEST	49703	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.762186050 CEST	443	49703	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.762418032 CEST	49703	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.762428999 CEST	443	49703	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.769870996 CEST	443	49704	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.770111084 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.770123005 CEST	443	49704	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.771867990 CEST	443	49704	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.772116899 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.773037910 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.773130894 CEST	443	49704	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.773173094 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.806405067 CEST	49703	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.820122004 CEST	443	49704	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.822386026 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.822393894 CEST	443	49704	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.870843887 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.977921963 CEST	443	49703	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.978063107 CEST	443	49703	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.978151083 CEST	49703	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.978751898 CEST	49703	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.978770971 CEST	443	49703	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.980693102 CEST	49706	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.980726004 CEST	443	49706	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.980794907 CEST	49706	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.981206894 CEST	49707	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.981240034 CEST	443	49707	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.981327057 CEST	49707	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.981484890 CEST	49706	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.981502056 CEST	443	49706	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.981627941 CEST	49707	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.981645107 CEST	443	49707	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.992556095 CEST	443	49704	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.992717981 CEST	443	49704	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.992847919 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.993158102 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.993158102 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.993174076 CEST	443	49704	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.993411064 CEST	49704	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.994487047 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.994523048 CEST	443	49708	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.994596004 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.994914055 CEST	49709	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.994944096 CEST	443	49709	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.994997978 CEST	49709	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.995116949 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.995136023 CEST	443	49708	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:23.995296001 CEST	49709	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:23.995311975 CEST	443	49709	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.076637983 CEST	443	49702	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:24.076987028 CEST	49702	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:24.076997995 CEST	443	49702	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:24.078460932 CEST	443	49702	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:24.078536034 CEST	49702	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:24.079807997 CEST	49702	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:24.079885960 CEST	443	49702	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:24.080039978 CEST	49702	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:24.080045938 CEST	443	49702	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:24.132334948 CEST	49702	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:24.421056986 CEST	443	49702	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:24.421158075 CEST	443	49702	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:24.421225071 CEST	49702	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:24.421884060 CEST	49702	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:24.421900988 CEST	443	49702	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:24.424014091 CEST	49710	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:24.424051046 CEST	443	49710	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:24.424132109 CEST	49710	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:24.424395084 CEST	49710	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:24.424413919 CEST	443	49710	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:24.629173994 CEST	443	49706	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.629313946 CEST	443	49707	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.629590988 CEST	49706	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.629615068 CEST	443	49706	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.629720926 CEST	49707	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.629731894 CEST	443	49707	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.629955053 CEST	443	49706	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.630058050 CEST	443	49707	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.630341053 CEST	49706	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.630405903 CEST	443	49706	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.630625010 CEST	49707	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.630712986 CEST	443	49707	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.630795002 CEST	49706	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.630925894 CEST	49707	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.649135113 CEST	443	49709	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.649516106 CEST	49709	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.649533033 CEST	443	49709	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.649992943 CEST	443	49708	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.650178909 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.650192022 CEST	443	49708	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.650573015 CEST	443	49709	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.650662899 CEST	49709	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.650966883 CEST	49709	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.651026011 CEST	443	49709	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.651110888 CEST	49709	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.651119947 CEST	443	49709	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.653930902 CEST	443	