Edit tour

Windows Analysis Report
https://myraben.com/link/ShipmentInformation?ShipmentNumber=528234000006530

Overview

General Information

Sample URL:	https://myraben.com/link/ShipmentInformation?ShipmentNumber=528234000006530
Analysis ID:	1311408
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found URL in obfuscated visual basic script code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3252 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

chrome.exe (PID: 5200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1960,i,9941111934938006839,15065013555028939376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

chrome.exe (PID: 3332 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://myraben.com/link/ShipmentInformation?ShipmentNumber=528234000006530 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+070

Source: classification engine

Classification label: clean0.win@18/59@14/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\chrome_BITS_3252_299822034

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1960,i,9941111934938006839,15065013555028939376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://myraben.com/link/ShipmentInformation?ShipmentNumber=528234000006530
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1960,i,9941111934938006839,15065013555028939376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\chrome_BITS_3252_299822034

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Scripting	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Scripting	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://myraben.com/link/ShipmentInformation?ShipmentNumber=528234000006530	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
http://c.circuitbee.com/build/r/schematic-embed.html?id=$1	0%	Avira URL Cloud	safe
http://www.videojug.com/oembed.json	0%	Avira URL Cloud	safe
http://player.ordienetworks.com/flash/fodplayer.swf?	0%	Avira URL Cloud	safe
http://getbootstrap.com)	0%	Avira URL Cloud	safe
http://www.xtranormal.com/xtraplayr/$1/$2	0%	Avira URL Cloud	safe
http://kyruus.com	0%	Avira URL Cloud	safe
http://skitch.com/oembed/?format=json&url=	0%	Avira URL Cloud	safe
http://c.circuitbee.com/build/r/schematic-embed.html?id=$1	0%	Virustotal		Browse
http://www.videojug.com/oembed.json	0%	Virustotal		Browse
http://www.rdio.com/api/oembed/	0%	Avira URL Cloud	safe
http://ljpic.seacrow.com/json/$2$4?jsonp=?	0%	Avira URL Cloud	safe
http://www.xtranormal.com/xtraplayr/$1/$2	0%	Virustotal		Browse
http://www.viddy.com/embed/video/$1	0%	Avira URL Cloud	safe
http://api.minoto-video.com/publishers/.	0%	Avira URL Cloud	safe
http://kyruus.com	0%	Virustotal		Browse
https://www.ponga.com/embedded?id=$1	0%	Avira URL Cloud	safe
http://www.reelapp.com/$1/embed	0%	Avira URL Cloud	safe
http://www.kinomap.com/oembed	0%	Avira URL Cloud	safe
http://skitch.com/oembed/?format=json&url=	0%	Virustotal		Browse
http://tourwrist.com/tour_embed.js	0%	Avira URL Cloud	safe
http://www.yfrog.com/api/oembed	0%	Avira URL Cloud	safe
http://api.aniboom.com/e/$1	0%	Avira URL Cloud	safe
http://www.rdio.com/api/oembed/	0%	Virustotal		Browse
http://vodpod.com/oembed.js	0%	Avira URL Cloud	safe
http://www.kinomap.com/oembed	0%	Virustotal		Browse
http://tourwrist.com/tour_embed.js	0%	Virustotal		Browse
http://www.reelapp.com/$1/embed	0%	Virustotal		Browse
http://api.aniboom.com/e/$1	0%	Virustotal		Browse
http://www.yfrog.com/api/oembed	0%	Virustotal		Browse
http://vodpod.com/oembed.js	1%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
myraben.com	195.68.193.49	true	false	high
accounts.google.com	172.217.13.141	true	false	high
www.google.com	172.217.13.100	true	false	high
clients.l.google.com	172.217.13.174	true	false	high
oftc.myraben.com	195.68.193.49	true	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://oftc.myraben.com/pages/en_GB/Shipment/Shipment_CustomerInfo.page.xml?638296872624383688	false	high
https://oftc.myraben.com/img/RabenTheme$Images$raben_foot.png?638296872624383688	false	high
https://myraben.com/xas/	false	high
https://myraben.com/metamodel.json?638259668588883546	false	high
https://myraben.com/link/ShipmentInformation?ShipmentNumber=528234000006530	false	high
https://oftc.myraben.com/pages/en_GB/Shipment/AnonymousShipment_ReadOnly_New2021.page.xml?638296872624383688	false	high
https://oftc.myraben.com/raben.css?638296872624383688	false	high
https://myraben.com/pages/en_GB/Redirections/Redirect.page.xml?638259668588883546	false	high
https://oftc.myraben.com/favicon.ico	false	high
https://myraben.com/widgets/widgets.js?638259668588883546	false	high
https://oftc.myraben.com/mxclientsystem/mxui/mxui.js?638296872624383688	false	high
https://oftc.myraben.com/widgets/widgets.js?638296872624383688	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
https://oftc.myraben.com/img/Layouts$Images$eta_48.png?638296872624383688	false	high
https://oftc.myraben.com/metamodel.json?638296872624383688	false	high
https://myraben.com/theme.compiled.css?638259668588883546	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://player.youku.com/player.php/sid/$1/v.swf	chromecache_167.1.dr	false		high
http://www.videojug.com/oembed.json	chromecache_167.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://chirb.it/oembed.json	chromecache_167.1.dr	false		high
http://www.xtranormal.com/xtraplayr/$1/$2	chromecache_167.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://api.dailymile.com/oembed	chromecache_167.1.dr	false		high
http://charts.stocktwits.com/production/original_$1.png?	chromecache_167.1.dr	false		high
http://creativecommons.org/licenses/by/3.0/	chromecache_179.1.dr	false		high
http://cdn.pearltrees.com/s/embed/getApp?	chromecache_167.1.dr	false		high
http://bugs.jquery.com/ticket/12282#comment:15	chromecache_167.1.dr, chromecache_139.1.dr	false		high
http://dev.w3.org/csswg/cssom/#resolved-values	chromecache_167.1.dr, chromecache_139.1.dr	false		high
http://www.tudou.com/v/$1/v.swf	chromecache_167.1.dr	false		high
http://twitter.com/fontawesome.	chromecache_179.1.dr	false		high
http://c.circuitbee.com/build/r/schematic-embed.html?id=$1	chromecache_167.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon	chromecache_167.1.dr, chromecache_139.1.dr	false		high
http://julia.readthedocs.org/en/latest/manual/integers-and-floating-point-numbers/	chromecache_167.1.dr	false		high
http://player.ordienetworks.com/flash/fodplayer.swf?	chromecache_167.1.dr	false	Avira URL Cloud: safe	unknown
http://www.zapiks.fr/index.php?action=playerIframe&media_id=$1&autoStart=fals	chromecache_167.1.dr	false		high
http://getbootstrap.com)	chromecache_180.1.dr, chromecache_163.1.dr	false	Avira URL Cloud: safe	low
http://www.mixcloud.com/oembed/	chromecache_167.1.dr	false		high
http://twitter.com/davegandy	chromecache_179.1.dr	false		high
http://www.ustream.tv/oembed	chromecache_167.1.dr	false		high
http://www.youtube.com/oembed	chromecache_167.1.dr	false		high
http://kyruus.com	chromecache_179.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://web.archive.org/web/20160513042710/https://support.office.com/en-us/article/Excel-functions-	chromecache_167.1.dr	false		high
http://mixlr.com/embed/$1?autoplay=ae	chromecache_167.1.dr	false		high
http://skitch.com/oembed/?format=json&url=	chromecache_167.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.scivee.tv/flash/embedCast.swf?	chromecache_167.1.dr	false		high
http://bugs.jquery.com/ticket/12359	chromecache_167.1.dr, chromecache_139.1.dr	false		high
http://static.polldaddy.com/p/$1.js	chromecache_167.1.dr	false		high
