Edit tour

Windows Analysis Report
https://cran.r-project.org/

Overview

General Information

Sample URL:	https://cran.r-project.org/
Analysis ID:	1431936
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cran.r-project.org/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6192 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,5524907010789509663,17111305810804233055,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://cran.r-project.org/navbar.html	HTTP Parser: No favicon
Source: https://cran.r-project.org/banner.shtml	HTTP Parser: No favicon
Source: https://cran.r-project.org/logo.html	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49722 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: cran.r-project.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /R.css HTTP/1.1Host: cran.r-project.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cran.r-project.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logo.html HTTP/1.1Host: cran.r-project.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: frameReferer: https://cran.r-project.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /navbar.html HTTP/1.1Host: cran.r-project.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: frameReferer: https://cran.r-project.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /banner.shtml HTTP/1.1Host: cran.r-project.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: frameReferer: https://cran.r-project.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Rlogo.svg HTTP/1.1Host: cran.r-project.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cran.r-project.org/logo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cran.r-project.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cran.r-project.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Rlogo.svg HTTP/1.1Host: cran.r-project.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cran.r-project.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SpWl3vGk25hxLcD&MD=At+ws7Ev HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SpWl3vGk25hxLcD&MD=At+ws7Ev HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: cran.r-project.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_58.1.dr	String found in binary or memory: http://journal.R-project.org/
Source: chromecache_65.1.dr	String found in binary or memory: https://CRAN.R-project.org/web/packages/policies.html
Source: chromecache_62.1.dr, chromecache_60.1.dr	String found in binary or memory: https://creativecommons.org/licenses/by-sa/4.0/
Source: chromecache_65.1.dr	String found in binary or memory: https://stat.ethz.ch/R/daily
Source: chromecache_65.1.dr	String found in binary or memory: https://www.R-project.org/
Source: chromecache_62.1.dr, chromecache_60.1.dr	String found in binary or memory: https://www.R-project.org/Licenses/
Source: chromecache_65.1.dr, chromecache_58.1.dr	String found in binary or memory: https://www.r-project.org/foundation/donations.html#one-off-donation-form
Source: chromecache_65.1.dr	String found in binary or memory: https://www.wu.ac.at
Source: chromecache_65.1.dr	String found in binary or memory: https://www.wu.ac.at/statmath/
Source: chromecache_65.1.dr	String found in binary or memory: https://xmpalantir.wu.ac.at/cransubmit/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49722 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@14/22@6/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cran.r-project.org/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,5524907010789509663,17111305810804233055,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,5524907010789509663,17111305810804233055,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://cran.r-project.org/	0%	Avira URL Cloud	safe
https://cran.r-project.org/	1%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://www.wu.ac.at	0%	Avira URL Cloud	safe
https://xmpalantir.wu.ac.at/cransubmit/	0%	Avira URL Cloud	safe
https://www.wu.ac.at/statmath/	0%	Avira URL Cloud	safe
https://xmpalantir.wu.ac.at/cransubmit/	0%	Virustotal		Browse
https://www.wu.ac.at	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cran.wu-wien.ac.at	137.208.57.37	true	false	unknown
www.google.com	172.217.2.196	true	false	high
cran.r-project.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://cran.r-project.org/favicon.ico	false	high
https://cran.r-project.org/banner.shtml	false	high
https://cran.r-project.org/Rlogo.svg	false	high
https://cran.r-project.org/navbar.html	false	high
https://cran.r-project.org/logo.html	false	high
https://cran.r-project.org/R.css	false	high
https://cran.r-project.org/	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://creativecommons.org/licenses/by-sa/4.0/	chromecache_62.1.dr, chromecache_60.1.dr	false		high
https://www.r-project.org/foundation/donations.html#one-off-donation-form	chromecache_65.1.dr, chromecache_58.1.dr	false		high
https://www.wu.ac.at	chromecache_65.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.R-project.org/Licenses/	chromecache_62.1.dr, chromecache_60.1.dr	false		high
https://www.R-project.org/	chromecache_65.1.dr	false		high
https://CRAN.R-project.org/web/packages/policies.html	chromecache_65.1.dr	false		high
https://xmpalantir.wu.ac.at/cransubmit/	chromecache_65.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://journal.R-project.org/	chromecache_58.1.dr	false		high
https://www.wu.ac.at/statmath/	chromecache_65.1.dr	false	Avira URL Cloud: safe	unknown
https://stat.ethz.ch/R/daily	chromecache_65.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
137.208.57.37	cran.wu-wien.ac.at	Austria	1776	WirtschaftsuniversitaetWienAT	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.2.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431936
Start date and time:	2024-04-26 02:11:39 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://cran.r-project.org/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@14/22@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.165.195, 142.250.189.142, 74.125.139.84, 34.104.35.123, 142.250.189.131, 199.232.210.172, 142.250.64.142
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 23:12:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.979686808713447
Encrypted:	false
SSDEEP:	48:8MdeTaKnHsidAKZdA1FehwiZUklqehBy+3:8xXyuy
MD5:	98A01F3D36881BF37058140256285DD3
SHA1:	5F4275CF4D3F6D1C1C2399F01D264B523F3EEB0E
SHA-256:	430472870AFB706072633E110CA782D21E91FB516649D854C2232BB7B03A06C5
SHA-512:	9AC5B80DEB279E8347AFA1EE75970E3A539D297F50BFBA7CFB91BF48096D810ED0A0DF7F94DA41B52220FAB864EB9BCC0F86DF975623FF9BD9D37383030F1087
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......E_n...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xz.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............k......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 23:12:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.996241356083018
Encrypted:	false
SSDEEP:	48:8adeTaKnHsidAKZdA1seh/iZUkAQkqehey+2:8vXs9QHy
MD5:	E5F06A927146446917D3B829C86EC9FF
SHA1:	15BF1FE4929DACB4C1AA7B61580E4C925725B01B
SHA-256:	9C790C0924CE07D189A53B9F118D066035FC418AD334A188AB4167B361E3550B
SHA-512:	FDB466795459ECD7D0328DE8DCEA19922AB21C943C8E7DC51D4671FF8301A712613A3E7895DEEBF381232EE20C03A7A583D3DD27173999DF91EC7F15730FEE94
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......:_n...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xz.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............k......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.006396922914425
Encrypted:	false
SSDEEP:	48:8bdeTaKAHsidAKZdA14meh7sFiZUkmgqeh7sEy+BX:8EXtnCy
MD5:	F09FC582EA0AB01F6ECBD8D5CDB7C6A9
SHA1:	512FA9E8DA872B58363C6214036B8C3EB1B61589
SHA-256:	7D67584F0D5793BAE5E8D29D7856E3C9A10D6A120A02B825AAF83374CDCAAFB7
SHA-512:	7D1C192EA16F9FA778D7FBC103D757A7453721DCE642B2F5ACCC0D49DC5AB9D9D0184E61C19D6786C6560872A711ECDF4D3691B4577CD9A9964342EC13BEE036
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xz.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............k......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 23:12:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9955619085097664
Encrypted:	false
SSDEEP:	48:8CdeTaKnHsidAKZdA1TehDiZUkwqeh6y+R:8HXncy
MD5:	EF060FF804E6EA533E338D1C7283A427
SHA1:	54D291A1067C275D28CF2FE14FCD4B978B5A3451
SHA-256:	124FD657A94C10FE57EF6AE73C82DA55EE69E4059377199868D756EC67D60B5F
SHA-512:	65F5B22F3EFC1336A41B62A921F6A7CE6910230C3DAB9F0E70AA03AEE179E6CCC60CC7E6393B99FDC416B50066AB29369E5BCA0ACD581F9F152BFF9B7FE74453
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....4_n...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xz.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............k......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 23:12:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9835246344140276
Encrypted:	false
SSDEEP:	48:8RdeTaKnHsidAKZdA1dehBiZUk1W1qehYy+C:8iX394y
MD5:	00A852BDEB972DF207618B62751990EA
SHA1:	CCFA91E6EA619CD48642A3AEF9396B78AADEF540
SHA-256:	D191F610A04C65615C7B14D697EAC083FC6FB4FD3BF8757C9843F0AC426E9847
SHA-512:	6061E2DDBE860A51B13388CDFE008B7114163B5C52957A9205A784E36F9798EE05861BE14EBC7F8595F0FE1098A54C82DAA0AEC3E26B33F81B41AF8CA696FD5F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......@_n...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xz.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............k......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 23:12:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.995035404553118
Encrypted:	false
SSDEEP:	48:87QdeTaKnHsidAKZdA1duTeehOuTbbiZUk5OjqehOuTbCy+yT+:871X7TfTbxWOvTbCy7T
MD5:	313AB3E0E0270C50730125183C824BF0
SHA1:	D51FA0F58B755D15E4CB3409F7768E1EFC557229
SHA-256:	2C4EBC64E1206124628F61BCDE1FF5AD2832EEFBC6647DF1529E0D108D21C8C0
SHA-512:	ACE8410E3E3B3FE93165CAAB5646BD3A9CDEB509F3080CB5720CDBC508157A08071A526886B44C149BFAB0F3375A1E127D35AD83F4200923B622161CB8E2F957
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......_n...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xz.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............k......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	5430
Entropy (8bit):	4.710205174043457
Encrypted:	false
SSDEEP:	96:Hpv58AqpjL7s23vR0If0ajn0KVs3Re7SVQIurcdGZ:H8LjL7s2fCV3RyYAZ
MD5:	732DEC1DF8DC01D976D98A44B49DABB8
SHA1:	C438249651E0679BE4DFFAB5AA2609E23095736B
SHA-256:	50443AC7A296BB96AD7DB5E4F32092C7C5A460BC4E5D6A177131ED32ED0884E9
SHA-512:	37D44AFB75067A0AF6B02C8B0D4BE524012EFC2984BF829B9B2EAABF1A2A379A71A908DD409B8F574EC16B71E2547A327EF074BC6EB64D6A392614AA30008619
Malicious:	false
Reputation:	low
Preview:	............ .h...&... .... .........(....... ..... ..................................................................................................................[.?.e!..d ..].2........._.p.^...]...\.6.........................a.`.b...a..._.C.....l9..\..._...^...\.,.......................K..l..Y...Z....o....L.n:..Y..._...[.i..............................z..Z...Y...........\..._...\.................K.............p..gz.Z...d...p8..f#..]...\.........\.......3.............0.....d.T.f...j'..`...`...g"..\..yVn.......O..............R.........`.j.k&..h"..h"~.g!@.e...g#..Q...wN..............................g.g.k%..j$..h"U.....f ^.g"..]...h(..................s.........d.v.m(..k&..j%..i#..i%..k&..N..zPh......................Y....._.5.S...\...Z...\..V...J...m0:.................................W..X...........a...Y*..db......................................................................................>................................>...................................5..

