IOC Report
https://0_kid43983.inibara.eu/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 11:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 11:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 11:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 11:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 11:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 57
ASCII text
downloaded
Chrome Cache Entry: 58
GIF image data, version 87a, 31 x 31
downloaded
Chrome Cache Entry: 59
HTML document, Unicode text, UTF-8 (with BOM) text
downloaded
Chrome Cache Entry: 60
Unicode text, UTF-8 text, with no line terminators
downloaded
Chrome Cache Entry: 61
Unicode text, UTF-8 text, with no line terminators
dropped
Chrome Cache Entry: 62
GIF image data, version 87a, 31 x 31
dropped
There are 3 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://0_kid43983.inibara.eu/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2008,i,17672308247299657137,1969579376477920447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://0_kid43983.inibara.eu/
malicious
https://directlycoldnesscomponent.com/dcc70babb195d7f16e186a05029ee138/invoke.js
172.240.108.84
https://directlycoldnesscomponent.com/ec4fc9c1f0b8d2b72f7ca9031eea4499/invoke.js
172.240.108.84
https://0_kid43983.inibara.eu/jquery2.js
172.67.195.24
https://counter.yadro.ru/hit;esgusi?t45.6;r;s1280*1024*24;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422
88.212.201.198
https://directlycoldnesscomponent.com/b1/4e/be/b14ebe110d77a1dc726a741d86ac665b.js
172.240.108.84
https://counter.yadro.ru/hit;esgusi?q;t45.6;r;s1280*1024*24;uhttps%3A//0_kid43983.inibara.eu/;h%uD83D%uDDC2%uFE0F%20Curso%20Online%20Acido%20Hialuronico%20Que%20palabras%20adecuadas...%20La%20idea%20fenomenal%2C%20magn%EDfica;0.1923382023758422
88.212.201.198
https://picsum.photos/500/500?random=curso
unknown
https://counter.yadro.ru/hit;esgusi?t45.6;r
unknown
https://directlycoldnesscomponent.com/0c/5d/cb/0c5dcba9c70d7411b076ac515b88ebcf.js
172.240.108.84
https://directlycoldnesscomponent.com/cb0abcbecf3789f13af8d655e46fefa7/invoke.js
172.240.108.84
https://schema.org
unknown
https://picsum.photos/500/500?random=org
unknown
https://0_kid43983.inibara.eu/favicon.ico
172.67.195.24
https://0kid43983.inibara.eu
unknown
https://www.liveinternet.ru/click;esgusi
unknown
https://0_kid43983.inibara.eu/
https://directlycoldnesscomponent.com/9bb1e723dfbb9b4b72f7e607ef03f101/invoke.js
172.240.108.84
There are 7 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
directlycoldnesscomponent.com
172.240.108.84
counter.yadro.ru
88.212.201.198
www.google.com
142.250.141.105
0_kid43983.inibara.eu
172.67.195.24

IPs

IP
Domain
Country
Malicious
88.212.201.198
counter.yadro.ru
Russian Federation
172.240.108.84
directlycoldnesscomponent.com
United States
192.168.2.16
unknown
unknown
172.67.195.24
0_kid43983.inibara.eu
United States
192.168.2.4
unknown
unknown
104.21.34.12
unknown
United States
239.255.255.250
unknown
Reserved
88.212.202.52
unknown
Russian Federation
142.250.141.105
www.google.com
United States

DOM / HTML

URL
Malicious
https://0_kid43983.inibara.eu/