http://www.rdio.com/api/oembed/	chromecache_167.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://dotsub.com/services/oembed	chromecache_167.1.dr	false		high
http://media.mtvnservices.com/mgid:moses:video:gametrailers.com:$2	chromecache_167.1.dr	false		high
https://www.circuitlab.com/circuit/$1/screenshot/540x405/	chromecache_167.1.dr	false		high
http://requirejs.org	chromecache_167.1.dr, chromecache_139.1.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=649285	chromecache_167.1.dr, chromecache_139.1.dr	false		high
http://api.dribbble.com/shots/$1?callback=?	chromecache_167.1.dr	false		high
http://ljpic.seacrow.com/json/$2$4?jsonp=?	chromecache_167.1.dr	false	Avira URL Cloud: safe	unknown
http://static.bambuser.com/r/player.swf?vid=$1	chromecache_167.1.dr	false		high
https://api.github.com/repos/$1/$2?callback=?	chromecache_167.1.dr	false		high
http://www.23hq.com/23/oembed	chromecache_167.1.dr	false		high
http://vhx.tv/services/oembed.json	chromecache_167.1.dr	false		high
https://quilljs.com/	chromecache_179.1.dr, chromecache_173.1.dr	false		high
https://www.linkedin.com/cws/member/public_profile?public_profile_url=$1&format=inline&isFramed=true	chromecache_167.1.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_180.1.dr, chromecache_163.1.dr	false		high
http://stackoverflow.com/questions/	chromecache_167.1.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=491668	chromecache_167.1.dr, chromecache_139.1.dr	false		high
http://cacoo.com/oembed.json	chromecache_167.1.dr	false		high
http://videos.sapo.pt/oembed	chromecache_167.1.dr	false		high
http://api.bambuser.com/oembed/iframe.json	chromecache_167.1.dr	false		high
http://www.screenr.com/embed/$1	chromecache_167.1.dr	false		high
http://api.smugmug.com/services/oembed/	chromecache_167.1.dr	false		high
http://www.viddy.com/embed/video/$1	chromecache_167.1.dr	false	Avira URL Cloud: safe	unknown
http://photobucket.com/oembed/	chromecache_167.1.dr	false		high
http://rcm.amazon.com/e/cm?t=_APIKEY_&o=1&p=8&l=as1&asins=$1&ref=qf_br_asin_til&fc1=000000&IS2=1&lt1	chromecache_167.1.dr	false		high
http://cloudup.com/$1?chromeless	chromecache_167.1.dr	false		high
http://speakerdeck.com/oembed.json	chromecache_167.1.dr	false		high
http://jsperf.com/getall-vs-sizzle/2	chromecache_167.1.dr, chromecache_139.1.dr	false		high
https://hertzen.com	chromecache_167.1.dr, chromecache_139.1.dr	false		high
http://jsbin.com/$1/?	chromecache_167.1.dr	false		high
http://api.minoto-video.com/publishers/.	chromecache_167.1.dr	false	Avira URL Cloud: safe	unknown
http://twitgoo.com/show/thumb/$1	chromecache_167.1.dr	false		high
https://bugs.dojotoolkit.org/ticket/9622	chromecache_167.1.dr, chromecache_139.1.dr	false		high
https://github.com/jquery/jquery/pull/557)	chromecache_167.1.dr, chromecache_139.1.dr	false		high
http://jsfiddle.net/$1/embedded/result	chromecache_167.1.dr	false		high
http://huffduffer.com/oembed	chromecache_167.1.dr	false		high
http://roomshare.jp/oembed.json	chromecache_167.1.dr	false		high
https://www.ponga.com/embedded?id=$1	chromecache_167.1.dr	false	Avira URL Cloud: safe	unknown
http://www.reelapp.com/$1/embed	chromecache_167.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.kinomap.com/oembed	chromecache_167.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.twitter.com/1/statuses/oembed.json	chromecache_167.1.dr	false		high
http://www.collegehumor.com/moogaloop/moogaloop.swf?clip_id=$1&use_node_id=true&fullscreen=1	chromecache_167.1.dr	false		high
http://tourwrist.com/tour_embed.js	chromecache_167.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://popplet.com/app/Popplet_Alpha.swf?page_id=$1&em=1	chromecache_167.1.dr	false		high
http://stackoverflow.com/questions/1349404/generate-a-string-of-5-random-characters-in-javascript	chromecache_167.1.dr	false		high
http://www.yfrog.com/api/oembed	chromecache_167.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.ietf.org/rfc/rfc3339.txt)	chromecache_139.1.dr	false		high
http://ckeditor.com/license	chromecache_167.1.dr	false		high
http://pastebin.com/embed_iframe.php?i=$1	chromecache_167.1.dr	false		high
http://api.aniboom.com/e/$1	chromecache_167.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://maps.google.com/maps?t=m&q=$1&output=embed	chromecache_167.1.dr	false		high
http://bugs.jquery.com/ticket/13378	chromecache_167.1.dr, chromecache_139.1.dr	false		high
http://jsfiddle.net/yHPTv/577/	chromecache_139.1.dr	false		high
http://jsperf.com/thor-indexof-vs-for/5	chromecache_167.1.dr, chromecache_139.1.dr	false		high
http://vodpod.com/oembed.js	chromecache_167.1.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
195.68.193.49	myraben.com	Poland	29023	RABEN-ASPL	false
172.217.13.100	www.google.com	United States	15169	GOOGLEUS	false
172.217.13.174	clients.l.google.com	United States	15169	GOOGLEUS	false
172.217.13.141	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1311408
Start date and time:	2023-09-20 10:24:38 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 25s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://myraben.com/link/ShipmentInformation?ShipmentNumber=528234000006530
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@18/59@14/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
TCP Packets have been reduced to 100
Excluded IPs from analysis (whitelisted): 172.217.13.99, 34.104.35.123, 172.217.13.106, 172.217.13.163, 172.217.13.202, 172.217.13.138, 172.217.13.170, 172.217.13.195
Excluded domains from analysis (whitelisted): www.bing.com, geover.prod.do.dsp.mp.microsoft.com, fonts.googleapis.com, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, content-autofill.googleapis.com, fonts.gstatic.com, tse1.mm.bing.net, clientservices.googleapis.com, arc.msn.com, kv601.prod.do.dsp.mp.microsoft.com, edgedl.me.gvt1.com, update.googleapis.com, displaycatalog.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (30127)
Category:	downloaded
Size (bytes):	1325393
Entropy (8bit):	5.407145158503497
Encrypted:	false
SSDEEP:	24576:6kEKxljl69Hadpevbseuyh26imZiuVtTxljl69Hadpevbsqu3ald:6kEKxljl69Hadpevbseuyh26iWiuVtTC
MD5:	0E34F67E18FF97A5213EF2246CCD621D
SHA1:	A8607956BFE498CBB45D2FDE2F4D416100B3BA6B
SHA-256:	8772EF2D064CAC46379412544B344D45B86E36D26AD9DDCDFF51ABB962DA12E9
SHA-512:	FDE76092ED8092EEAF5D45DBF39BCD7F18F3105E144392204B508DE5207118AE604334D108E8104E55FDA5E677B7F6B543722AD8B9A8146150EEB499F33C8889
Malicious:	false
Reputation:	low
URL:	https://oftc.myraben.com/widgets/widgets.js?638296872624383688
Preview:	require({cache:{.'HTMLSnippet/widget/HTMLSnippet':function(){.define(["dojo/_base/declare","mxui/widget/_WidgetBase","dojo/dom-style","dojo/dom-attr","dojo/dom-construct","dojo/_base/lang","dojo/html","dijit/layout/LinkPane"],function(__WEBPACK_EXTERNAL_MODULE__52__,__WEBPACK_EXTERNAL_MODULE__93__,__WEBPACK_EXTERNAL_MODULE__94__,__WEBPACK_EXTERNAL_MODULE__95__,__WEBPACK_EXTERNAL_MODULE__96__,__WEBPACK_EXTERNAL_MODULE__97__,__WEBPACK_EXTERNAL_MODULE__98__,__WEBPACK_EXTERNAL_MODULE__99__){return function(t){function e(e){for(var n,o,i=e[0],c=e[1],u=0,s=[];u<i.length;u++)o=i[u],Object.prototype.hasOwnProperty.call(r,o)&&r[o]&&s.push(r[o][0]),r[o]=0;for(n in c)Object.prototype.hasOwnProperty.call(c,n)&&(t[n]=c[n]);for(a&&a(e);s.length;)s.shift()()}var n={},r={0:0};function o(e){if(n[e])return n[e].exports;var r=n[e]={i:e,l:!1,exports:{}};return t[e].call(r.exports,r,r.exports,o),r.l=!0,r.exports}o.e=function(t){var e=[],n=r[t];if(0!==n)if(n)e.push(n[2]);else{var i=new Promise(function(e,o)