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1422
Entropy (8bit):	4.969728617926878
Encrypted:	false
SSDEEP:	24:hYDRTIpd10+EYa0KF8Blh0UelTVpobhJxVBhd:GIpzu0KqkV4xVzd
MD5:	5D8CB6D844875772D2A5F3BD6FD7DE66
SHA1:	89F68DDEA6B16EC6FF99D41E854BC36A985A881C
SHA-256:	22C1348E52004842F40A6FAB2A94F3606E2F8204E9E9FB55C551A174DCAE5338
SHA-512:	CD774F7EC5CBA976ADEE3601AA6576AD28C5E2B7587708657FB8B561BA9CD897507C364E151163B83918E0F88F548D482D196B6C43DA5112BC78F6A6AD6EE8EC
Malicious:	false
Reputation:	low
URL:	https://cran.r-project.org/navbar.html
Preview:	<!DOCTYPE html>.<html lang=en> .<head>.<title>R Contents</title>.<META HTTP-EQUIV="content-type" CONTENT="text/html; charset=utf-8">.<link rel=stylesheet type="text/css" href="R.css">.</head>..<body>..<em class=navigation>CRAN</em><br>.<a href="mirrors.html" target="banner">Mirrors</a><br>.<a href="//www.R-project.org/news.html" target="banner">What's new?</a><br>.<a href="search.html" target="banner">Search</a><br>.<a href="CRAN_team.htm" target="banner">CRAN Team</a>.. <a href="pkg_submit.html" target="_top">Submit</a><BR>-->.<p>.<em class=navigation>About R</em><br>.<a href="//www.R-project.org/" target="_top">R Homepage</a><br>.<a href="http://journal.R-project.org/" target="_top">The R Journal</a>..<p>.<em class=navigation>Software</em><br>.<a href="sources.html" target="banner">R Sources</a><br>.<a href="bin/" target="banner">R Binaries</a><br>.<a href="web/packages/index.html" target="banner">Packages</a><br>.<a href="web/views/" target="banner">Task Views</a><br>.<a href="ot

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	866
Entropy (8bit):	5.276269209940634
Encrypted:	false
SSDEEP:	12:BMQEdOa+3NNR7wwqXDMfht5FjbqQ0hFjbqq+uYLaGa2K1Bql1ql1tGlP1IyXR7cB:Wn+9/0Ip3yGsVlzGUacgVGl
MD5:	98C9BE59FEF6DC4BDAFDDB28DB9A023E
SHA1:	9BC781BF063E325B69FB970F45624EDE77A15B77
SHA-256:	EA11EC37E22216EC707F3D27FEC09059D251FB2A156097E29C3F8169E2955FA9
SHA-512:	541F4C025D2F26FC8ACFE4F322EA76CBCA76C6032C36ED462F9EED2648770AE6C3DFD58AEBD89A14A52277B8932F47217B8EEC871F41D7C75CB6E774D2BD9B53
Malicious:	false
Reputation:	low
URL:	https://cran.r-project.org/
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">.<html lang=en>.<head>.<title>The Comprehensive R Archive Network</title>.<META HTTP-EQUIV="content-type" CONTENT="text/html; charset=utf-8">.<link rel="icon" href="favicon.ico" type="image/x-icon">.<link rel="shortcut icon" href="favicon.ico" type="image/x-icon">.<link rel="stylesheet" type="text/css" href="R.css">.</head>..<FRAMESET cols="1, 4" style="border: none;">.<FRAMESET rows="120, 1*">.<FRAME src="logo.html" name="logo" frameborder=0>.<FRAME src="navbar.html" name="contents" frameborder=0>.</FRAMESET>.<FRAME src="banner.shtml" name="banner" frameborder=0>.<noframes>.<h1>The Comprehensive R Archive Network</h1>..Your browser seems not to support frames,.here is the <A href="navbar.html">contents page</A> of CRAN..</noframes>.</FRAMESET>.</html>.