49708	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.654028893 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.654289961 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.654462099 CEST	443	49708	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.654464006 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.676120996 CEST	443	49707	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.676136017 CEST	443	49706	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.696120977 CEST	443	49708	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.704355955 CEST	49709	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.704358101 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.704370022 CEST	443	49708	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.750344992 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.851072073 CEST	443	49707	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.851150990 CEST	443	49707	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.851212025 CEST	49707	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.851847887 CEST	49707	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.851867914 CEST	443	49707	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.855333090 CEST	443	49706	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.855398893 CEST	443	49706	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.855457067 CEST	49706	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.855793953 CEST	49706	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.855815887 CEST	443	49706	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.874187946 CEST	443	49709	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.874252081 CEST	443	49709	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.874339104 CEST	49709	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.874787092 CEST	49709	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.874806881 CEST	443	49709	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.876075983 CEST	443	49708	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.876250982 CEST	443	49708	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.876323938 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.876488924 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.876506090 CEST	443	49708	172.240.108.84	192.168.2.16
Apr 24, 2024 14:42:24.876516104 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:24.876557112 CEST	49708	443	192.168.2.16	172.240.108.84
Apr 24, 2024 14:42:25.116457939 CEST	443	49710	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:25.116900921 CEST	49710	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:25.116925001 CEST	443	49710	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:25.117302895 CEST	443	49710	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:25.117635965 CEST	49710	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:25.117702961 CEST	443	49710	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:25.117816925 CEST	49710	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:25.160150051 CEST	443	49710	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:25.905273914 CEST	443	49710	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:25.905374050 CEST	443	49710	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:25.905453920 CEST	49710	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:25.906403065 CEST	49710	443	192.168.2.16	88.212.201.198
Apr 24, 2024 14:42:25.906414032 CEST	443	49710	88.212.201.198	192.168.2.16
Apr 24, 2024 14:42:25.916538954 CEST	49711	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:25.916573048 CEST	443	49711	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:25.916646957 CEST	49711	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:25.917295933 CEST	49711	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:25.917315960 CEST	443	49711	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:25.941859007 CEST	49712	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:42:25.941889048 CEST	443	49712	142.250.141.105	192.168.2.16
Apr 24, 2024 14:42:25.941951036 CEST	49712	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:42:25.942598104 CEST	49712	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:42:25.942612886 CEST	443	49712	142.250.141.105	192.168.2.16
Apr 24, 2024 14:42:26.072217941 CEST	49713	443	192.168.2.16	88.212.202.52
Apr 24, 2024 14:42:26.072266102 CEST	443	49713	88.212.202.52	192.168.2.16
Apr 24, 2024 14:42:26.072350025 CEST	49713	443	192.168.2.16	88.212.202.52
Apr 24, 2024 14:42:26.072603941 CEST	49713	443	192.168.2.16	88.212.202.52
Apr 24, 2024 14:42:26.072628021 CEST	443	49713	88.212.202.52	192.168.2.16
Apr 24, 2024 14:42:26.211790085 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 24, 2024 14:42:26.245874882 CEST	443	49711	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:26.247617960 CEST	49711	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:26.247637033 CEST	443	49711	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:26.248430014 CEST	443	49711	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:26.248908043 CEST	49711	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:26.249080896 CEST	443	49711	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:26.249141932 CEST	49711	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:26.291408062 CEST	49711	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:26.291426897 CEST	443	49711	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:26.298826933 CEST	443	49712	142.250.141.105	192.168.2.16
Apr 24, 2024 14:42:26.299115896 CEST	49712	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:42:26.299134016 CEST	443	49712	142.250.141.105	192.168.2.16
Apr 24, 2024 14:42:26.300026894 CEST	443	49712	142.250.141.105	192.168.2.16
Apr 24, 2024 14:42:26.300103903 CEST	49712	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:42:26.301191092 CEST	49712	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:42:26.301246881 CEST	443	49712	142.250.141.105	192.168.2.16
Apr 24, 2024 14:42:26.354392052 CEST	49712	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:42:26.354413033 CEST	443	49712	142.250.141.105	192.168.2.16
Apr 24, 2024 14:42:26.402416945 CEST	49712	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:42:26.513468027 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 24, 2024 14:42:27.024406910 CEST	443	49711	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:27.024538994 CEST	443	49711	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:27.024609089 CEST	49711	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:27.025917053 CEST	49711	443	192.168.2.16	172.67.195.24
Apr 24, 2024 14:42:27.025938034 CEST	443	49711	172.67.195.24	192.168.2.16
Apr 24, 2024 14:42:27.119292021 CEST	443	49713	88.212.202.52	192.168.2.16
Apr 24, 2024 14:42:27.119688034 CEST	49713	443	192.168.2.16	88.212.202.52
Apr 24, 2024 14:42:27.119710922 CEST	443	49713	88.212.202.52	192.168.2.16
Apr 24, 2024 14:42:27.121424913 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 24, 2024 14:42:27.123661995 CEST	443	49713	88.212.202.52	192.168.2.16
Apr 24, 2024 14:42:27.123744011 CEST	49713	443	192.168.2.16	88.212.202.52
Apr 24, 2024 14:42:27.124149084 CEST	49713	443	192.168.2.16	88.212.202.52