Source: chromecache_167.1.dr	Binary string: http://www.youtube.com/oembed',{useyql:'json'}), - obfuscation quality: 5
Source: chromecache_167.1.dr	Binary string: http://www.veoh.com/swf/webplayer/webplayer.swf?versionafrontend.5.7.0.1337permalinkid$1playervideodetailsembeddedvideoautoplay0idanonymous,{ - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://www.collegehumor.com/moogaloop/moogaloop.swf?clip_id$1use_node_idtruefullscreen1, - obfuscation quality: 5
Source: chromecache_167.1.dr	Binary string: http://static.bambuser.com/r/player.swf?vid$1, - obfuscation quality: 5
Source: chromecache_167.1.dr	Binary string: http://www.twitvid.com/embed.php?guid$1autoplay0, - obfuscation quality: 5
Source: chromecache_167.1.dr	Binary string: http://boxofficebuz.com/embed/$1/$2,{templateregex:[/.boxofficebuz.com/embed/(\w+)/([\w\-*]+)/],embedtag:{tag:'iframe',width:480,height:360}}), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://eplayer.clipsyndicate.com/embed/iframe?pf_id1show_title0va_id$1windows1,{templateregex:[/.www.clipsyndicate.com/video/play/(\w+)/./,/.eplayer.clipsyndicate.com/embed/iframe\?.va_id(\w+)../],embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 6
Source: chromecache_167.1.dr	Binary string: http://www.coub.com/embed/$1?mutedfalseautostartfalseoriginalsizefalsehidetopbarfalsenositebuttonsfalsestartwithhdfalse,{templateregex:[/.coub.com/embed/(\w+)\?./,/.coub.com/view/(\w+).*/],embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 6
Source: chromecache_167.1.dr	Binary string: http://snagplayer.video.dp.discovery.com/$1/snag-it-player.htm?autono,{templateregex:[/.snagplayer.video.dp.discovery/(\w+)./],embedtag:{tag:'iframe',width:480,height:360}}), - obfuscation quality: 5
Source: chromecache_167.1.dr	Binary string: http://www.telly.com/embed.php?guid$1autoplay0,{templateregex:[/.telly.com/embed.php\?guid(\w+)./,/.telly.com/(\w+)./],embedtag:{tag:'iframe',width:480,height:360}}), - obfuscation quality: 6
Source: chromecache_167.1.dr	Binary string: http://www.minilogs.com/e/$1,{templateregex:[/.minilogs.com/e/(\w+)./,/.minilogs.com/(\w+)./],embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://www.viddy.com/embed/video/$1,{templateregex:[/.viddy.com/embed/video/(.)/,/.viddy.com/video/(.)/],embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://www.worldstarhiphop.com/embed/$1,{templateregex:/.worldstarhiphop.com/embed/(\w+)./,embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://www.zapiks.fr/index.php?actionplayeriframemedia_id$1autostartfals,{templateregex:/.zapiks.fr/index.php\?[\w\]media_id(\w+).*/,embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 7
Source: chromecache_167.1.dr	Binary string: http://chirb.it/wp/$1,{templateregex:[/.chirb.it/wp/(\w+)./,/.chirb.it/(\w+)./],embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://www.achewood.com/comic.php?date$1,{templateregex:/.achewood.com/index.php\?date(\w+)./,embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 5
Source: chromecache_167.1.dr	Binary string: http://www.fotokritik.com/embed/$1,{templateregex:[/.fotokritik.com/embed/(\w+)./,/.fotokritik.com/(\w+)./],embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://www.giflike.com/embed/$1,{templateregex:[/.giflike.com/embed/(\w+)./,/.giflike.com/a/(\w+)./],embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://popplet.com/app/popplet_alpha.swf?page_id$1em1, - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://togo.ebay.com/togo/langen-usmodenormalitemid$2query$1 - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://$1.wikipedia.org/w/api.php?actionparsepage$2formatjsonsection0callback?,{ - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://en.wikipedia.org/wiki'); - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://www.imdbapi.com/?i$1callback?, - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://c.circuitbee.com/build/r/schematic-embed.html?id$1, - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://pastebin.com/embed_iframe.php?i$1, - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://api.stackoverflow.com/1.1/questions/$1?bodytruejsonp? - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://www.gravatar.com/avatar/'+q.owner.email_hash+'?s32amp;didenticonamp;rpg></a></div><divclassoembedall-user-details>' - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://public-api.wordpress.com/oembed/1.0/?forjquery-oembed-all), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://www.scribd.com/embeds/$1/content?start_page1view_modelist, - obfuscation quality: 5
Source: chromecache_167.1.dr	Binary string: http://rcm.amazon.com/e/cm?t_apikey_o1p8las1asins$1refqf_br_asin_tilfc1000000is21lt1_blankmamazonlc10000ffbc1000000bg1fffffffifr, - obfuscation quality: 5
Source: chromecache_167.1.dr	Binary string: http://360.io/$1,{templateregex:/.360.io/(\w+)./,embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://on.bubb.li/$1,{templateregex:/.on.bubb.li/(\w+)./,embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://cloudup.com/$1?chromeless,{templateregex:[/.cloudup.com/(\w+)./],embedtag:{tag:'iframe',width:480,height:360}}), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://maps.google.com/maps?tmq$1outputembed,{templateregex:/.google.com/maps/place/([\w\+])/.*/,embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 6
Source: chromecache_167.1.dr	Binary string: http://embed.imajize.com/$1,{templateregex:/.embed.imajize.com/(.)/,embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://www.mapjam.com/$1,{templateregex:/.mapjam.com/(.)/,embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 4
Source: chromecache_167.1.dr	Binary string: http://assets-polarb-com.a.ssl.fastly.net/api/v4/publishers/unknown/embedded_polls/iframe?poll_id$1,{templateregex:/.polarb.com/polls/(\w+)./,embedtag:{tag:'iframe',width:480,height:360},nocache:1}), - obfuscation quality: 5