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (758)
Category:	downloaded
Size (bytes):	2693
Entropy (8bit):	5.314047977753302
Encrypted:	false
SSDEEP:	48:Ts1tjrNDfTiyZIV+PakS5ydlydGZj4Ky/DxbUM47ZutK9C4yYGrkL6LeRPKGX:YNDLa5V/v4LPr
MD5:	F48436046DCA5D25F30091F715505987
SHA1:	7898F047BF9EA7FF1434C98781685A327C9CC39A
SHA-256:	1498F585F2BF7C051DBCFAF66DDC41FB93DA5033461057525C712CC7E191BB16
SHA-512:	4B54D5D41A50F7583F0A186FE83A28788FE17F0B61C563941CA6D3A7C31FF19AED5AF9D68926CB8402A985683D0D8B3EF54B323B4F1BA1B93ED0431ABA1F7EB8
Malicious:	false
Reputation:	low
URL:	https://cran.r-project.org/Rlogo.svg
Preview:	.Copyright (C) 2015-2016 The R Foundation..You can distribute this logo under the terms of the Creative.Commons Attribution-ShareAlike 4.0 International license (CC-BY-SA.4.0) or (at your option) the GNU General Public License version 2.(GPL-2)...This program is distributed in the hope that it will be useful,.but WITHOUT ANY WARRANTY; without even the implied warranty of.MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ..You should have received a copy of the GNU General Public License.along with this program; if not, a copy is available at.https://www.R-project.org/Licenses/..The text of the CC BY-SA 4.0 license is available at.https://creativecommons.org/licenses/by-sa/4.0/.-->.<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" preserveAspectRatio="xMidYMid" width="724" height="561" viewBox="0 0 724 561">. <defs>. <linearGradient id="gradientFill-1" x1="0" x2="1" y1="0" y2="1" gradientUnits="objectBoundingBox" spreadMethod="pad">. <st

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	4.710205174043457
Encrypted:	false
SSDEEP:	96:Hpv58AqpjL7s23vR0If0ajn0KVs3Re7SVQIurcdGZ:H8LjL7s2fCV3RyYAZ
MD5:	732DEC1DF8DC01D976D98A44B49DABB8
SHA1:	C438249651E0679BE4DFFAB5AA2609E23095736B
SHA-256:	50443AC7A296BB96AD7DB5E4F32092C7C5A460BC4E5D6A177131ED32ED0884E9
SHA-512:	37D44AFB75067A0AF6B02C8B0D4BE524012EFC2984BF829B9B2EAABF1A2A379A71A908DD409B8F574EC16B71E2547A327EF074BC6EB64D6A392614AA30008619
Malicious:	false
Reputation:	low
URL:	https://cran.r-project.org/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ..................................................................................................................[.?.e!..d ..].2........._.p.^...]...\.6.........................a.`.b...a..._.C.....l9..\..._...^...\.,.......................K..l..Y...Z....o....L.n:..Y..._...[.i..............................z..Z...Y...........\..._...\.................K.............p..gz.Z...d...p8..f#..]...\.........\.......3.............0.....d.T.f...j'..`...`...g"..\..yVn.......O..............R.........`.j.k&..h"..h"~.g!@.e...g#..Q...wN..............................g.g.k%..j$..h"U.....f ^.g"..]...h(..................s.........d.v.m(..k&..j%..i#..i%..k&..N..zPh......................Y....._.5.S...\...Z...\..V...J...m0:.................................W..X...........a...Y*..db......................................................................................>................................>...................................5..

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (758)
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	5.314047977753302
Encrypted:	false
SSDEEP:	48:Ts1tjrNDfTiyZIV+PakS5ydlydGZj4Ky/DxbUM47ZutK9C4yYGrkL6LeRPKGX:YNDLa5V/v4LPr
MD5:	F48436046DCA5D25F30091F715505987
SHA1:	7898F047BF9EA7FF1434C98781685A327C9CC39A
SHA-256:	1498F585F2BF7C051DBCFAF66DDC41FB93DA5033461057525C712CC7E191BB16
SHA-512:	4B54D5D41A50F7583F0A186FE83A28788FE17F0B61C563941CA6D3A7C31FF19AED5AF9D68926CB8402A985683D0D8B3EF54B323B4F1BA1B93ED0431ABA1F7EB8
Malicious:	false
Reputation:	low
Preview:	.Copyright (C) 2015-2016 The R Foundation..You can distribute this logo under the terms of the Creative.Commons Attribution-ShareAlike 4.0 International license (CC-BY-SA.4.0) or (at your option) the GNU General Public License version 2.(GPL-2)...This program is distributed in the hope that it will be useful,.but WITHOUT ANY WARRANTY; without even the implied warranty of.MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ..You should have received a copy of the GNU General Public License.along with this program; if not, a copy is available at.https://www.R-project.org/Licenses/..The text of the CC BY-SA 4.0 license is available at.https://creativecommons.org/licenses/by-sa/4.0/.-->.<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" preserveAspectRatio="xMidYMid" width="724" height="561" viewBox="0 0 724 561">. <defs>. <linearGradient id="gradientFill-1" x1="0" x2="1" y1="0" y2="1" gradientUnits="objectBoundingBox" spreadMethod="pad">. <st

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	300
Entropy (8bit):	5.151868240792161
Encrypted:	false
SSDEEP:	6:Wzh5/LMQFNxpqXDJR0NNEXW0YBtCeT/qzq9MkdAhB5Q7A+BhZsYDObQ4QL:yhqXDMfhtw+uYANQEWZsbbQL
MD5:	7B3760E9441D1DE7E0FA63546A641BAC
SHA1:	1830052A09065FD324CD5BD25A3CE965D6B903EC
SHA-256:	7DCCBA55CECA76B0DCFC1000FD713F5C6B8887F150BEDB7BE20B8990FB4E78BD
SHA-512:	14B756F6F5B6BFF9277A5857F1AF7B3A5E49F806E7DB101A06F9E7F0BBB37EC442E784B9F5A4423DC62CD5F86935317588598F404183E3FAAE6BD83E9602204D
Malicious:	false
Reputation:	low
URL:	https://cran.r-project.org/logo.html
Preview:	<!DOCTYPE HTML>.<html lang=en>.<head>.<title>R Logo</title>.<META HTTP-EQUIV="content-type" CONTENT="text/html; charset=utf-8">.<link rel="stylesheet" type="text/css" href="R.css">.</head>..<body>.<a href="index.html" target="_top">.<img src="Rlogo.svg" width="130" alt="R logo"></a>.</body>.</html>.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1335
Entropy (8bit):	4.733581909983123
Encrypted:	false
SSDEEP:	24:UCSRunSTTWISCSh4S69zS6+iS6FDgS6ixS6F2oEixDOBiliCqR+hfOM:UCm4bIFfROi1Dgc175WiI6GM
MD5:	B6763E6916890C631FDC3F2643803B1A
SHA1:	B1569D1EB7BE28B1BF3187EE36ADF421D6D87E5F
SHA-256:	0F4849AB1757247808D54DA2C371E992364371C942AD7D629DAE8D62327ED068
SHA-512:	1CB9B40CF54006EB72770210459EC0E2E742568D65464B42A0BD7EA1491748914A84C0D612E2DF2B4D55BB113AEEA6147A86A2AEB3EC31490A8B363767235419
Malicious:	false
Reputation:	low
URL:	https://cran.r-project.org/R.css
Preview:	body {. background: white;. color: black;.}..a:link {. background: white;. color: blue;.}..a:visited {. background: white;. color: rgb(50%, 0%, 50%);.}..h1 {. background: white;. color: rgb(55%, 55%, 55%);. font-family: monospace;. font-size: x-large;. text-align: center;.}..h2 {. background: white;. color: rgb(40%, 40%, 40%);. font-family: monospace;. font-size: large;. text-align: center;.}..h3 {. background: white;. color: rgb(40%, 40%, 40%);. font-family: monospace;. font-size: large;.}..h4 {. background: white;. color: rgb(40%, 40%, 40%);. font-family: monospace;. font-style: italic;. font-size: large;.}..h5 {. background: white;. color: rgb(40%, 40%, 40%);. font-family: monospace;.}..h6 {. background: white;. color: rgb(40%, 40%, 40%);. font-family: monospace;. font-style: italic;.}....img.toplogo {. width: 4em;. vertical-align: middle;.}..img.arrow {. width: 30px;. height:

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	5770
Entropy (8bit):	4.957309141911203
Encrypted:	false
SSDEEP:	96:k8IRFY0Xzhbx27Kh4Drvqq5pNZ4ZcbMlatl3XoHGNM87Mf9uJs2KzWa0JDo+:k8eY0Do8m+q5pN/ftmm3YBjCaw
MD5:	286F8149123235F55E55B5C49EA33D2A
SHA1:	C0C3AC6101B42FE12B297DF9A290E2007D085FBE
SHA-256:	13F8570FB229072D6F9E7A5F96B2080D7905000C0D222D953C5339C6A6F84EA4
SHA-512:	F6358F2848C35814A78D9B86BB912A85895BD116A6F8840A2A1CDAC607AA45DB5CDCAB667D5CBF9E74696622E59EBD32C2029607BBDD924C9D2FFEB32646D31E
Malicious:	false
Reputation:	low
URL:	https://cran.r-project.org/banner.shtml
Preview:	<!DOCTYPE HTML>.<html lang=en> .<head>.<title>The Comprehensive R Archive Network</title>.<META HTTP-EQUIV="content-type" CONTENT="text/html; charset=utf-8">.<link rel="stylesheet" type="text/css" href="R.css">..<style>.table, th, td {. border: 1px solid black;.}.th, td {. padding: 5px;.}.</style>.</head>..<body>..<h1>The Comprehensive R Archive Network</h1>..<div>.<table style="margin-left: auto;margin-right: auto;width: 80%">. <tr>. <td><h3>Download and Install R</h3>. Precompiled binary distributions of the base system and. contributed packages, <strong>Windows and. Mac</strong> users most likely want one of these versions of R:..<ul>.. <li><a href="bin/linux/">Download R for Linux</a>.. (<a href="bin/linux/debian">Debian</a>,.. <a href="bin/linux/fedora">Fedora/Redhat</a>,.. <a href="bin/linux/ubuntu">Ubuntu</a>).. </li>.. <li><a href="bin/macosx/">Download R for macOS</a></li>.. <li><a href="bin/windows/">Download R for Windows</a></li>..</ul>.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 02:12:05.718540907 CEST	49703	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:05.718621016 CEST	443	49703	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:05.718785048 CEST	49703	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:05.718997002 CEST	49703	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:05.719032049 CEST	443	49703	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:05.719321966 CEST	49704	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:05.719364882 CEST	443	49704	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:05.719453096 CEST	49704	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:05.719604015 CEST	49704	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:05.719618082 CEST	443	49704	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.237246037 CEST	443	49704	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.237519979 CEST	49704	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.237544060 CEST	443	49704	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.238533020 CEST	443	49704	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.238622904 CEST	49704	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.239698887 CEST	49704	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.239783049 CEST	443	49704	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.239923954 CEST	49704	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.239933014 CEST	443	49704	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.247454882 CEST	443	49703	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.247674942 CEST	49703	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.247703075 CEST	443	49703	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.249150991 CEST	443	49703	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.249241114 CEST	49703	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.250065088 CEST	49703	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.250143051 CEST	443	49703	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.283880949 CEST	49704	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.300055027 CEST	49703	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.300076008 CEST	443	49703	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.347908974 CEST	49703	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.738163948 CEST	443	49704	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.738243103 CEST	443	49704	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.738647938 CEST	49704	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.739237070 CEST	49704	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.739254951 CEST	443	49704	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.750386000 CEST	49703	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.756994963 CEST	49705	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.757081032 CEST	443	49705	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.757251024 CEST	49705	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.757460117 CEST	49705	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.757496119 CEST	443	49705	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.758213043 CEST	49706	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.758240938 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.758320093 CEST	49706	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.758914948 CEST	49706	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.758924961 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.759186983 CEST	49707	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.759263992 CEST	443	49707	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.759517908 CEST	49707	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.759723902 CEST	49707	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:06.759753942 CEST	443	49707	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:06.792133093 CEST	443	49703	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.003716946 CEST	443	49703	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.003914118 CEST	443	49703	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.003977060 CEST	49703	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.005172968 CEST	49703	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.005198002 CEST	443	49703	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.274497986 CEST	443	49707	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.274548054 CEST	443	49705	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.274859905 CEST	49705	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.274921894 CEST	443	49705	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.274966955 CEST	49707	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.275027037 CEST	443	49707	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.275276899 CEST	443	49705	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.275626898 CEST	49705	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.275696993 CEST	443	49705	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.275772095 CEST	49705	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.275921106 CEST	443	49707	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.276005030 CEST	49707	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.276295900 CEST	49707	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.276375055 CEST	443	49707	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.276422977 CEST	49707	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.280065060 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.280306101 CEST	49706	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.280320883 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.281490088 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.283307076 CEST	49706	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.283409119 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.283420086 CEST	49706	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.320128918 CEST	443	49705	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.320918083 CEST	49705	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.320925951 CEST	49707	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.320946932 CEST	443	49707	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.328113079 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.336910009 CEST	49706	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.368937969 CEST	49707	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.779949903 CEST	443	49705	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.780064106 CEST	443	49705	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.780148983 CEST	49705	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.780702114 CEST	443	49707	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.780725956 CEST	443	49707	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.780765057 CEST	443	49707	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.780790091 CEST	49707	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.780849934 CEST	49707	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.781148911 CEST	49705	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.781188011 CEST	443	49705	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.784259081 CEST	49707	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.784287930 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.784327984 CEST	443	49707	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.784595013 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.784615993 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.784666061 CEST	49706	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.784687042 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.784703016 CEST	49706	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.784898043 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.784981012 CEST	49706	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.788429022 CEST	49706	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.788439989 CEST	443	49706	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.790038109 CEST	49709	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.790080070 CEST	443	49709	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:07.790148973 CEST	49709	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.790487051 CEST	49709	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:07.790508032 CEST	443	49709	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:08.302609921 CEST	443	49709	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:08.303396940 CEST	49709	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:08.303417921 CEST	443	49709	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:08.303719997 CEST	443	49709	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:08.304080963 CEST	49709	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:08.304146051 CEST	443	49709	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:08.304222107 CEST	49709	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:08.352113962 CEST	443	49709	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:08.808407068 CEST	443	49709	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:08.808507919 CEST	443	49709	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:08.808554888 CEST	443	49709	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:08.808572054 CEST	49709	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:08.808609009 CEST	49709	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:08.809473991 CEST	49709	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:08.809494019 CEST	443	49709	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:08.816392899 CEST	49711	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:08.816493034 CEST	443	49711	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:08.816584110 CEST	49711	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:08.816802025 CEST	49711	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:08.816837072 CEST	443	49711	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.279308081 CEST	49713	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.279381037 CEST	443	49713	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.279472113 CEST	49713	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.279680967 CEST	49713	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.279711008 CEST	443	49713	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.327327013 CEST	443	49711	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.327558994 CEST	49711	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.327605963 CEST	443	49711	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.327927113 CEST	443	49711	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.328221083 CEST	49711	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.328291893 CEST	443	49711	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.328336954 CEST	49711	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.372147083 CEST	443	49711	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.374918938 CEST	49711	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.799230099 CEST	443	49713	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.799494982 CEST	49713	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.799523115 CEST	443	49713	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.802768946 CEST	443	49713	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.802848101 CEST	49713	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.803255081 CEST	49713	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.803334951 CEST	443	49713	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.803441048 CEST	49713	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.803455114 CEST	443	49713	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.832989931 CEST	443	49711	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.833148003 CEST	443	49711	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.833210945 CEST	443	49711	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.833220005 CEST	49711	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.833276033 CEST	49711	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.833997965 CEST	49711	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.834028006 CEST	443	49711	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.837146997 CEST	49714	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.837188959 CEST	443	49714	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.837256908 CEST	49714	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.837480068 CEST	49714	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.837497950 CEST	443	49714	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:09.852901936 CEST	49713	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:09.883884907 CEST	49715	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:12:09.883959055 CEST	443	49715	172.217.2.196	192.168.2.16
Apr 26, 2024 02:12:09.884052992 CEST	49715	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:12:09.884224892 CEST	49715	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:12:09.884258986 CEST	443	49715	172.217.2.196	192.168.2.16
Apr 26, 2024 02:12:10.223798037 CEST	443	49715	172.217.2.196	192.168.2.16
Apr 26, 2024 02:12:10.224731922 CEST	49715	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:12:10.224812031 CEST	443	49715	172.217.2.196	192.168.2.16