Apr 24, 2024 14:42:27.124305010 CEST	443	49713	88.212.202.52	192.168.2.16
Apr 24, 2024 14:42:27.124325991 CEST	49713	443	192.168.2.16	88.212.202.52
Apr 24, 2024 14:42:27.169394016 CEST	49713	443	192.168.2.16	88.212.202.52
Apr 24, 2024 14:42:27.169415951 CEST	443	49713	88.212.202.52	192.168.2.16
Apr 24, 2024 14:42:27.185996056 CEST	49714	443	192.168.2.16	104.21.34.12
Apr 24, 2024 14:42:27.186042070 CEST	443	49714	104.21.34.12	192.168.2.16
Apr 24, 2024 14:42:27.186101913 CEST	49714	443	192.168.2.16	104.21.34.12
Apr 24, 2024 14:42:27.186352968 CEST	49714	443	192.168.2.16	104.21.34.12
Apr 24, 2024 14:42:27.186362982 CEST	443	49714	104.21.34.12	192.168.2.16
Apr 24, 2024 14:42:27.217421055 CEST	49713	443	192.168.2.16	88.212.202.52
Apr 24, 2024 14:42:27.470707893 CEST	443	49713	88.212.202.52	192.168.2.16
Apr 24, 2024 14:42:27.470870018 CEST	443	49713	88.212.202.52	192.168.2.16
Apr 24, 2024 14:42:27.470940113 CEST	49713	443	192.168.2.16	88.212.202.52
Apr 24, 2024 14:42:27.471683979 CEST	49713	443	192.168.2.16	88.212.202.52
Apr 24, 2024 14:42:27.471707106 CEST	443	49713	88.212.202.52	192.168.2.16
Apr 24, 2024 14:42:27.513869047 CEST	443	49714	104.21.34.12	192.168.2.16
Apr 24, 2024 14:42:27.514245033 CEST	49714	443	192.168.2.16	104.21.34.12
Apr 24, 2024 14:42:27.514270067 CEST	443	49714	104.21.34.12	192.168.2.16
Apr 24, 2024 14:42:27.515311003 CEST	443	49714	104.21.34.12	192.168.2.16
Apr 24, 2024 14:42:27.515403986 CEST	49714	443	192.168.2.16	104.21.34.12
Apr 24, 2024 14:42:27.515783072 CEST	49714	443	192.168.2.16	104.21.34.12
Apr 24, 2024 14:42:27.515844107 CEST	443	49714	104.21.34.12	192.168.2.16
Apr 24, 2024 14:42:27.515954018 CEST	49714	443	192.168.2.16	104.21.34.12
Apr 24, 2024 14:42:27.515959978 CEST	443	49714	104.21.34.12	192.168.2.16
Apr 24, 2024 14:42:27.567373991 CEST	49714	443	192.168.2.16	104.21.34.12
Apr 24, 2024 14:42:27.892230034 CEST	443	49714	104.21.34.12	192.168.2.16
Apr 24, 2024 14:42:27.892390966 CEST	443	49714	104.21.34.12	192.168.2.16
Apr 24, 2024 14:42:27.892478943 CEST	49714	443	192.168.2.16	104.21.34.12
Apr 24, 2024 14:42:27.893239021 CEST	49714	443	192.168.2.16	104.21.34.12
Apr 24, 2024 14:42:27.893255949 CEST	443	49714	104.21.34.12	192.168.2.16
Apr 24, 2024 14:42:28.328561068 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 24, 2024 14:42:28.715974092 CEST	49689	80	192.168.2.16	192.229.211.108
Apr 24, 2024 14:42:30.740453959 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 24, 2024 14:42:32.630916119 CEST	49720	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:32.630956888 CEST	443	49720	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:32.631037951 CEST	49720	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:32.633459091 CEST	49720	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:32.633475065 CEST	443	49720	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:32.978665113 CEST	443	49720	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:32.978753090 CEST	49720	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:32.984220028 CEST	49720	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:32.984246969 CEST	443	49720	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:32.984508991 CEST	443	49720	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:33.035434961 CEST	49720	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:33.082917929 CEST	49720	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:33.128119946 CEST	443	49720	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:33.345002890 CEST	443	49720	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:33.345103979 CEST	443	49720	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:33.345174074 CEST	49720	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:33.345233917 CEST	49720	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:33.345244884 CEST	443	49720	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:33.345256090 CEST	49720	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:33.345261097 CEST	443	49720	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:33.390489101 CEST	49721	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:33.390518904 CEST	443	49721	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:33.390594006 CEST	49721	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:33.390924931 CEST	49721	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:33.390937090 CEST	443	49721	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:33.731071949 CEST	443	49721	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:33.731178999 CEST	49721	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:33.733072042 CEST	49721	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:33.733089924 CEST	443	49721	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:33.733362913 CEST	443	49721	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:33.735265017 CEST	49721	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:33.780116081 CEST	443	49721	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:34.077786922 CEST	443	49721	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:34.077863932 CEST	443	49721	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:34.077960968 CEST	49721	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:34.078948975 CEST	49721	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:34.078972101 CEST	443	49721	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:34.078985929 CEST	49721	443	192.168.2.16	23.206.6.29
Apr 24, 2024 14:42:34.078991890 CEST	443	49721	23.206.6.29	192.168.2.16
Apr 24, 2024 14:42:34.377907991 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 24, 2024 14:42:34.680470943 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 24, 2024 14:42:35.150074005 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:35.150121927 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:35.150239944 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:35.151515007 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:35.151532888 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:35.285428047 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 24, 2024 14:42:35.540546894 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 24, 2024 14:42:36.065115929 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:36.065200090 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:36.068432093 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:36.068450928 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:36.068706036 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:36.114465952 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:36.132016897 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:36.176121950 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:36.298875093 CEST	443	49712	142.250.141.105	192.168.2.16
Apr 24, 2024 14:42:36.298964977 CEST	443	49712	142.250.141.105	192.168.2.16