Source: chromecache_167.1.dr	String found in binary or memory: //new $.fn.oembed.OEmbedProvider("youtube", "video", ["youtube\\.com/watch.+v=[\\w-]+&?", "youtu\\.be/[\\w-]+"], 'http://www.youtube.com/oembed', {useYQL:'json'}), equals www.youtube.com (Youtube)
Source: chromecache_167.1.dr	String found in binary or memory: new $.fn.oembed.OEmbedProvider("facebook", "rich", ["facebook.com/.+"], "https://www.facebook.com/plugins/post/oembed.json"), equals www.facebook.com (Facebook)
Source: chromecache_167.1.dr	String found in binary or memory: new $.fn.oembed.OEmbedProvider("linkedin", "rich", ["linkedin.com/pub/.+"], "https://www.linkedin.com/cws/member/public_profile?public_profile_url=$1&format=inline&isFramed=true", equals www.linkedin.com (Linkedin)
Source: chromecache_167.1.dr	String found in binary or memory: new $.fn.oembed.OEmbedProvider("youtube", "video", ["youtube\\.com/watch.+v=[\\w-]+&?", "youtu\\.be/[\\w-]+", "youtube.com/embed"], '//www.youtube.com/embed/$1?wmode=transparent', { equals www.youtube.com (Youtube)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 20, 2023 10:25:35.927162886 CEST	49715	443	192.168.2.6	172.217.13.174
Sep 20, 2023 10:25:35.927207947 CEST	443	49715	172.217.13.174	192.168.2.6
Sep 20, 2023 10:25:35.927258015 CEST	49715	443	192.168.2.6	172.217.13.174
Sep 20, 2023 10:25:35.928148985 CEST	49715	443	192.168.2.6	172.217.13.174
Sep 20, 2023 10:25:35.928168058 CEST	443	49715	172.217.13.174	192.168.2.6
Sep 20, 2023 10:25:35.930253983 CEST	49716	443	192.168.2.6	172.217.13.141
Sep 20, 2023 10:25:35.930279016 CEST	443	49716	172.217.13.141	192.168.2.6
Sep 20, 2023 10:25:35.930327892 CEST	49716	443	192.168.2.6	172.217.13.141
Sep 20, 2023 10:25:35.930603027 CEST	49716	443	192.168.2.6	172.217.13.141
Sep 20, 2023 10:25:35.930617094 CEST	443	49716	172.217.13.141	192.168.2.6
Sep 20, 2023 10:25:36.169809103 CEST	443	49715	172.217.13.174	192.168.2.6
Sep 20, 2023 10:25:36.170301914 CEST	49715	443	192.168.2.6	172.217.13.174
Sep 20, 2023 10:25:36.170351028 CEST	443	49715	172.217.13.174	192.168.2.6
Sep 20, 2023 10:25:36.170787096 CEST	443	49715	172.217.13.174	192.168.2.6
Sep 20, 2023 10:25:36.170864105 CEST	49715	443	192.168.2.6	172.217.13.174
Sep 20, 2023 10:25:36.171844959 CEST	443	49715	172.217.13.174	192.168.2.6
Sep 20, 2023 10:25:36.171921015 CEST	49715	443	192.168.2.6	172.217.13.174
Sep 20, 2023 10:25:36.173922062 CEST	49715	443	192.168.2.6	172.217.13.174
Sep 20, 2023 10:25:36.174014091 CEST	443	49715	172.217.13.174	192.168.2.6
Sep 20, 2023 10:25:36.174187899 CEST	49715	443	192.168.2.6	172.217.13.174
Sep 20, 2023 10:25:36.174207926 CEST	443	49715	172.217.13.174	192.168.2.6
Sep 20, 2023 10:25:36.177881002 CEST	443	49716	172.217.13.141	192.168.2.6
Sep 20, 2023 10:25:36.178122044 CEST	49716	443	192.168.2.6	172.217.13.141
Sep 20, 2023 10:25:36.178145885 CEST	443	49716	172.217.13.141	192.168.2.6
Sep 20, 2023 10:25:36.179569960 CEST	443	49716	172.217.13.141	192.168.2.6
Sep 20, 2023 10:25:36.179646015 CEST	49716	443	192.168.2.6	172.217.13.141
Sep 20, 2023 10:25:36.180497885 CEST	49716	443	192.168.2.6	172.217.13.141
Sep 20, 2023 10:25:36.180581093 CEST	443	49716	172.217.13.141	192.168.2.6
Sep 20, 2023 10:25:36.180644989 CEST	49716	443	192.168.2.6	172.217.13.141
Sep 20, 2023 10:25:36.180684090 CEST	443	49716	172.217.13.141	192.168.2.6
Sep 20, 2023 10:25:36.214076042 CEST	49715	443	192.168.2.6	172.217.13.174
Sep 20, 2023 10:25:36.229549885 CEST	49716	443	192.168.2.6	172.217.13.141
Sep 20, 2023 10:25:36.398848057 CEST	443	49715	172.217.13.174	192.168.2.6
Sep 20, 2023 10:25:36.399003983 CEST	443	49715	172.217.13.174	192.168.2.6
Sep 20, 2023 10:25:36.399180889 CEST	49715	443	192.168.2.6	172.217.13.174
Sep 20, 2023 10:25:36.399863958 CEST	49715	443	192.168.2.6	172.217.13.174
Sep 20, 2023 10:25:36.399885893 CEST	443	49715	172.217.13.174	192.168.2.6
Sep 20, 2023 10:25:36.422072887 CEST	443	49716	172.217.13.141	192.168.2.6
Sep 20, 2023 10:25:36.422445059 CEST	443	49716	172.217.13.141	192.168.2.6
Sep 20, 2023 10:25:36.422513008 CEST	49716	443	192.168.2.6	172.217.13.141
Sep 20, 2023 10:25:36.423266888 CEST	49716	443	192.168.2.6	172.217.13.141
Sep 20, 2023 10:25:36.423288107 CEST	443	49716	172.217.13.141	192.168.2.6
Sep 20, 2023 10:25:37.456537962 CEST	49717	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.456577063 CEST	443	49717	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.456686974 CEST	49717	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.457097054 CEST	49717	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.457108974 CEST	443	49717	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.476259947 CEST	49718	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.476317883 CEST	443	49718	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.476402044 CEST	49718	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.476831913 CEST	49718	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.476846933 CEST	443	49718	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.841515064 CEST	443	49717	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.841960907 CEST	49717	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.841991901 CEST	443	49717	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.843074083 CEST	443	49717	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.843161106 CEST	49717	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.845196962 CEST	49717	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.845266104 CEST	443	49717	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.845664024 CEST	49717	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.845674038 CEST	443	49717	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.852389097 CEST	443	49718	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.852863073 CEST	49718	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.852927923 CEST	443	49718	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.854372978 CEST	443	49718	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.854450941 CEST	49718	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.854974985 CEST	49718	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.855061054 CEST	443	49718	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.886682987 CEST	49717	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.896584988 CEST	49718	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:37.896642923 CEST	443	49718	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:37.937576056 CEST	49718	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.343586922 CEST	443	49717	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.343924046 CEST	443	49717	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.344001055 CEST	49717	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.347784042 CEST	49717	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.347807884 CEST	443	49717	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.351052046 CEST	49718	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.396660089 CEST	443	49718	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.549504995 CEST	443	49718	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.549540043 CEST	443	49718	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.549644947 CEST	49718	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.549654007 CEST	443	49718	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.549700022 CEST	49718	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.550791025 CEST	49718	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.550818920 CEST	443	49718	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.831772089 CEST	49719	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.831814051 CEST	443	49719	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.831901073 CEST	49719	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.832793951 CEST	49719	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.832807064 CEST	443	49719	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.889882088 CEST	49720	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.889910936 CEST	443	49720	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.890013933 CEST	49720	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.891741991 CEST	49721	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.891788960 CEST	443	49721	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.891844034 CEST	49721	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.892913103 CEST	49722	443	192.168.2.6	195.68.193.49
Sep 20, 2023 10:25:38.892956972 CEST	443	49722	195.68.193.49	192.168.2.6
Sep 20, 2023 10:25:38.893013000 CEST	49722	443	192.168.2.6	195.68.193.49