Apr 26, 2024 02:12:10.226336002 CEST	443	49715	172.217.2.196	192.168.2.16
Apr 26, 2024 02:12:10.226443052 CEST	49715	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:12:10.227479935 CEST	49715	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:12:10.227576971 CEST	443	49715	172.217.2.196	192.168.2.16
Apr 26, 2024 02:12:10.269931078 CEST	49715	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:12:10.269954920 CEST	443	49715	172.217.2.196	192.168.2.16
Apr 26, 2024 02:12:10.305344105 CEST	443	49713	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.305510998 CEST	443	49713	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.305566072 CEST	49713	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:10.305588961 CEST	443	49713	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.305644989 CEST	443	49713	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.305706978 CEST	49713	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:10.306088924 CEST	49713	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:10.306113005 CEST	443	49713	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.317936897 CEST	49715	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:12:10.352612972 CEST	443	49714	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.352863073 CEST	49714	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:10.352880955 CEST	443	49714	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.353205919 CEST	443	49714	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.353492022 CEST	49714	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:10.353554964 CEST	443	49714	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.353600025 CEST	49714	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:10.396959066 CEST	49714	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:10.396971941 CEST	443	49714	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.859850883 CEST	443	49714	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.860037088 CEST	443	49714	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.860095024 CEST	443	49714	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:10.860124111 CEST	49714	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:10.860150099 CEST	49714	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:10.860790968 CEST	49714	443	192.168.2.16	137.208.57.37
Apr 26, 2024 02:12:10.860810995 CEST	443	49714	137.208.57.37	192.168.2.16
Apr 26, 2024 02:12:11.959589005 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 26, 2024 02:12:12.262917042 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 26, 2024 02:12:12.866940975 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 26, 2024 02:12:14.074928999 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 26, 2024 02:12:14.142730951 CEST	49689	80	192.168.2.16	192.229.211.108
Apr 26, 2024 02:12:16.479932070 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 26, 2024 02:12:18.298877001 CEST	49719	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.298913956 CEST	443	49719	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:18.299015045 CEST	49719	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.300739050 CEST	49719	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.300751925 CEST	443	49719	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:18.596307039 CEST	443	49719	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:18.596415997 CEST	49719	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.601373911 CEST	49719	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.601381063 CEST	443	49719	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:18.601814985 CEST	443	49719	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:18.652937889 CEST	49719	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.653636932 CEST	49719	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.700129986 CEST	443	49719	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:18.857640028 CEST	443	49719	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:18.857738018 CEST	443	49719	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:18.857791901 CEST	49719	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.857892036 CEST	49719	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.857908964 CEST	443	49719	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:18.857918978 CEST	49719	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.857923985 CEST	443	49719	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:18.896307945 CEST	49720	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.896353960 CEST	443	49720	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:18.896440983 CEST	49720	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.896780968 CEST	49720	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:18.896794081 CEST	443	49720	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:19.179493904 CEST	443	49720	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:19.179646015 CEST	49720	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:19.181581020 CEST	49720	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:19.181616068 CEST	443	49720	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:19.184231043 CEST	443	49720	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:19.185410976 CEST	49720	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:19.232152939 CEST	443	49720	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:19.460273027 CEST	443	49720	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:19.460454941 CEST	443	49720	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:19.460521936 CEST	49720	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:19.461333036 CEST	49720	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:19.461355925 CEST	443	49720	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:19.461371899 CEST	49720	443	192.168.2.16	23.63.206.91
Apr 26, 2024 02:12:19.461379051 CEST	443	49720	23.63.206.91	192.168.2.16
Apr 26, 2024 02:12:19.690220118 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:19.690270901 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:19.690350056 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:19.691997051 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:19.692029953 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.137379885 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 26, 2024 02:12:20.194195986 CEST	443	49715	172.217.2.196	192.168.2.16
Apr 26, 2024 02:12:20.194364071 CEST	443	49715	172.217.2.196	192.168.2.16
Apr 26, 2024 02:12:20.194531918 CEST	49715	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:12:20.198827982 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.198940992 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:20.203305006 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:20.203336954 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.203753948 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.248927116 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:20.253938913 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:20.296125889 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.440965891 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 26, 2024 02:12:20.665709019 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.665740013 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.665750980 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.665765047 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.665791988 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.665837049 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:20.665879011 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.665911913 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:20.665916920 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.665941954 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:20.665951967 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.665996075 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:20.680490971 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:20.680526018 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:20.680542946 CEST	49721	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:20.680552006 CEST	443	49721	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:21.048948050 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 26, 2024 02:12:21.209671021 CEST	49715	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:12:21.209734917 CEST	443	49715	172.217.2.196	192.168.2.16
Apr 26, 2024 02:12:21.287981033 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 26, 2024 02:12:22.262938976 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 26, 2024 02:12:24.596076965 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 26, 2024 02:12:24.675951004 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 26, 2024 02:12:24.899960041 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 26, 2024 02:12:25.506964922 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 26, 2024 02:12:26.720974922 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 26, 2024 02:12:29.123157978 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 26, 2024 02:12:29.490032911 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 26, 2024 02:12:30.891993046 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 26, 2024 02:12:33.929105997 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 26, 2024 02:12:39.101152897 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 26, 2024 02:12:43.542993069 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 26, 2024 02:12:55.911781073 CEST	80	49698	208.111.136.128	192.168.2.16
Apr 26, 2024 02:12:55.911916018 CEST	49698	80	192.168.2.16	208.111.136.128
Apr 26, 2024 02:12:55.911953926 CEST	49698	80	192.168.2.16	208.111.136.128
Apr 26, 2024 02:12:56.037940979 CEST	80	49698	208.111.136.128	192.168.2.16
Apr 26, 2024 02:12:56.176198959 CEST	49699	80	192.168.2.16	208.111.136.128
Apr 26, 2024 02:12:56.215357065 CEST	80	49699	208.111.136.128	192.168.2.16
Apr 26, 2024 02:12:56.215466022 CEST	49699	80	192.168.2.16	208.111.136.128
Apr 26, 2024 02:12:56.302300930 CEST	80	49699	208.111.136.128	192.168.2.16
Apr 26, 2024 02:12:57.202378035 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:57.202406883 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:57.202542067 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:57.203686953 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:57.203701019 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:57.703100920 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:57.703279972 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:57.704972982 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:57.704979897 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:57.705372095 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:57.707142115 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:57.748137951 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:58.182642937 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:58.182702065 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:58.182748079 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:58.182789087 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:58.182806969 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:58.182832956 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:58.182852030 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:58.182961941 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:58.183042049 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:58.183043003 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:58.183084011 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:58.183132887 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:58.183139086 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:58.183187008 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:58.183244944 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:58.186197996 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:58.186214924 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:12:58.186225891 CEST	49722	443	192.168.2.16	13.85.23.86
Apr 26, 2024 02:12:58.186230898 CEST	443	49722	13.85.23.86	192.168.2.16
Apr 26, 2024 02:13:09.816170931 CEST	49724	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:13:09.816211939 CEST	443	49724	172.217.2.196	192.168.2.16
Apr 26, 2024 02:13:09.816317081 CEST	49724	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:13:09.816519022 CEST	49724	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:13:09.816534996 CEST	443	49724	172.217.2.196	192.168.2.16
Apr 26, 2024 02:13:10.147845030 CEST	443	49724	172.217.2.196	192.168.2.16
Apr 26, 2024 02:13:10.148149014 CEST	49724	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:13:10.148183107 CEST	443	49724	172.217.2.196	192.168.2.16
Apr 26, 2024 02:13:10.149288893 CEST	443	49724	172.217.2.196	192.168.2.16
Apr 26, 2024 02:13:10.149584055 CEST	49724	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:13:10.149761915 CEST	443	49724	172.217.2.196	192.168.2.16
Apr 26, 2024 02:13:10.197041988 CEST	49724	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:13:14.246140003 CEST	49688	443	192.168.2.16	204.79.197.200
Apr 26, 2024 02:13:20.137381077 CEST	443	49724	172.217.2.196	192.168.2.16
Apr 26, 2024 02:13:20.137542963 CEST	443	49724	172.217.2.196	192.168.2.16
Apr 26, 2024 02:13:20.137622118 CEST	49724	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:13:21.203679085 CEST	49724	443	192.168.2.16	172.217.2.196
Apr 26, 2024 02:13:21.203738928 CEST	443	49724	172.217.2.196	192.168.2.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 02:12:04.972935915 CEST	56542	53	192.168.2.16	1.1.1.1
Apr 26, 2024 02:12:04.973083973 CEST	54313	53	192.168.2.16	1.1.1.1
Apr 26, 2024 02:12:05.096564054 CEST	53	60195	1.1.1.1	192.168.2.16
Apr 26, 2024 02:12:05.099644899 CEST	53	56265	1.1.1.1	192.168.2.16
Apr 26, 2024 02:12:05.717750072 CEST	53	54313	1.1.1.1	192.168.2.16
Apr 26, 2024 02:12:05.718018055 CEST	53	56542	1.1.1.1	192.168.2.16
Apr 26, 2024 02:12:05.934927940 CEST	53	51363	1.1.1.1	192.168.2.16
Apr 26, 2024 02:12:08.812151909 CEST	62543	53	192.168.2.16	1.1.1.1
Apr 26, 2024 02:12:08.812310934 CEST	64117	53	192.168.2.16	1.1.1.1
Apr 26, 2024 02:12:09.221491098 CEST	53	62543	1.1.1.1	192.168.2.16
Apr 26, 2024 02:12:09.300462961 CEST	53	64117	1.1.1.1	192.168.2.16
Apr 26, 2024 02:12:09.757740021 CEST	62444	53	192.168.2.16	1.1.1.1
Apr 26, 2024 02:12:09.757880926 CEST	52939	53	192.168.2.16	1.1.1.1
Apr 26, 2024 02:12:09.882919073 CEST	53	62444	1.1.1.1	192.168.2.16
Apr 26, 2024 02:12:09.883128881 CEST	53	52939	1.1.1.1	192.168.2.16
Apr 26, 2024 02:12:22.950391054 CEST	53	64807	1.1.1.1	192.168.2.16
Apr 26, 2024 02:12:41.848062038 CEST	53	58729	1.1.1.1	192.168.2.16
Apr 26, 2024 02:13:04.884202003 CEST	53	55552	1.1.1.1	192.168.2.16
Apr 26, 2024 02:13:05.045371056 CEST	53	49452	1.1.1.1	192.168.2.16
Apr 26, 2024 02:13:16.303236008 CEST	138	138	192.168.2.16	192.168.2.255
Apr 26, 2024 02:13:32.610099077 CEST	53	64514	1.1.1.1	192.168.2.16