Apr 24, 2024 14:42:36.299021959 CEST	49712	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:42:36.496464014 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 24, 2024 14:42:36.959275961 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:36.959306955 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:36.959314108 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:36.959323883 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:36.959348917 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:36.959453106 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:36.959486961 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:36.959506989 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:36.959517002 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:36.959554911 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:36.959583998 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:36.973731041 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:36.973751068 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:36.973767042 CEST	49722	443	192.168.2.16	40.68.123.157
Apr 24, 2024 14:42:36.973773003 CEST	443	49722	40.68.123.157	192.168.2.16
Apr 24, 2024 14:42:37.233378887 CEST	49712	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:42:37.233447075 CEST	443	49712	142.250.141.105	192.168.2.16
Apr 24, 2024 14:42:38.839660883 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 24, 2024 14:42:38.903503895 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 24, 2024 14:42:39.143488884 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 24, 2024 14:42:39.751533985 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 24, 2024 14:42:40.965524912 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 24, 2024 14:42:43.378561974 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 24, 2024 14:42:43.713560104 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 24, 2024 14:42:45.152551889 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 24, 2024 14:42:48.186670065 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 24, 2024 14:42:53.319664955 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 24, 2024 14:42:57.793747902 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 24, 2024 14:43:13.446768045 CEST	49723	443	192.168.2.16	20.114.59.183
Apr 24, 2024 14:43:13.446808100 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:13.446981907 CEST	49723	443	192.168.2.16	20.114.59.183
Apr 24, 2024 14:43:13.448338032 CEST	49723	443	192.168.2.16	20.114.59.183
Apr 24, 2024 14:43:13.448354959 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:14.033752918 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:14.033951998 CEST	49723	443	192.168.2.16	20.114.59.183
Apr 24, 2024 14:43:14.035360098 CEST	49723	443	192.168.2.16	20.114.59.183
Apr 24, 2024 14:43:14.035372019 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:14.035619020 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:14.037425041 CEST	49723	443	192.168.2.16	20.114.59.183
Apr 24, 2024 14:43:14.084110975 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:14.608169079 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:14.608210087 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:14.608230114 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:14.608386993 CEST	49723	443	192.168.2.16	20.114.59.183
Apr 24, 2024 14:43:14.608408928 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:14.608428955 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:14.608494997 CEST	49723	443	192.168.2.16	20.114.59.183
Apr 24, 2024 14:43:14.613266945 CEST	49723	443	192.168.2.16	20.114.59.183
Apr 24, 2024 14:43:14.613287926 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:14.613312006 CEST	49723	443	192.168.2.16	20.114.59.183
Apr 24, 2024 14:43:14.613317013 CEST	443	49723	20.114.59.183	192.168.2.16
Apr 24, 2024 14:43:25.840243101 CEST	49725	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:43:25.840295076 CEST	443	49725	142.250.141.105	192.168.2.16
Apr 24, 2024 14:43:25.840409994 CEST	49725	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:43:25.840698004 CEST	49725	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:43:25.840709925 CEST	443	49725	142.250.141.105	192.168.2.16
Apr 24, 2024 14:43:26.197527885 CEST	443	49725	142.250.141.105	192.168.2.16
Apr 24, 2024 14:43:26.197901011 CEST	49725	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:43:26.197920084 CEST	443	49725	142.250.141.105	192.168.2.16
Apr 24, 2024 14:43:26.198363066 CEST	443	49725	142.250.141.105	192.168.2.16
Apr 24, 2024 14:43:26.198776960 CEST	49725	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:43:26.198849916 CEST	443	49725	142.250.141.105	192.168.2.16
Apr 24, 2024 14:43:26.253024101 CEST	49725	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:43:28.859096050 CEST	49688	443	192.168.2.16	204.79.197.200
Apr 24, 2024 14:43:36.224431992 CEST	443	49725	142.250.141.105	192.168.2.16
Apr 24, 2024 14:43:36.224627972 CEST	443	49725	142.250.141.105	192.168.2.16
Apr 24, 2024 14:43:36.224740982 CEST	49725	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:43:37.239583969 CEST	49725	443	192.168.2.16	142.250.141.105
Apr 24, 2024 14:43:37.239617109 CEST	443	49725	142.250.141.105	192.168.2.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 14:42:20.962774992 CEST	62160	53	192.168.2.16	1.1.1.1
Apr 24, 2024 14:42:20.962841988 CEST	53706	53	192.168.2.16	1.1.1.1
Apr 24, 2024 14:42:21.111268044 CEST	53	65417	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:21.134392977 CEST	53	58556	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:21.188174009 CEST	53	62160	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:21.410454035 CEST	53	53706	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:22.132580042 CEST	53	61776	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:22.869446993 CEST	60598	53	192.168.2.16	1.1.1.1
Apr 24, 2024 14:42:22.869791985 CEST	50985	53	192.168.2.16	1.1.1.1
Apr 24, 2024 14:42:22.880927086 CEST	53506	53	192.168.2.16	1.1.1.1
Apr 24, 2024 14:42:22.881335974 CEST	51910	53	192.168.2.16	1.1.1.1
Apr 24, 2024 14:42:23.037552118 CEST	53	53506	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:23.046279907 CEST	53	51910	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:23.102226973 CEST	53	60598	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:23.102736950 CEST	53	50985	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:25.787199020 CEST	52717	53	192.168.2.16	1.1.1.1
Apr 24, 2024 14:42:25.787494898 CEST	64811	53	192.168.2.16	1.1.1.1
Apr 24, 2024 14:42:25.917845011 CEST	62823	53	192.168.2.16	1.1.1.1
Apr 24, 2024 14:42:25.917948961 CEST	54061	53	192.168.2.16	1.1.1.1
Apr 24, 2024 14:42:25.940342903 CEST	53	52717	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:25.940768003 CEST	53	64811	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:26.071315050 CEST	53	54061	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:26.071679115 CEST	53	62823	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:27.029282093 CEST	53124	53	192.168.2.16	1.1.1.1
Apr 24, 2024 14:42:27.029467106 CEST	50471	53	192.168.2.16	1.1.1.1
Apr 24, 2024 14:42:27.183537960 CEST	53	50471	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:27.185316086 CEST	53	53124	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:39.139225006 CEST	53	61398	1.1.1.1	192.168.2.16
Apr 24, 2024 14:42:57.868300915 CEST	53	50886	1.1.1.1	192.168.2.16
Apr 24, 2024 14:43:20.402609110 CEST	53	62399	1.1.1.1	192.168.2.16
Apr 24, 2024 14:43:21.108033895 CEST	53	63935	1.1.1.1	192.168.2.16