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 20, 2023 10:25:35.824551105 CEST	59094	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:35.824771881 CEST	54394	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:35.824987888 CEST	51984	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:35.825181007 CEST	54723	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:35.920932055 CEST	53	59094	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:35.921432018 CEST	53	51984	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:35.924645901 CEST	53	54723	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:35.924773932 CEST	53	57990	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:35.929918051 CEST	53	54394	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:36.612591028 CEST	53	56010	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:37.141892910 CEST	53807	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:37.142146111 CEST	58037	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:37.455219984 CEST	53	58037	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:37.455754995 CEST	53	53807	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:39.874305964 CEST	58173	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:39.874830008 CEST	59491	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:39.965293884 CEST	53	59491	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:39.971236944 CEST	53	58173	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:39.996695995 CEST	53	54709	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:40.626343012 CEST	53	51694	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:41.810617924 CEST	52828	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:41.810868979 CEST	64143	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:42.118769884 CEST	53	52828	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:42.125447035 CEST	53	64143	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:50.257131100 CEST	56923	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:50.257389069 CEST	53976	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:50.464992046 CEST	53	53976	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:50.571693897 CEST	53	56923	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:53.601269007 CEST	53	61493	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:56.401720047 CEST	61483	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:56.402086973 CEST	49186	53	192.168.2.6	8.8.8.8
Sep 20, 2023 10:25:56.499005079 CEST	53	61483	8.8.8.8	192.168.2.6
Sep 20, 2023 10:25:56.609927893 CEST	53	49186	8.8.8.8	192.168.2.6
Sep 20, 2023 10:26:00.695329905 CEST	53	63092	8.8.8.8	192.168.2.6
Sep 20, 2023 10:26:04.178263903 CEST	53	61208	8.8.8.8	192.168.2.6
Sep 20, 2023 10:26:11.094794035 CEST	53	62290	8.8.8.8	192.168.2.6
Sep 20, 2023 10:26:30.080504894 CEST	53	59314	8.8.8.8	192.168.2.6
Sep 20, 2023 10:26:35.273077965 CEST	53	54433	8.8.8.8	192.168.2.6