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 26, 2024 02:12:09.300553083 CEST	192.168.2.16	1.1.1.1	c248	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 02:12:04.972935915 CEST	192.168.2.16	1.1.1.1	0xd739	Standard query (0)	cran.r-project.org	A (IP address)	IN (0x0001)	false
Apr 26, 2024 02:12:04.973083973 CEST	192.168.2.16	1.1.1.1	0x213b	Standard query (0)	cran.r-project.org	65	IN (0x0001)	false
Apr 26, 2024 02:12:08.812151909 CEST	192.168.2.16	1.1.1.1	0xcc8a	Standard query (0)	cran.r-project.org	A (IP address)	IN (0x0001)	false
Apr 26, 2024 02:12:08.812310934 CEST	192.168.2.16	1.1.1.1	0x5ed8	Standard query (0)	cran.r-project.org	65	IN (0x0001)	false
Apr 26, 2024 02:12:09.757740021 CEST	192.168.2.16	1.1.1.1	0x6476	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 02:12:09.757880926 CEST	192.168.2.16	1.1.1.1	0xe9af	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 02:12:05.717750072 CEST	1.1.1.1	192.168.2.16	0x213b	No error (0)	cran.r-project.org	cran.wu-wien.ac.at		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 02:12:05.718018055 CEST	1.1.1.1	192.168.2.16	0xd739	No error (0)	cran.r-project.org	cran.wu-wien.ac.at		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 02:12:05.718018055 CEST	1.1.1.1	192.168.2.16	0xd739	No error (0)	cran.wu-wien.ac.at		137.208.57.37	A (IP address)	IN (0x0001)	false
Apr 26, 2024 02:12:09.221491098 CEST	1.1.1.1	192.168.2.16	0xcc8a	No error (0)	cran.r-project.org	cran.wu-wien.ac.at		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 02:12:09.221491098 CEST	1.1.1.1	192.168.2.16	0xcc8a	No error (0)	cran.wu-wien.ac.at		137.208.57.37	A (IP address)	IN (0x0001)	false
Apr 26, 2024 02:12:09.300462961 CEST	1.1.1.1	192.168.2.16	0x5ed8	No error (0)	cran.r-project.org	cran.wu-wien.ac.at		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 02:12:09.882919073 CEST	1.1.1.1	192.168.2.16	0x6476	No error (0)	www.google.com		172.217.2.196	A (IP address)	IN (0x0001)	false
Apr 26, 2024 02:12:09.883128881 CEST	1.1.1.1	192.168.2.16	0xe9af	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