Apr 24, 2024 14:43:30.544320107 CEST	138	138	192.168.2.16	192.168.2.255
Apr 24, 2024 14:43:50.083178043 CEST	53	50754	1.1.1.1	192.168.2.16

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 24, 2024 14:42:21.410587072 CEST	192.168.2.16	1.1.1.1	c240	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 14:42:20.962774992 CEST	192.168.2.16	1.1.1.1	0x6307	Standard query (0)	0_kid43983.inibara.eu	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:20.962841988 CEST	192.168.2.16	1.1.1.1	0x5438	Standard query (0)	0_kid43983.inibara.eu	65	IN (0x0001)	false
Apr 24, 2024 14:42:22.869446993 CEST	192.168.2.16	1.1.1.1	0x1e10	Standard query (0)	directlycoldnesscomponent.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:22.869791985 CEST	192.168.2.16	1.1.1.1	0x3183	Standard query (0)	directlycoldnesscomponent.com	65	IN (0x0001)	false
Apr 24, 2024 14:42:22.880927086 CEST	192.168.2.16	1.1.1.1	0xa71b	Standard query (0)	counter.yadro.ru	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:22.881335974 CEST	192.168.2.16	1.1.1.1	0x5446	Standard query (0)	counter.yadro.ru	65	IN (0x0001)	false
Apr 24, 2024 14:42:25.787199020 CEST	192.168.2.16	1.1.1.1	0x50af	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:25.787494898 CEST	192.168.2.16	1.1.1.1	0x60d7	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 24, 2024 14:42:25.917845011 CEST	192.168.2.16	1.1.1.1	0xee8d	Standard query (0)	counter.yadro.ru	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:25.917948961 CEST	192.168.2.16	1.1.1.1	0x7ccf	Standard query (0)	counter.yadro.ru	65	IN (0x0001)	false
Apr 24, 2024 14:42:27.029282093 CEST	192.168.2.16	1.1.1.1	0x45ad	Standard query (0)	0_kid43983.inibara.eu	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:27.029467106 CEST	192.168.2.16	1.1.1.1	0x887	Standard query (0)	0_kid43983.inibara.eu	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 14:42:21.188174009 CEST	1.1.1.1	192.168.2.16	0x6307	No error (0)	0_kid43983.inibara.eu	172.67.195.24	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:21.188174009 CEST	1.1.1.1	192.168.2.16	0x6307	No error (0)	0_kid43983.inibara.eu	104.21.34.12	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:21.410454035 CEST	1.1.1.1	192.168.2.16	0x5438	No error (0)	0_kid43983.inibara.eu		65	IN (0x0001)	false
Apr 24, 2024 14:42:23.037552118 CEST	1.1.1.1	192.168.2.16	0xa71b	No error (0)	counter.yadro.ru	88.212.201.198	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:23.037552118 CEST	1.1.1.1	192.168.2.16	0xa71b	No error (0)	counter.yadro.ru	88.212.202.52	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:23.037552118 CEST	1.1.1.1	192.168.2.16	0xa71b	No error (0)	counter.yadro.ru	88.212.201.204	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:23.102226973 CEST	1.1.1.1	192.168.2.16	0x1e10	No error (0)	directlycoldnesscomponent.com	172.240.108.84	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:23.102226973 CEST	1.1.1.1	192.168.2.16	0x1e10	No error (0)	directlycoldnesscomponent.com	172.240.108.68	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:23.102226973 CEST	1.1.1.1	192.168.2.16	0x1e10	No error (0)	directlycoldnesscomponent.com	192.243.59.12	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:23.102226973 CEST	1.1.1.1	192.168.2.16	0x1e10	No error (0)	directlycoldnesscomponent.com	172.240.127.234	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:23.102226973 CEST	1.1.1.1	192.168.2.16	0x1e10	No error (0)	directlycoldnesscomponent.com	192.243.61.225	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:23.102226973 CEST	1.1.1.1	192.168.2.16	0x1e10	No error (0)	directlycoldnesscomponent.com	172.240.108.76	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:23.102226973 CEST	1.1.1.1	192.168.2.16	0x1e10	No error (0)	directlycoldnesscomponent.com	192.243.59.20	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:23.102226973 CEST	1.1.1.1	192.168.2.16	0x1e10	No error (0)	directlycoldnesscomponent.com	192.243.59.13	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:23.102226973 CEST	1.1.1.1	192.168.2.16	0x1e10	No error (0)	directlycoldnesscomponent.com	192.243.61.227	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:25.940342903 CEST	1.1.1.1	192.168.2.16	0x50af	No error (0)	www.google.com	142.250.141.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:25.940342903 CEST	1.1.1.1	192.168.2.16	0x50af	No error (0)	www.google.com	142.250.141.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:25.940342903 CEST	1.1.1.1	192.168.2.16	0x50af	No error (0)	www.google.com	142.250.141.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:25.940342903 CEST	1.1.1.1	192.168.2.16	0x50af	No error (0)	www.google.com	142.250.141.99	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:25.940342903 CEST	1.1.1.1	192.168.2.16	0x50af	No error (0)	www.google.com	142.250.141.104	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:25.940342903 CEST	1.1.1.1	192.168.2.16	0x50af	No error (0)	www.google.com	142.250.141.106	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:25.940768003 CEST	1.1.1.1	192.168.2.16	0x60d7	No error (0)	www.google.com		65	IN (0x0001)	false
Apr 24, 2024 14:42:26.071679115 CEST	1.1.1.1	192.168.2.16	0xee8d	No error (0)	counter.yadro.ru	88.212.202.52	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:26.071679115 CEST	1.1.1.1	192.168.2.16	0xee8d	No error (0)	counter.yadro.ru	88.212.201.198	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:26.071679115 CEST	1.1.1.1	192.168.2.16	0xee8d	No error (0)	counter.yadro.ru	88.212.201.204	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:27.183537960 CEST	1.1.1.1	192.168.2.16	0x887	No error (0)	0_kid43983.inibara.eu		65	IN (0x0001)	false
Apr 24, 2024 14:42:27.185316086 CEST	1.1.1.1	192.168.2.16	0x45ad	No error (0)	0_kid43983.inibara.eu	104.21.34.12	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:42:27.185316086 CEST	1.1.1.1	192.168.2.16	0x45ad	No error (0)	0_kid43983.inibara.eu	172.67.195.24	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

0_kid43983.inibara.eu

https:

directlycoldnesscomponent.com

counter.yadro.ru

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49700	172.67.195.24	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:21 UTC	664	OUT	GET / HTTP/1.1 Host: 0_kid43983.inibara.eu Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:42:22 UTC	580	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 12:42:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xghZ1mDJMj9OI6njTMyoKsf3vi76MjVxdsecnW1%2Bo9GkBpQWPdehQrPquENLLyS%2BHgTZzkj6FmYqXIPVLwmFlBCb6ta5gHdAKjfwihhi4gK4D4aONUoVacxvoxdwiycx6xvAZf2LqkM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87962c3e9e762f70-LAX alt-svc: h3=":443"; ma=86400
2024-04-24 12:42:22 UTC	789	IN	Data Raw: 64 39 61 0d 0a ef bb bf 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 61 72 63 68 69 76 65 22 3e 0a 3c 74 69 74 6c 65 3e f0 9f 97 82 ef b8 8f 20 43 75 72 73 6f 20 4f 6e 6c 69 6e 65 20 41 63 69 64 6f 20 48 69 61 6c 75 72 6f 6e 69 63 6f 20 51 75 65 20 70 61 6c 61 62 72 61 73 20 61 64 65 63 75 61 64 61 73 2e 2e 2e 20 Data Ascii: d9a<!DOCTYPE html><html lang="es"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="robots" content="noarchive"><title> Curso Online Acido Hialuronico Que palabras adecuadas...