Target ID:	0
Start time:	10:25:32
Start date:	20/09/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff6fc6b0000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	10:25:33
Start date:	20/09/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1960,i,9941111934938006839,15065013555028939376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6fc6b0000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	10:25:35
Start date:	20/09/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://myraben.com/link/ShipmentInformation?ShipmentNumber=528234000006530
Imagebase:	0x7ff6fc6b0000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (695), with no line terminators
Category:	dropped
Size (bytes):	698
Entropy (8bit):	5.221024950253452
Encrypted:	false
SSDEEP:	12:MM3i+mB7JhV2diUlUY8CbjKCdhz5RH04pXVlq+7B:p5mB7JT2diUlUY8ChJ5x2+
MD5:	34AEF68E52CAF0B090621FD52A33C386
SHA1:	1D7BEAE1524AF0714831E2189CD6BBCCE2936C71
SHA-256:	5D062DE34C187E1845FC6FF87682BF982D0EE81893AB7AD32EEE8FB701181737
SHA-512:	7BE4B2B08C42AE9E1A38C280AC459E5207B3A5CA46528325501AA5C950097656DE4E845472E212C89CFE89162F3FCA1B7B7AE520FE48C31515EE505F74685A14
Malicious:	false
Reputation:	low
Preview:	.<?xml version='1.0' encoding='utf-8'?><m:layout id='9d237089-7db6-4264-bc21-f7393e210a50' xmlns='http://www.w3.org/1999/xhtml' xmlns:m='http://schemas.mendix.com/forms/1.0'><m:arguments><m:argument><div data-mendix-id='212.Layouts.EmptyLayout.scrollContainer1' data-mendix-type='mxui.widget.HorizontalScrollContainer' data-mendix-props='"fixed":true,"config":[{"position":"center"}]' class='mx-scrollcontainer mx-scrollcontainer-horizontal mx-scrollcontainer-fixed'><div class='mx-scrollcontainer-center '><div class='mx-scrollcontainer-wrapper'><div data-mx-placeholder='b95c42fc-fd0b-4b80-a145-f64c793bf57d' class='mx-placeholder'></div></div></div></div></m:argument></m:arguments></m:layout>