cran.r-project.org

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49704	137.208.57.37	443	6192	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:06 UTC	661	OUT	GET / HTTP/1.1 Host: cran.r-project.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 00:12:06 UTC	255	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 00:12:06 GMT Server: Apache Last-Modified: Mon, 04 Mar 2024 19:47:19 GMT ETag: "362-612dafe59ac63" Accept-Ranges: bytes Content-Length: 866 Vary: Accept-Encoding Connection: close Content-Type: text/html
2024-04-26 00:12:06 UTC	866	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 46 72 61 6d 65 73 65 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 66 72 61 6d 65 73 65 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 65 20 43 6f 6d 70 72 65 68 65 6e 73 69 76 65 20 52 20 41 72 63 68 69 76 65 20 4e 65 74 77 6f 72 6b 3c 2f 74 69 74 6c 65 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"><html lang=en><head><title>The Comprehensive R Archive Network</title><META HTTP-EQUIV="content-type" CONTENT="text/html; charset=utf-8"><link rel="i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49703	137.208.57.37	443	6192	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:06 UTC	540	OUT	GET /R.css HTTP/1.1 Host: cran.r-project.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://cran.r-project.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 00:12:06 UTC	255	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 00:12:06 GMT Server: Apache Last-Modified: Wed, 02 Mar 2016 13:45:21 GMT ETag: "537-52d1117df828e" Accept-Ranges: bytes Content-Length: 1335 Vary: Accept-Encoding Connection: close Content-Type: text/css
2024-04-26 00:12:06 UTC	1335	IN	Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 62 6c 61 63 6b 3b 0a 7d 0a 0a 61 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 62 6c 75 65 3b 0a 7d 0a 0a 61 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 28 35 30 25 2c 20 30 25 2c 20 35 30 25 29 3b 0a 7d 0a 0a 68 31 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 28 35 35 25 2c 20 35 35 25 2c 20 35 35 25 29 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 6d 6f 6e 6f 73 70 61 63 Data Ascii: body { background: white; color: black;}a:link { background: white; color: blue;}a:visited { background: white; color: rgb(50%, 0%, 50%);}h1 { background: white; color: rgb(55%, 55%, 55%); font-family: monospac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49705	137.208.57.37	443	6192	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:07 UTC	692	OUT	GET /logo.html HTTP/1.1 Host: cran.r-project.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: frame Referer: https://cran.r-project.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 00:12:07 UTC	255	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 00:12:07 GMT Server: Apache Last-Modified: Mon, 04 Mar 2024 19:49:01 GMT ETag: "12c-612db0465ffff" Accept-Ranges: bytes Content-Length: 300 Vary: Accept-Encoding Connection: close Content-Type: text/html
2024-04-26 00:12:07 UTC	300	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 52 20 4c 6f 67 6f 3c 2f 74 69 74 6c 65 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 52 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 61 20 68 72 65 66 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 20 74 61 72 67 65 74 3d 22 5f 74 6f 70 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 52 6c 6f 67 6f 2e 73 76 67 22 20 77 Data Ascii: <!DOCTYPE HTML><html lang=en><head><title>R Logo</title><META HTTP-EQUIV="content-type" CONTENT="text/html; charset=utf-8"><link rel="stylesheet" type="text/css" href="R.css"></head><body><a href="index.html" target="_top"><img src="Rlogo.svg" w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49707	137.208.57.37	443	6192	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:07 UTC	694	OUT	GET /navbar.html HTTP/1.1 Host: cran.r-project.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: frame Referer: https://cran.r-project.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 00:12:07 UTC	256	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 00:12:07 GMT Server: Apache Last-Modified: Mon, 26 Feb 2024 20:02:01 GMT ETag: "58e-6124e620a45ad" Accept-Ranges: bytes Content-Length: 1422 Vary: Accept-Encoding Connection: close Content-Type: text/html
2024-04-26 00:12:07 UTC	1422	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 20 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 52 20 43 6f 6e 74 65 6e 74 73 3c 2f 74 69 74 6c 65 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 52 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 0a 3c 65 6d 20 63 6c 61 73 73 3d 6e 61 76 69 67 61 74 69 6f 6e 3e 43 52 41 4e 3c 2f 65 6d 3e 3c 62 72 3e 0a 3c 61 20 68 72 65 66 3d 22 6d 69 72 72 6f 72 73 2e 68 74 Data Ascii: <!DOCTYPE html><html lang=en> <head><title>R Contents</title><META HTTP-EQUIV="content-type" CONTENT="text/html; charset=utf-8"><link rel=stylesheet type="text/css" href="R.css"></head><body><em class=navigation>CRAN</em><br><a href="mirrors.ht

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49706	137.208.57.37	443	6192	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:07 UTC	695	OUT	GET /banner.shtml HTTP/1.1 Host: cran.r-project.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: frame Referer: https://cran.r-project.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 00:12:07 UTC	189	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 00:12:07 GMT Server: Apache Accept-Ranges: bytes Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html
2024-04-26 00:12:07 UTC	6	IN	Data Raw: 31 35 39 65 0d 0a Data Ascii: 159e
2024-04-26 00:12:07 UTC	5534	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 20 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 65 20 43 6f 6d 70 72 65 68 65 6e 73 69 76 65 20 52 20 41 72 63 68 69 76 65 20 4e 65 74 77 6f 72 6b 3c 2f 74 69 74 6c 65 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 52 2e 63 73 73 22 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 74 61 62 6c 65 2c 20 74 68 2c 20 74 64 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 Data Ascii: <!DOCTYPE HTML><html lang=en> <head><title>The Comprehensive R Archive Network</title><META HTTP-EQUIV="content-type" CONTENT="text/html; charset=utf-8"><link rel="stylesheet" type="text/css" href="R.css"><style>table, th, td { border: 1px solid
2024-04-26 00:12:07 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-04-26 00:12:07 UTC	247	IN	Data Raw: 65 63 0d 0a 54 68 69 73 20 73 65 72 76 65 72 20 69 73 20 68 6f 73 74 65 64 20 62 79 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 75 2e 61 63 2e 61 74 2f 73 74 61 74 6d 61 74 68 2f 22 20 74 61 72 67 65 74 3d 5f 74 6f 70 3e 49 6e 73 74 69 74 75 74 65 20 66 6f 72 20 53 74 61 74 69 73 74 69 63 73 20 61 6e 64 20 4d 61 74 68 65 6d 61 74 69 63 73 3c 2f 61 3e 20 6f 66 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 75 2e 61 63 2e 61 74 22 20 74 61 72 67 65 74 3d 5f 74 6f 70 3e 57 55 20 28 57 69 72 74 73 63 68 61 66 74 73 75 6e 69 76 65 72 73 69 74 26 61 75 6d 6c 3b 74 20 57 69 65 6e 29 3c 2f 61 3e 2e 3c 62 72 3e 0a 3c 2f 62 6f 64 79 3e 20 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: ecThis server is hosted by the <a href="https://www.wu.ac.at/statmath/" target=_top>Institute for Statistics and Mathematics</a> of <a href="https://www.wu.ac.at" target=_top>WU (Wirtschaftsuniversität Wien)</a>.<br></body> </html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49709	137.208.57.37	443	6192	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:08 UTC	599	OUT	GET /Rlogo.svg HTTP/1.1 Host: cran.r-project.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cran.r-project.org/logo.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 00:12:08 UTC	237	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 00:12:08 GMT Server: Apache Last-Modified: Wed, 02 Mar 2016 13:41:51 GMT ETag: "a85-52d110b5371f6" Accept-Ranges: bytes Content-Length: 2693 Connection: close Content-Type: image/svg+xml
2024-04-26 00:12:08 UTC	2693	IN	Data Raw: 3c 21 2d 2d 0a 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 32 30 31 35 2d 32 30 31 36 20 54 68 65 20 52 20 46 6f 75 6e 64 61 74 69 6f 6e 0a 0a 59 6f 75 20 63 61 6e 20 64 69 73 74 72 69 62 75 74 65 20 74 68 69 73 20 6c 6f 67 6f 20 75 6e 64 65 72 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 43 72 65 61 74 69 76 65 0a 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 2d 53 68 61 72 65 41 6c 69 6b 65 20 34 2e 30 20 49 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 20 6c 69 63 65 6e 73 65 20 28 43 43 2d 42 59 2d 53 41 0a 34 2e 30 29 20 6f 72 20 28 61 74 20 79 6f 75 72 20 6f 70 74 69 6f 6e 29 20 74 68 65 20 47 4e 55 20 47 65 6e 65 72 61 6c 20 50 75 62 6c 69 63 20 4c 69 63 65 6e 73 65 20 76 65 72 73 69 6f 6e 20 32 0a 28 47 50 4c 2d 32 29 2e 0a 0a 54 68 69 73 Data Ascii: ...Copyright (C) 2015-2016 The R FoundationYou can distribute this logo under the terms of the CreativeCommons Attribution-ShareAlike 4.0 International license (CC-BY-SA4.0) or (at your option) the GNU General Public License version 2(GPL-2).This