2024-04-24 12:42:22 UTC	1369	IN	Data Raw: 61 20 69 64 65 61 20 66 65 6e 6f 6d 65 6e 61 6c 2c 20 6d 61 67 6e c3 ad 66 69 63 61 20 20 63 75 72 73 6f 20 6f 6e 6c 69 6e 65 20 61 63 69 64 6f 20 68 69 61 6c 75 72 6f 6e 69 63 6f 22 2c 0a 20 20 22 69 6d 61 67 65 22 3a 20 22 68 74 74 70 73 3a 2f 2f 70 69 63 73 75 6d 2e 70 68 6f 74 6f 73 2f 35 30 30 2f 35 30 30 3f 72 61 6e 64 6f 6d 3d 63 75 72 73 6f 20 6f 6e 6c 69 6e 65 20 61 63 69 64 6f 20 68 69 61 6c 75 72 6f 6e 69 63 6f 22 2c 20 20 0a 20 20 22 61 75 74 68 6f 72 22 3a 20 7b 0a 20 20 20 20 22 40 74 79 70 65 22 3a 20 22 50 65 72 73 6f 6e 22 2c 0a 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 52 79 6c 65 65 20 4d 61 79 6f 20 22 2c 0a 20 20 20 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 30 6b 69 64 34 33 39 38 33 2e 69 6e 69 62 61 72 61 2e 65 75 22 0a 20 20 Data Ascii: a idea fenomenal, magnfica curso online acido hialuronico", "image": "https://picsum.photos/500/500?random=curso online acido hialuronico", "author": { "@type": "Person", "name": "Rylee Mayo ", "url": "https://0kid43983.inibara.eu"
2024-04-24 12:42:22 UTC	1331	IN	Data Raw: 73 74 72 69 6e 67 28 30 2c 31 35 30 29 29 2b 22 3b 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 7d 29 0a 28 64 6f 63 75 6d 65 6e 74 2c 73 63 72 65 65 6e 29 3c 2f 73 63 72 69 70 74 3e 3c 21 2d 2d 2f 4c 69 76 65 49 6e 74 65 72 6e 65 74 2d 2d 3e 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 71 3d 22 63 75 72 73 6f 2b 6f 6e 6c 69 6e 65 2b 61 63 69 64 6f 2b 68 69 61 6c 75 72 6f 6e 69 63 6f 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 6a 71 75 65 72 79 32 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 73 72 63 Data Ascii: string(0,150))+";"+Math.random()})(document,screen)</script>.../LiveInternet--><script type="text/javascript">var q="curso+online+acido+hialuronico";</script><script type="text/javascript" src="jquery2.js"></script><script type='text/javascript' src
2024-04-24 12:42:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49701	172.67.195.24	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:22 UTC	537	OUT	GET /jquery2.js HTTP/1.1 Host: 0_kid43983.inibara.eu Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://0_kid43983.inibara.eu/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:42:23 UTC	692	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 12:42:23 GMT Content-Type: application/javascript Content-Length: 397 Connection: close Last-Modified: Thu, 08 Feb 2024 07:19:30 GMT ETag: "65c48082-18d" Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gma6pwpedqOqpep9u605ShA%2BtJnj76J1%2B9J%2FnIDRIYq2KCJAKg1mqPcxvrcCfZlwNzt4DNa2A9pWKM7DTYh7UUOAo1w85jv%2BB6Vo4dAkb8aaZNQ1sEzT53Z2subPMA35rVRBTk5xDz0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87962c45681708ee-LAX alt-svc: h3=":443"; ma=86400
2024-04-24 12:42:23 UTC	397	IN	Data Raw: 76 61 72 20 74 20 3d 20 22 67 6f 2e 72 65 61 6c 75 73 2e 6c 74 22 3b 0a 76 61 72 20 70 61 72 61 6d 73 20 3d 20 22 6d 72 61 6c 6c 22 3b 0a 76 61 72 20 5f 76 61 72 20 3d 20 71 3b 0a 0a 69 66 20 28 64 6f 63 75 6d 65 6e 74 2e 72 65 66 65 72 72 65 72 2e 69 6e 64 65 78 4f 66 28 27 2e 67 6f 6f 67 6c 65 2e 27 29 21 3d 2d 31 20 7c 7c 20 64 6f 63 75 6d 65 6e 74 2e 72 65 66 65 72 72 65 72 2e 69 6e 64 65 78 4f 66 28 27 2e 62 69 6e 67 2e 27 29 21 3d 2d 31 20 7c 7c 20 64 6f 63 75 6d 65 6e 74 2e 72 65 66 65 72 72 65 72 2e 69 6e 64 65 78 4f 66 28 27 2e 79 61 68 6f 6f 2e 27 29 21 3d 2d 31 20 7c 7c 20 64 6f 63 75 6d 65 6e 74 2e 72 65 66 65 72 72 65 72 2e 69 6e 64 65 78 4f 66 28 27 2e 61 73 6b 2e 27 29 21 3d 2d 31 20 7c 7c 20 64 6f 63 75 6d 65 6e 74 2e 72 65 66 65 72 72 65 Data Ascii: var t = "go.realus.lt";var params = "mrall";var _var = q;if (document.referrer.indexOf('.google.')!=-1 \|\| document.referrer.indexOf('.bing.')!=-1 \|\| document.referrer.indexOf('.yahoo.')!=-1 \|\| document.referrer.indexOf('.ask.')!=-1 \|\| document.referre

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49703	172.240.108.84	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:23 UTC	578	OUT	GET /0c/5d/cb/0c5dcba9c70d7411b076ac515b88ebcf.js HTTP/1.1 Host: directlycoldnesscomponent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://0_kid43983.inibara.eu/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:42:23 UTC	540	IN	HTTP/1.1 403 Forbidden Server: nginx/1.21.6 Date: Wed, 24 Apr 2024 12:42:23 GMT Content-Type: application/javascript Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Access-Control-Allow-Origin: * Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49704	172.240.108.84	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:23 UTC	578	OUT	GET /b1/4e/be/b14ebe110d77a1dc726a741d86ac665b.js HTTP/1.1 Host: directlycoldnesscomponent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://0_kid43983.inibara.eu/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:42:23 UTC	540	IN	HTTP/1.1 403 Forbidden Server: nginx/1.21.6 Date: Wed, 24 Apr 2024 12:42:23 GMT Content-Type: application/javascript Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Access-Control-Allow-Origin: * Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49702	88.212.201.198	