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	5306
Entropy (8bit):	3.923089810879598
Encrypted:	false
SSDEEP:	96:3oB+aUqUb/DUqNHD8arXla4CGGuqqQpu4ggrKopoknSmgygfo0gJNw/Fq:YBQDTYaRhPGu1LUr/69mgy+o0gziq
MD5:	1B180AC08092E501147A6D05A57DC09C
SHA1:	D7F06B5D4DE4D6284701379908F9486AC525C3EA
SHA-256:	62F30CD0F264A0B0BFCA7664FB6D74501BD585FE37F3ABB49C7A1A18695657FD
SHA-512:	C8054CA2C16C46B454067343532A9233F63FBC060321A3F8C68BE79FC6262CBEDE867126BC76AD52F201B9B60FA75A7D8D77826F7618ACF7077864B417EA43C0
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="273" height="60" viewBox="0 0 273 60"><g fill="#DF0020" fill-rule="nonzero"><path d="M54.3419675 56.0508151c-.3368304-.7894481-.4491072-2.3683443-.4491072-4.3983537v-4.6239103c0-4.3983537-.5613839-7.5561461-1.571875-9.8117121-1.0104912-2.1427877-3.817411-4.1727971-8.3084827-5.9772499 2.9191966-.7894481 5.2770093-2.255566 7.1857147-4.7366886 1.7964287-2.4811226 2.694643-5.638915 2.694643-9.6989338 0-5.1878018-1.4595983-9.13504231-4.3787949-11.7289432C45.5843777 1.6916745 38.5109398 0 28.5183053 0H0v58.9830508h19.1993315V38.4574003h2.9191966c2.2455358 0 4.1542413.1127783 5.5015628.2255566h.2245536c1.4595983.1127783 2.8069198.3383349 3.9296877.6766698 2.2455359.7894481 3.3683038 3.9472405 3.7051342 9.3605989.2245536 5.5261367.561384 8.9094856 1.0104911 10.2628252h19.5361619v-1.6916745c-.8982143.1127783-1.4595983-.4511132-1.6841519-1.2405612M34.4689753 23.683443c-1.3473215 1.2405613-3.5928574 1.8044528-6.8488844 1.8044528H19.1993315V13.7589526