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49711	137.208.57.37	443	6192	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:09 UTC	592	OUT	GET /favicon.ico HTTP/1.1 Host: cran.r-project.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cran.r-project.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 00:12:09 UTC	249	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 00:12:09 GMT Server: Apache Last-Modified: Sat, 05 Mar 2016 11:15:50 GMT ETag: "1536-52d4b5aa7f5d2" Accept-Ranges: bytes Content-Length: 5430 Connection: close Content-Type: image/vnd.microsoft.icon
2024-04-26 00:12:09 UTC	5430	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bb 5b 09 3f b5 65 21 9a b3 64 20 97 b7 5d 0e 32 00 00 00 00 00 00 00 00 af 5f 18 70 ae 5e 18 97 ab 5d 17 a6 aa 5c 16 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 61 16 60 b7 62 19 ff b6 61 18 ff b6 5f 15 43 00 00 00 00 a9 6c 39 0d b1 Data Ascii: h& ( [?e!d ]2_p^]\6a`ba_Cl9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49713	137.208.57.37	443	6192	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:09 UTC	351	OUT	GET /Rlogo.svg HTTP/1.1 Host: cran.r-project.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 00:12:10 UTC	237	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 00:12:10 GMT Server: Apache Last-Modified: Wed, 02 Mar 2016 13:41:51 GMT ETag: "a85-52d110b5371f6" Accept-Ranges: bytes Content-Length: 2693 Connection: close Content-Type: image/svg+xml
2024-04-26 00:12:10 UTC	2693	IN	Data Raw: 3c 21 2d 2d 0a 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 32 30 31 35 2d 32 30 31 36 20 54 68 65 20 52 20 46 6f 75 6e 64 61 74 69 6f 6e 0a 0a 59 6f 75 20 63 61 6e 20 64 69 73 74 72 69 62 75 74 65 20 74 68 69 73 20 6c 6f 67 6f 20 75 6e 64 65 72 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 43 72 65 61 74 69 76 65 0a 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 2d 53 68 61 72 65 41 6c 69 6b 65 20 34 2e 30 20 49 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 20 6c 69 63 65 6e 73 65 20 28 43 43 2d 42 59 2d 53 41 0a 34 2e 30 29 20 6f 72 20 28 61 74 20 79 6f 75 72 20 6f 70 74 69 6f 6e 29 20 74 68 65 20 47 4e 55 20 47 65 6e 65 72 61 6c 20 50 75 62 6c 69 63 20 4c 69 63 65 6e 73 65 20 76 65 72 73 69 6f 6e 20 32 0a 28 47 50 4c 2d 32 29 2e 0a 0a 54 68 69 73 Data Ascii: ...Copyright (C) 2015-2016 The R FoundationYou can distribute this logo under the terms of the CreativeCommons Attribution-ShareAlike 4.0 International license (CC-BY-SA4.0) or (at your option) the GNU General Public License version 2(GPL-2).This

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49714	137.208.57.37	443	6192	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:10 UTC	353	OUT	GET /favicon.ico HTTP/1.1 Host: cran.r-project.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 00:12:10 UTC	249	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 00:12:10 GMT Server: Apache Last-Modified: Sat, 05 Mar 2016 11:15:50 GMT ETag: "1536-52d4b5aa7f5d2" Accept-Ranges: bytes Content-Length: 5430 Connection: close Content-Type: image/vnd.microsoft.icon
2024-04-26 00:12:10 UTC	5430	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bb 5b 09 3f b5 65 21 9a b3 64 20 97 b7 5d 0e 32 00 00 00 00 00 00 00 00 af 5f 18 70 ae 5e 18 97 ab 5d 17 a6 aa 5c 16 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 61 16 60 b7 62 19 ff b6 61 18 ff b6 5f 15 43 00 00 00 00 a9 6c 39 0d b1 Data Ascii: h& ( [?e!d ]2_p^]\6a`ba_Cl9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49719	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:18 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 00:12:18 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=111086 Date: Fri, 26 Apr 2024 00:12:18 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49720	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:19 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 00:12:19 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=111089 Date: Fri, 26 Apr 2024 00:12:19 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 00:12:19 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49721	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:20 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SpWl3vGk25hxLcD&MD=At+ws7Ev HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 00:12:20 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 05984bd9-b5f2-45a4-977c-9d7178285482 MS-RequestId: 9917f2d3-359b-442c-aa82-55c1125ecac8 MS-CV: 453/QA3rkkWfYnhq.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 00:12:19 GMT Connection: close Content-Length: 24490
2024-04-26 00:12:20 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-26 00:12:20 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.16	49722	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 00:12:57 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SpWl3vGk25hxLcD&MD=At+ws7Ev HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 00:12:58 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 79c01b55-5218-4487-adc9-24da158295ec MS-RequestId: d2119628-3091-4005-8f39-cf8032a47adf MS-CV: fpBB9xL/mk6ydt/V.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 00:12:57 GMT Connection: close Content-Length: 25457
2024-04-26 00:12:58 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-26 00:12:58 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 7064, Parent PID: 424

General

Target ID:	0
Start time:	02:12:03
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cran.r-project.org/
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6192, Parent PID: 7064

General

Target ID:	1
Start time:	02:12:03
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,5524907010789509663,17111305810804233055,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://cran.r-project.org/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Windows Analysis Report
https://cran.r-project.org/