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:24 UTC	798	OUT	GET /hit;esgusi?t45.6;r;s1280102424;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422 HTTP/1.1 Host: counter.yadro.ru Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://0_kid43983.inibara.eu/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:42:24 UTC	720	IN	HTTP/1.1 302 Moved Temporarily Server: nginx/1.17.9 Date: Wed, 24 Apr 2024 12:42:24 GMT Content-Type: text/html Content-Length: 32 Connection: close Location: https://counter.yadro.ru/hit;esgusi?q;t45.6;r;s1280102424;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422 Expires: Mon, 24 Apr 2023 21:00:00 GMT Pragma: no-cache Cache-control: no-cache P3P: policyref="/w3c/p3p.xml", CP="UNI" Set-Cookie: FTID=1cAFum1sJaun1cAFum0014l6; path=/; expires=Wed, 23 Apr 2025 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru Strict-Transport-Security: max-age=86400
2024-04-24 12:42:24 UTC	32	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 4d 6f 76 65 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body>Moved</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49706	172.240.108.84	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:24 UTC	576	OUT	GET /dcc70babb195d7f16e186a05029ee138/invoke.js HTTP/1.1 Host: directlycoldnesscomponent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://0_kid43983.inibara.eu/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:42:24 UTC	540	IN	HTTP/1.1 403 Forbidden Server: nginx/1.21.6 Date: Wed, 24 Apr 2024 12:42:24 GMT Content-Type: application/javascript Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Access-Control-Allow-Origin: * Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49707	172.240.108.84	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:24 UTC	576	OUT	GET /ec4fc9c1f0b8d2b72f7ca9031eea4499/invoke.js HTTP/1.1 Host: directlycoldnesscomponent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://0_kid43983.inibara.eu/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:42:24 UTC	540	IN	HTTP/1.1 403 Forbidden Server: nginx/1.21.6 Date: Wed, 24 Apr 2024 12:42:24 GMT Content-Type: application/javascript Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Access-Control-Allow-Origin: * Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49709	172.240.108.84	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:24 UTC	576	OUT	GET /9bb1e723dfbb9b4b72f7e607ef03f101/invoke.js HTTP/1.1 Host: directlycoldnesscomponent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://0_kid43983.inibara.eu/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:42:24 UTC	540	IN	HTTP/1.1 403 Forbidden Server: nginx/1.21.6 Date: Wed, 24 Apr 2024 12:42:24 GMT Content-Type: application/javascript Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Access-Control-Allow-Origin: * Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49708	172.240.108.84	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:24 UTC	576	OUT	GET /cb0abcbecf3789f13af8d655e46fefa7/invoke.js HTTP/1.1 Host: directlycoldnesscomponent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://0_kid43983.inibara.eu/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:42:24 UTC	540	IN	HTTP/1.1 403 Forbidden Server: nginx/1.21.6 Date: Wed, 24 Apr 2024 12:42:24 GMT Content-Type: application/javascript Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Access-Control-Allow-Origin: * Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49710	88.212.201.198	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:25 UTC	839	OUT	GET /hit;esgusi?q;t45.6;r;s1280102424;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422 HTTP/1.1 Host: counter.yadro.ru Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://0_kid43983.inibara.eu/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FTID=1cAFum1sJaun1cAFum0014l6
2024-04-24 12:42:25 UTC	481	IN	HTTP/1.1 200 OK Server: nginx/1.17.9 Date: Wed, 24 Apr 2024 12:42:25 GMT Content-Type: image/gif Content-Length: 104 Connection: close Expires: Mon, 24 Apr 2023 21:00:00 GMT Pragma: no-cache Cache-control: no-cache P3P: policyref="/w3c/p3p.xml", CP="UNI" Set-Cookie: VID=3V83mr1mQ8en1cAFun0014-J; path=/; expires=Wed, 23 Apr 2025 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=86400
2024-04-24 12:42:25 UTC	104	IN	Data Raw: 47 49 46 38 37 61 1f 00 1f 00 80 00 00 ff aa 00 ff ff ff 2c 00 00 00 00 1f 00 1f 00 00 02 47 84 8f a9 cb ed 0f a3 9c b4 da 8b 65 d8 bc fb ad 7d 22 17 8e 62 86 7c a8 71 a2 a3 db 01 24 e6 b1 e0 55 db 01 1e 1f 33 95 f3 dd 26 41 e1 8e d8 4b fc 20 c5 d4 f0 d1 74 1e 23 4b 45 15 0a 7d ae b6 dc ae f7 0b 0e 33 0a 00 3b Data Ascii: GIF87a,Ge}"b\|q$U3&AK t#KE}3;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49711	172.67.195.24	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:26 UTC	598	OUT	GET /favicon.ico HTTP/1.1 Host: 0_kid43983.inibara.eu Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://0_kid43983.inibara.eu/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:42:27 UTC	653	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 12:42:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 CF-Cache-Status: MISS Last-Modified: Wed, 24 Apr 2024 12:42:26 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D4%2FcHU8g0ZZAvm8AivVVHv2e7n1L6CncyBa6OkMM18Gc9nUsXFQdTD1Dq5ymCxSaYxZza4YStHUDK77eE9JCkUbt2zsDfMnBE9eisgVkwKaCDNMwnp3vPxErh2NLqB0cI3LvvM%2B8BIs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87962c5bdd135214-LAX alt-svc: h3=":443"; ma=86400