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	4692
Entropy (8bit):	5.340678966702
Encrypted:	false
SSDEEP:	96:cWOEaPOEaMVc+oyOEaDNcWOXaAfOXaAdVc+oyOXaAWNcWOpaAvOpaAtVc+oyOpam:chY2yayi0hMIoEP8+hL9w
MD5:	B323E214D02FFE050449A63DCF8AC1AE
SHA1:	F7D2E5B82B22EC52A58249F939EDF8FC6472D317
SHA-256:	4273DED0458481F8F0635E8973F625739021A3EBB26C37B7511D7B2AC5F30204
SHA-512:	D9899464B93308D5E1ADCAEE9A020A587D5B8ABB8721758C3344034D95A5BAC7FB1C19B81BD10153C258741C76A2EA523609EBF826DD3B057CBB342B93E34DF0
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;700;900&display=swap
Preview:	/* vietnamese /.@font-face {. font-family: 'Barlow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_A8s52Hs.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./ latin-ext /.@font-face {. font-family: 'Barlow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_Ass52Hs.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin */.@font-face {. font-family: 'Barlow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2) format('woff2');. unicode-range: U+0000-00FF, U+013

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1395
Entropy (8bit):	4.984073487320348
Encrypted:	false
SSDEEP:	24:1pwmvN0Wz6Mn3HcQtyCiyneoabkcSMlIkOjl9MZFvqM5FmcweMShQyj:1/N0OMAO/3YzMlIk0MZFiM+PShQ6
MD5:	DC4D1D67E7D66F8CB7E01F62EF67590A
SHA1:	242FA081809F759964040957DE552D7EDE164739
SHA-256:	096E00B5E12EF841A0C39A96039BACDD360F44CF9015C757F8FC4FFDD85348B1
SHA-512:	CB584307D84D2ADB4A65BBE3A32E765ECC764224B5FE6AD2C0D2CD60C48841361F710827C5BA7312F4C559035E6EAF5FE92E2560B1AFF84E3264640657E8E20C
Malicious:	false
Reputation:	low
URL:	https://myraben.com/app.css?638259668588883546
Preview:	.flexSameWidth {display: flex; flex-wrap: wrap;}...appsAccessBox {flex-grow: 1; color: #fff; margin-right: 15px ; max-width: 15%;}...appsAccessBox:last-child {margin: 0;}...appsAccessBox input, .appsAccessBox .appBox .form-control-static {position: absolute !important; right: 10px !important; top:14px !important; }...appsAccessBox .form-group {margin:0}...appsAccessBox .appBox {margin: 0;}...appsAccessBox .appBox label {margin: 0; padding: 4px 0;}...appsAccessBox .disabled {opacity: 0.6;}...appsAccessBox .appBox::before {background-color: #f7f7f7 !important;}...appsAccessBox .appBox .form-control-static {border:0; padding: 0; color: #fff;}...appDashboard .appBox::before {background-size: 60px auto !important; width: 70px; height: 60px; background-color: #f7f7f7; }...appDashboard .appBox {padding:10px 10px 10px 90px; line-height: 15px; max-height: 60px; overflow: hidden; white-space: nowrap;}...appDashboard .mx-templategrid-item {background: none; border: 0; padding: 0; display: block;}

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://myraben.com/link/ShipmentInformation?ShipmentNumber=528234000006530

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Windows Analysis Report
https://myraben.com/link/ShipmentInformation?ShipmentNumber=528234000006530