2024-04-24 12:42:27 UTC	8	IN	Data Raw: 33 0d 0a ef bb bf 0d 0a Data Ascii: 3
2024-04-24 12:42:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49713	88.212.202.52	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:27 UTC	628	OUT	GET /hit;esgusi?q;t45.6;r;s1280102424;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422 HTTP/1.1 Host: counter.yadro.ru Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FTID=1cAFum1sJaun1cAFum0014l6; VID=3V83mr1mQ8en1cAFun0014-J
2024-04-24 12:42:27 UTC	459	IN	HTTP/1.1 200 OK Server: nginx/1.17.9 Date: Wed, 24 Apr 2024 12:42:27 GMT Content-Type: image/gif Content-Length: 104 Connection: close Expires: Mon, 24 Apr 2023 21:00:00 GMT Pragma: no-cache Cache-control: no-cache P3P: policyref="/w3c/p3p.xml", CP="UNI" Set-Cookie: FTID=0; path=/; expires=Sat, 01 Jan 2000 00:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=86400
2024-04-24 12:42:27 UTC	104	IN	Data Raw: 47 49 46 38 37 61 1f 00 1f 00 80 00 00 ff aa 00 ff ff ff 2c 00 00 00 00 1f 00 1f 00 00 02 47 84 8f a9 cb ed 0f a3 9c b4 da 8b 65 d8 bc fb ad 7d 22 17 8e 62 86 7c a8 71 a2 a3 db 01 24 e6 b1 e0 55 db 01 1e 1f 33 95 f3 dd 26 41 e1 8e d8 4b fc 20 c5 d4 f0 d1 74 1e 23 4b 45 15 0a 7d ae b6 dc ae f7 0b 0e 33 0a 00 3b Data Ascii: GIF87a,Ge}"b\|q$U3&AK t#KE}3;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.16	49714	104.21.34.12	443	6156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:27 UTC	356	OUT	GET /favicon.ico HTTP/1.1 Host: 0_kid43983.inibara.eu Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:42:27 UTC	664	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 12:42:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 1 Last-Modified: Wed, 24 Apr 2024 12:42:26 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d4pmckyOXxQSQba6tJSx642Wi7wTvyFidiAUBHJD3q1ZjziCcNU2iWLqUJ2D2UbXMjCMnRGP%2FF9VjtZLXy6Gaa4VhA2lPr2Aq5c3OjlwZemJEiKWKQbt6Po4%2F6%2BSr%2B8DUjp478xis7Q%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87962c63ba66321b-LAX alt-svc: h3=":443"; ma=86400
2024-04-24 12:42:27 UTC	8	IN	Data Raw: 33 0d 0a ef bb bf 0d 0a Data Ascii: 3
2024-04-24 12:42:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.16	49720	23.206.6.29	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:33 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 12:42:33 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=238875 Date: Wed, 24 Apr 2024 12:42:33 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.16	49721	23.206.6.29	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:33 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 12:42:34 UTC	531	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0Fz4RYwAAAACZW8dCTzveR7lI76J6Z2l5U0pDRURHRTA1MTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=238868 Date: Wed, 24 Apr 2024 12:42:33 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 12:42:34 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.16	49722	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:42:36 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sg1hOrhlExSgnoX&MD=xM3CFG7N HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-24 12:42:36 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 9463a3a6-e33e-4279-8314-fa1c2ece9922 MS-RequestId: 8562fb13-13ab-4e9f-9e79-f42a4e514983 MS-CV: vcoNAfmV0kK89/9d.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 24 Apr 2024 12:42:35 GMT Connection: close Content-Length: 24490
2024-04-24 12:42:36 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-24 12:42:36 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.16	49723	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:43:14 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sg1hOrhlExSgnoX&MD=xM3CFG7N HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-24 12:43:14 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 7a1d652b-41ac-4a1a-8179-fec32538a33e MS-RequestId: eefa4c81-0800-4651-91ce-07151b54cf3d MS-CV: g8+Qted63Uy9iJdc.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 24 Apr 2024 12:43:13 GMT Connection: close Content-Length: 25457
2024-04-24 12:43:14 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-24 12:43:14 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1696, Parent PID: 3860

General

Target ID:	0
Start time:	14:42:19
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://0_kid43983.inibara.eu/
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6156, Parent PID: 1696

General

Target ID:	1
Start time:	14:42:20
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2008,i,17672308247299657137,1969579376477920447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://0_kid43983.inibara.eu/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Windows Analysis Report
https://0_kid43983.inibara.eu/